Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gateway NE56R notebook very slow to boot and do everything


  • This topic is locked This topic is locked
49 replies to this topic

#1 Terri13th

Terri13th

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 24 April 2016 - 08:20 AM

I'm trying to help my sister whose notebook has slowed down to a crawl. Have cleaned out some problems w/Adwcleaner, but still slow, so I suspect more issues. IE in particular is very slow to come up, altho it did improve when I removed AVG secure search(AVG web tune-up). Also she was one of the unfortunates whose computer was hijacked by m-soft and another part of the slowness was the downloading of Windows 10, which I removed and hopefully prevented happening again, using Outsider's GWX utility.
Could someone look thru the FRST scan results and guide me further in my quest to clean this mess up? You guys have helped me immensely in the past. Thanks, Terri
 
 
p.s.Just encountered copy/paste problem in Notepad, and can't do it, so sending both Farbar files as attachments. I don't want to hold up my turn for help by trying to fix this copy/paste issue first, so hope that's ok.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Mary (administrator) on MARY-PC (24-04-2016 08:04:39)
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(UltimateOutsider) C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12343400 2011-12-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2821936 2012-03-07] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Power Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [OOTag] => C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM\...\Run: [GwxControlPanelMonitor] => C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe [4596296 2016-04-02] (UltimateOutsider)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe [289816 2012-01-05] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] => C:\Program Files (x86)\Gateway\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-459464201-4007533415-338245963-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-459464201-4007533415-338245963-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-459464201-4007533415-338245963-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-459464201-4007533415-338245963-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Gateway.scr [450048 2011-09-12] ()
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-06-22]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 4.2.2.2
Tcpip\..\Interfaces\{37EE0D70-BCEC-4C5E-8EB1-6D35C9EF2A53}: [DhcpNameServer] 192.168.1.1 4.2.2.2
Tcpip\..\Interfaces\{BCA16523-F134-4F4C-8381-388FBAC2E0F0}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-16] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-03-16] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-03-16] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-21] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-04-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-459464201-4007533415-338245963-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mary\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-27] (Citrix Online)

Chrome:
=======
CHR Profile: C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05]
CHR Extension: (YouTube) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
S3 DCDhcpService; C:\Program Files (x86)\Gateway\WDAgent\DCDhcpService.exe [111776 2012-01-18] (Atheros Communication Inc.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [256536 2012-01-05] (NTI Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 USTSScheduler; "C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [302000 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 08:04 - 2016-04-24 08:05 - 00018936 _____ C:\Users\Mary\Desktop\FRST.txt
2016-04-24 07:54 - 2016-04-24 08:04 - 00000000 ____D C:\FRST
2016-04-23 23:46 - 2016-04-23 23:46 - 02375680 _____ (Farbar) C:\Users\Mary\Desktop\FRST64.exe
2016-04-23 23:43 - 2016-04-23 23:43 - 00000262 _____ C:\Users\Mary\Desktop\How to Calibrate Your Laptop’s Battery For Accurate Battery Life Estimates.url
2016-04-23 23:39 - 2016-04-23 23:39 - 00000217 _____ C:\Users\Mary\Desktop\Gateway Support - Answers, E-Mail, Chat - Live Chat.url
2016-04-23 23:18 - 2016-04-23 23:18 - 03807471 _____ C:\Users\Mary\Desktop\User Manual_Gateway_1.0_A_A.zip
2016-04-22 21:53 - 2016-04-22 21:53 - 00448512 _____ (OldTimer Tools) C:\Users\Mary\Desktop\TFC.exe
2016-04-22 21:48 - 2016-04-22 21:48 - 00005350 _____ C:\Users\Mary\Desktop\AdwCleaner[C1] report aft removal of bad stuff.txt
2016-04-22 21:20 - 2016-04-22 22:01 - 00000000 ____D C:\AdwCleaner
2016-04-22 20:57 - 2016-04-22 20:57 - 00000000 ___HD C:\OneDriveTemp
2016-04-22 18:21 - 2016-04-22 18:22 - 03683904 _____ C:\Users\Mary\Desktop\adwcleaner_5.112.exe
2016-04-22 18:06 - 2016-04-22 18:06 - 00003312 _____ C:\Users\Mary\Desktop\Eset found threats.txt
2016-04-22 15:57 - 2016-04-22 15:57 - 00000249 _____ C:\Users\Mary\Desktop\How to monitor the temperature in laptop - All Other Applications.url
2016-04-22 14:07 - 2016-04-22 14:07 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-22 13:50 - 2016-04-22 13:50 - 00000937 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-04-22 13:50 - 2016-04-22 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-04-22 13:50 - 2016-04-22 13:50 - 00000000 ____D C:\Program Files\CPUID
2016-04-21 12:02 - 2016-03-06 14:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-21 12:02 - 2016-03-06 14:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-21 12:02 - 2016-03-06 14:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-21 12:02 - 2016-03-06 14:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-21 10:47 - 2016-02-02 14:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-21 10:38 - 2016-03-17 19:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-21 10:38 - 2016-03-17 19:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-21 10:38 - 2016-03-17 19:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-21 10:38 - 2016-03-17 19:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-21 10:38 - 2016-03-17 19:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-21 10:38 - 2016-03-17 19:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-21 10:38 - 2016-03-17 18:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-21 10:38 - 2016-03-17 18:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-21 10:38 - 2016-03-17 18:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-21 10:38 - 2016-03-17 18:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-21 10:38 - 2016-03-17 18:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-21 10:38 - 2016-03-17 18:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-21 10:38 - 2016-03-17 18:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-21 10:38 - 2016-03-17 18:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-21 10:38 - 2016-03-17 18:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-21 10:38 - 2016-03-17 18:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-21 10:38 - 2016-03-17 18:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-21 10:38 - 2016-03-17 18:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-21 10:38 - 2016-03-17 18:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-21 10:38 - 2016-03-17 18:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-21 10:38 - 2016-03-17 18:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-21 10:38 - 2016-03-17 18:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-21 10:38 - 2016-03-17 18:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-21 10:38 - 2016-03-17 18:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-21 10:38 - 2016-03-17 18:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-21 10:38 - 2016-03-17 18:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-21 10:38 - 2016-03-17 18:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-21 10:38 - 2016-03-17 18:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-21 10:38 - 2016-03-17 18:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-21 10:38 - 2016-03-17 18:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-21 10:38 - 2016-03-17 18:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-21 10:38 - 2016-03-17 18:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-21 10:38 - 2016-03-17 18:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-21 10:38 - 2016-03-17 18:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-21 10:38 - 2016-03-17 18:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-21 10:38 - 2016-03-17 18:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-21 10:38 - 2016-03-17 18:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-21 10:38 - 2016-03-17 18:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-21 10:38 - 2016-03-17 18:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-21 10:38 - 2016-03-17 18:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-21 10:38 - 2016-03-17 18:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-21 10:38 - 2016-03-17 18:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-21 10:38 - 2016-03-17 18:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 18:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 17:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-21 10:38 - 2016-03-17 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-21 10:38 - 2016-03-17 17:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-21 10:38 - 2016-03-17 17:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-21 10:38 - 2016-03-17 17:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-21 10:38 - 2016-03-17 17:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-21 10:38 - 2016-03-17 17:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-21 10:38 - 2016-03-17 17:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-21 10:38 - 2016-03-17 17:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-21 10:38 - 2016-03-17 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-21 10:38 - 2016-03-17 17:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-21 10:38 - 2016-03-17 17:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-21 10:38 - 2016-03-17 17:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-21 10:38 - 2016-03-17 17:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-21 10:38 - 2016-03-17 17:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-21 10:38 - 2016-03-17 17:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-21 10:38 - 2016-03-17 17:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-21 10:38 - 2016-03-17 17:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 17:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 17:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-21 10:38 - 2016-03-17 17:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-21 10:37 - 2016-04-21 10:37 - 19924672 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-04-21 10:37 - 2016-03-16 14:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-21 10:37 - 2016-03-16 14:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-21 10:37 - 2016-03-16 14:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-21 10:33 - 2016-04-04 14:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-21 10:33 - 2016-04-04 14:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-21 10:33 - 2016-04-02 09:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-21 10:33 - 2016-03-23 10:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-21 10:33 - 2016-03-17 14:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-21 10:33 - 2016-03-17 14:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-21 10:33 - 2016-03-17 14:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-21 10:33 - 2016-03-17 14:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-21 10:29 - 2016-01-20 20:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-21 10:28 - 2016-03-29 13:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-21 10:28 - 2016-03-15 20:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-21 10:28 - 2016-03-15 20:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-21 10:28 - 2016-03-15 19:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-21 10:27 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-21 10:27 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-21 10:26 - 2016-03-31 15:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-21 10:26 - 2016-03-31 14:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-21 10:26 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-21 10:26 - 2016-03-30 20:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-21 10:26 - 2016-03-30 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-21 10:26 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-21 10:26 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-21 10:26 - 2016-03-30 20:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-21 10:26 - 2016-03-30 20:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-21 10:26 - 2016-03-30 20:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-21 10:26 - 2016-03-30 20:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-21 10:26 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-21 10:26 - 2016-03-30 20:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-21 10:26 - 2016-03-30 20:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-21 10:26 - 2016-03-30 20:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-21 10:26 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-21 10:26 - 2016-03-30 20:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-21 10:26 - 2016-03-30 20:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-21 10:26 - 2016-03-30 20:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-21 10:26 - 2016-03-30 20:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-21 10:26 - 2016-03-30 20:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-21 10:26 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-21 10:26 - 2016-03-30 20:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-21 10:26 - 2016-03-30 20:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-21 10:26 - 2016-03-30 19:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-21 10:26 - 2016-03-30 19:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-21 10:26 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-21 10:26 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-21 10:26 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-21 10:26 - 2016-03-30 19:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-21 10:26 - 2016-03-30 19:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-21 10:26 - 2016-03-30 19:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-21 10:26 - 2016-03-30 19:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-21 10:26 - 2016-03-30 19:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-21 10:26 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-21 10:26 - 2016-03-30 19:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-21 10:26 - 2016-03-30 19:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-21 10:26 - 2016-03-30 19:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-21 10:26 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-21 10:26 - 2016-03-30 19:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-21 10:26 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-21 10:26 - 2016-03-30 19:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-21 10:26 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-21 10:26 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-21 10:26 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-21 10:26 - 2016-03-30 19:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-21 10:26 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-21 10:26 - 2016-03-30 19:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-21 10:26 - 2016-03-30 19:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-21 10:26 - 2016-03-30 19:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-21 10:26 - 2016-03-30 19:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-21 10:26 - 2016-03-30 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-21 10:26 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-21 10:26 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-21 10:26 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-21 10:26 - 2016-03-30 19:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-21 10:26 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-21 10:26 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-21 10:26 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-21 10:26 - 2016-03-30 19:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-21 10:26 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-21 10:26 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-21 10:26 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-21 10:26 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-21 10:26 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-21 10:26 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-21 09:41 - 2016-04-21 09:41 - 00001074 _____ C:\Users\Public\Desktop\GWX Control Panel.lnk
2016-04-21 09:41 - 2016-04-21 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GWX Control Panel
2016-04-21 09:41 - 2016-04-21 09:41 - 00000000 ____D C:\Program Files (x86)\UltimateOutsider
2016-04-21 08:17 - 2016-04-21 08:17 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-04-21 08:17 - 2016-04-21 08:17 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-07 11:36 - 2016-04-07 11:36 - 00000000 ____D C:\Users\Mary\AppData\Local\Simplex Solutions Inc
2016-04-07 11:33 - 2016-04-07 11:36 - 00001167 _____ C:\Users\Public\Desktop\Sync Photos to Storage.lnk
2016-04-07 11:33 - 2016-04-07 11:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sync Photos to Storage
2016-04-07 11:33 - 2016-04-07 11:36 - 00000000 ____D C:\Program Files (x86)\Sync Photos to Storage

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-24 07:58 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 07:58 - 2009-07-14 00:45 - 00024608 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 07:52 - 2012-05-27 22:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-23 21:28 - 2009-07-14 01:13 - 00782744 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-23 21:28 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-23 21:27 - 2013-06-06 16:30 - 00000000 ____D C:\ProgramData\MFAData
2016-04-23 21:24 - 2014-03-28 12:47 - 00000000 ___RD C:\Users\Mary\OneDrive
2016-04-23 21:22 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-22 22:18 - 2014-10-09 17:30 - 00001312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-04-22 22:18 - 2013-06-17 12:58 - 00001381 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-04-22 22:18 - 2012-05-27 22:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-04-22 21:43 - 2013-06-22 21:13 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Yahoo!
2016-04-22 20:54 - 2012-05-27 22:42 - 00000000 ____D C:\Windows\OEMTemp
2016-04-22 20:13 - 2015-01-13 19:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-22 20:09 - 2015-01-13 19:29 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-22 20:09 - 2015-01-13 19:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-22 14:07 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-22 13:47 - 2015-10-30 16:23 - 00000943 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-04-22 13:47 - 2015-05-03 17:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-04-21 12:30 - 2009-07-14 00:45 - 00438720 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-21 12:25 - 2014-12-10 15:43 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-21 12:14 - 2013-08-14 16:33 - 00000000 ____D C:\Windows\system32\MRT
2016-04-21 12:05 - 2013-06-09 10:48 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-21 10:46 - 2014-03-28 12:23 - 00002122 _____ C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-04-21 10:38 - 2012-05-27 22:47 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-21 10:38 - 2012-05-27 22:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-21 10:38 - 2012-05-27 22:47 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-21 08:38 - 2014-03-28 12:15 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-21 08:33 - 2014-03-28 12:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-04-21 08:17 - 2013-06-06 16:20 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-28 17:13 - 2015-04-04 13:37 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-03-28 17:13 - 2015-04-04 13:37 - 00000000 ___SD C:\Windows\system32\GWX

==================== Files in the root of some directories =======

2014-06-22 14:53 - 2014-06-22 14:53 - 0068113 _____ () C:\Users\Mary\AppData\Local\RAContactHistory.xml
2012-10-25 03:57 - 2012-10-25 04:00 - 0002439 _____ () C:\ProgramData\clear.fiSDK20.log
2012-10-25 03:59 - 2012-10-25 03:59 - 0000032 _____ () C:\ProgramData\PS.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-16 18:15

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Mary (2016-04-24 08:05:57)
Running from C:\Users\Mary\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-06-04 18:39:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-459464201-4007533415-338245963-500 - Administrator - Disabled)
Guest (S-1-5-21-459464201-4007533415-338245963-501 - Limited - Disabled)
Mary (S-1-5-21-459464201-4007533415-338245963-1000 - Administrator - Enabled) => C:\Users\Mary

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AVG (Version: 16.61.7539 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4556 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)
Backup Manager V3 (x32 Version: 3.0.0.100 - NTI Corporation) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom Card Reader Driver Installer (HKLM\...\{4710662C-8204-4334-A977-B1AC9E547819}) (Version: 15.0.7.2 - Broadcom Corporation)
Broadcom NetLink Controller (HKLM\...\{C91DCB72-F5BB-410D-A91A-314F5D1B4284}) (Version: 15.0.7.1 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.00.3006 - Acer Incorporated)
clear.fi SDK - MVP 2 (x32 Version: 2.0.1702 - CyberLink Corp.) Hidden
clear.fi SDK- Movie 2 (x32 Version: 2.0.1707 - CyberLink Corp.) Hidden
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.1720_38230 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_03_F2200_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ETDWare PS/2-X64 10.6.9.9_WHQL (HKLM\...\Elantech) (Version: 10.6.9.9 - ELAN Microelectronic Corp.)
Evernote v. 4.5.2 (HKLM-x32\...\{F77EF646-19EB-11E1-9A9E-984BE15F174E}) (Version: 4.5.2.5866 - Evernote Corp.)
F2200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Gateway Games (HKLM-x32\...\WildTangent gateway Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Gateway MyBackup (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.0.100 - NTI Corporation)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 6.00.3010 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3508 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.04.3506 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0915.2011 - Gateway Incorporated)
Gateway Social Networks (HKLM-x32\...\InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}) (Version: 3.0.4430 - CyberLink Corp.)
Gateway Social Networks (x32 Version: 3.0.4430 - CyberLink Corp.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet F2200 All-In-One Driver Software 13.0 Rel. 3 (HKLM\...\{3690900F-85EA-447F-BAD1-5CA25AA9B627}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Gateway Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 5.1.15 - Gateway)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-459464201-4007533415-338245963-1000\...\OneDriveSetup.exe) (Version: 17.3.6386.0412 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.4.10500.1.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.6.10700.5.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.6.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.6.10600.4.100 - Nero AG)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Qualcomm Atheros Direct Connect (x32 Version: 3.0 - Qualcomm Atheros) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 3.0 - Qualcomm Atheros)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6543 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Sync Photos to Storage version 1.1.2 (HKLM-x32\...\{1D3F451A-3E09-47C8-8C0C-8C804DCE6B7D}_is1) (Version: 1.1.2 - Simplex Solutions Inc.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
US Tech Support Framework (HKLM-x32\...\{4734A746-A503-4B8E-A4FA-7B7C84A18D79}) (Version: 2.1.0.4741 - US Tech Support LLC)
Video Web Camera (HKLM-x32\...\InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}) (Version: 1.5.2108.00 - CyberLink Corp.)
Video Web Camera (x32 Version: 1.5.2108.00 - CyberLink Corp.) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3507 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-459464201-4007533415-338245963-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-459464201-4007533415-338245963-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11C1798B-20DD-4BC3-99B8-72AB612D5621} - System32\Tasks\{24CFE32C-AF1E-4010-BB54-3F772563A785} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {1ED7CB29-E2F2-4EB4-AD24-2A5C09FF1B65} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {1F241166-BDDD-432D-BC04-E75F5E1E6367} - System32\Tasks\{DC7BF31C-588A-49F2-BEC1-BF629D67E063} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {26C9BB89-217A-4B63-AA4C-03A117139EE5} - \DTReg -> No File <==== ATTENTION
Task: {3AF160C9-8CC8-4B7B-81F8-52176D583FF5} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2011-05-20] (CyberLink)
Task: {5AAE066A-1303-4542-B471-E5C3917360AF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-21] (Adobe Systems Incorporated)
Task: {66EE0AD6-83D4-4A37-A202-4F3C9CC18810} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {70103DCE-8E35-4F38-9FF2-77E39FB851C9} - System32\Tasks\{5D5FC735-0343-4FE7-95B8-619AB1ADA477} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {7224817A-DAAB-4966-A989-E337CE9A4DD8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-459464201-4007533415-338245963-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7A9B5B13-E79E-4B3E-85D9-44960E26A61E} - \DTChk -> No File <==== ATTENTION
Task: {7F54634A-CB13-4BF4-BB51-C2A010BAD43C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {9770FD95-DA19-4A97-9F5A-B784A89BEDC0} - System32\Tasks\UALU notificatin => C:\Program Files\Gateway\Gateway Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {AA429CDC-DFAC-4A4D-B7AA-E7758FD30815} - System32\Tasks\{6D071E9D-E23C-459D-88A2-24D1DE075A47} => Chrome.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/en/abandoninstall?page=tsWLM
Task: {BF5FA131-927E-49F0-B6DF-18C4172E9F2C} - System32\Tasks\{6BEA810C-4886-4695-9A14-471230FA4104} => C:\Program Files (x86)\iTunes\iTunes.exe
Task: {C86405B3-E720-47B6-9D08-7FB8A73AE616} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-459464201-4007533415-338245963-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {E02C81F2-3D04-43FA-B206-2E6FE4F81F24} - System32\Tasks\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => pcalua.exe -a D:\setup.exe -d D:\
Task: {E584BFD7-20F2-4193-8C55-F6D589FC4405} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {F166AC9D-5766-4369-BFAA-F266D1E875F1} - System32\Tasks\{0B2BD1C1-3108-45B4-9DCC-049A200EAE53} => C:\Program Files (x86)\iTunes\iTunes.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-04-21 10:46 - 2016-04-21 10:46 - 00959176 _____ () C:\Users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-10-30 14:39 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 12:12 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-05-27 23:05 - 2012-03-26 20:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00465344 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 01081368 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
2012-01-05 17:22 - 2012-01-05 17:22 - 00125464 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
2015-10-13 06:46 - 2015-10-13 06:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-04-21 10:46 - 2016-04-21 10:46 - 00679624 _____ () C:\Users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2015-10-30 16:17 - 2016-04-07 11:25 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-02-26 16:57 - 2016-02-26 16:57 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-02-11 13:31 - 2016-02-11 13:31 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b4aed9b5bac22d4e9008e99e935fe2de\IsdiInterop.ni.dll
2012-05-27 22:23 - 2012-02-01 19:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-10-25 03:47 - 2012-02-07 21:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-459464201-4007533415-338245963-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 4.2.2.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8A3588AF-2855-4CD8-BC19-08F99B128512}] => (Allow) C:\Program Files (x86)\Gateway\WDAgent\DCDhcpService.exe
FirewallRules: [{6DC541BC-E83E-4229-BB81-489E97EF64D4}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{7BC708E9-2AF6-4A12-8711-A332DC4670CC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\DMCDaemon.exe
FirewallRules: [{9D3BAB95-675D-43D8-A8BD-4E6AE4217001}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{903E20C6-924E-458A-9364-6FF42C5125C1}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Media\WindowsUpnpMV.exe
FirewallRules: [{9F785F86-08C4-4549-886B-F81C7B66575A}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{CEEEBC33-797A-4EBA-ADB3-1057700471BC}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\DMCDaemon.exe
FirewallRules: [{C59AE0F0-940E-4B26-A078-3303E8936B6F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{A803C6B2-BC98-4E60-98AF-2BDBE47FFA1E}] => (Allow) C:\Program Files (x86)\Acer\clear.fi Photo\WindowsUpnp.exe
FirewallRules: [{37A1F3A5-3617-45C5-A7FD-332AE76AB558}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\VideoPlayer.exe
FirewallRules: [{5518C7F9-7598-48B0-87EE-A260B068F002}] => (Allow) C:\Program Files (x86)\Acer\clear.fi SDK20\MVP\MusicPlayer.exe
FirewallRules: [{71D81A08-8E77-45D7-9EA0-C844C7179EF9}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{FC124D1E-5283-4FF2-BAC4-E157293DC9EF}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{F5D4775D-A03C-4639-9965-4B5F8A8DFA3F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{6352B62D-F970-4B8C-822B-8F79E7113C4E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{96073057-0F92-40F1-B760-BAEBD007DD83}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{6E16E35D-CB80-486B-8105-B68E2F453BAF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{D8B4BA45-0A83-4D3C-82F0-56E19439118E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{1C843E71-78BC-4A17-91CB-1CD59C4087CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D0DCB19C-062D-482B-B37A-4356B9F200DA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{890DF4DC-9D88-4728-AB9C-BA7ACC8A0961}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{881781CE-ED9C-4726-BA90-F42BEB5F24E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{17CB070C-8F10-44C4-A908-A9D553982DD6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{996F070C-CFC6-4233-A000-6BE233C555F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{E920822C-9046-45C4-98DC-B4A4950846ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{E865933F-70C9-4854-8A27-DAC7DA5DB74D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{C063B0B1-9EBB-4AAF-8E65-6A8577117244}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{C2DE86B0-F5E5-458C-A8FD-75B925DC7CD5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{C72ACF7A-1118-4D04-8BFA-9A345DAE412D}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6E5CFEB9-2381-423E-A6A4-0FE5AA9F4F33}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F9A1FD64-1608-4412-8C2B-2E8CAF6BA82B}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{CB1371EF-10C1-4094-BCE0-CD98232C9EA5}] => (Allow) LPort=2869
FirewallRules: [{09577ECE-2330-407D-97CC-42F344037445}] => (Allow) LPort=1900
FirewallRules: [{30C80446-B652-440B-93BB-1A8AC37FF9B6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{46208037-D0CD-42A2-81B7-D1658FE4F0E4}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{25710843-6B74-4088-9772-B5EC132BF345}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FF490366-9BBA-46C8-982C-F3CF7F764FFE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D4F373F9-4A69-4155-B785-0634B2A73176}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54252723-E4E2-4309-9225-275B63CC3CF3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A63A3CCD-DCFD-4EDA-AB7A-AA25E0EE0FAD}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0FAFC0CF-F699-4713-AA26-1DB4D7C1B275}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{92D941BA-DDA9-414B-BC4C-D7FA9C79EF8F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{122167B2-8305-4097-9021-7B0654BA5759}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{A27C0599-97B5-4CC0-B67C-0B7427C5A3F3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{4B467CEA-F0D7-49EA-8BCD-13DF0913D3D0}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{A3BEDA55-24B1-493A-84EF-DF33F05E9624}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [TCP Query User{5D978BF4-E806-45F1-B2F4-38EAD8D7E49F}C:\program files (x86)\sync photos to storage\sync photos to storage.exe] => (Allow) C:\program files (x86)\sync photos to storage\sync photos to storage.exe
FirewallRules: [UDP Query User{5A2170F2-88AA-4DB1-B8DA-D07ED4F64DC3}C:\program files (x86)\sync photos to storage\sync photos to storage.exe] => (Allow) C:\program files (x86)\sync photos to storage\sync photos to storage.exe
FirewallRules: [{BF2BC37E-0C1F-487B-8C75-E612F7621936}] => (Block) C:\program files (x86)\sync photos to storage\sync photos to storage.exe
FirewallRules: [{1E1B3F72-6E8E-40FA-9798-FBF3EA9CCDFD}] => (Block) C:\program files (x86)\sync photos to storage\sync photos to storage.exe
FirewallRules: [TCP Query User{73991484-AC2E-46BB-BDBE-495D50E2C586}C:\program files (x86)\sync photos to storage\syncphotostostorage.exe] => (Block) C:\program files (x86)\sync photos to storage\syncphotostostorage.exe
FirewallRules: [UDP Query User{FF0EB6E3-FE76-48A4-9EBB-C172ADC1F25F}C:\program files (x86)\sync photos to storage\syncphotostostorage.exe] => (Block) C:\program files (x86)\sync photos to storage\syncphotostostorage.exe
FirewallRules: [{117167CA-2719-4C9A-B2F1-59082E51C64A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{BC52636A-AE5D-4592-83FD-AF49EBD327FB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{6794033B-13FF-4135-89BB-C10E54BE10FA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E6161657-500F-43BE-80B8-D2FDA3ECAE89}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E3B513B7-713B-489D-A841-0A7BF34D77BD}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{D6E42C5F-8384-414D-A4BD-E34A91D02487}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

09-03-2016 13:23:40 Windows Update
28-03-2016 17:12:31 Windows Update
21-04-2016 10:27:23 Windows Update
21-04-2016 12:02:12 Windows Update
22-04-2016 21:01:10 Removed DriverUpdate
22-04-2016 21:02:52 Revo Uninstaller's restore point - DriverUpdate
22-04-2016 21:03:42 Removed DriverUpdate
22-04-2016 21:06:48 Revo Uninstaller's restore point - DriverUpdate
22-04-2016 21:08:38 Revo Uninstaller's restore point - AVG Web TuneUp
22-04-2016 21:13:45 Revo Uninstaller's restore point - AVG Web TuneUp
22-04-2016 21:38:41 b/f adw cleaner fix
22-04-2016 22:14:18 Installed DirectX
22-04-2016 22:15:11 Installed DirectX
22-04-2016 22:15:52 Installed DirectX
24-04-2016 08:01:47 b/f farbar scan

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2016 07:57:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (04/24/2016 07:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 27325931

Error: (04/24/2016 07:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 27325931

Error: (04/24/2016 07:52:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/24/2016 12:17:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4898

Error: (04/24/2016 12:17:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4898

Error: (04/24/2016 12:17:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/23/2016 11:10:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1028

Start Time: 01d19dcf6bc913b7

Termination Time: 60

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (04/23/2016 09:23:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2016 10:45:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15974


System errors:
=============
Error: (04/23/2016 10:49:48 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/23/2016 10:49:48 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/23/2016 09:34:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/23/2016 09:34:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/23/2016 09:34:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/23/2016 09:34:05 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (04/23/2016 09:25:12 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {14286318-B6CF-49A1-81FC-D74AD94902F9}

Error: (04/23/2016 09:23:43 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:
%%1053

Error: (04/23/2016 09:23:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Virtualization Client service failed to start due to the following error:
%%1053

Error: (04/23/2016 09:23:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.


CodeIntegrity:
===================================
Date: 2015-10-15 13:30:40.124
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 13:30:39.781
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 13:30:39.173
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-10-15 13:30:38.798
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-23 09:53:59.743
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-23 09:53:59.650
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-23 09:53:59.369
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 16:10:07.063
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 16:10:06.966
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-09-07 16:10:06.804
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU B820 @ 1.70GHz
Percentage of memory in use: 55%
Total physical RAM: 2908.36 MB
Available physical RAM: 1295.22 MB
Total Virtual: 5814.91 MB
Available Virtual: 3737.8 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:279.99 GB) (Free:207.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1E9AED2F)
Partition 1: (Not Active) - (Size=18 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=280 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 24 April 2016 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:35 PM

Posted 24 April 2016 - 08:32 PM

Greetings Terri and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please tell me how the computer runs in Safe Mode with Networking.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S2 USTSScheduler; "C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe" [X]
Task: {26C9BB89-217A-4B63-AA4C-03A117139EE5} - \DTReg -> No File <==== ATTENTION
Task: {7A9B5B13-E79E-4B3E-85D9-44960E26A61E} - \DTChk -> No File <==== ATTENTION
Task: {E02C81F2-3D04-43FA-B206-2E6FE4F81F24} - System32\Tasks\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => pcalua.exe -a D:\setup.exe -d D:\
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode with Networking?
  • Fixlog
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 25 April 2016 - 11:55 AM

Thanks, Gary--I keep losing my reply, and hope I've done homework correctly, but still having problem using cut/paste from within notebook. Safe mode with networking worked fine, and that's where I ran you fix--hope that was correct?

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Mary (2016-04-25 11:31:08) Run:1
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Safe Mode (with Networking)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S2 USTSScheduler; "C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe" [X]
Task: {26C9BB89-217A-4B63-AA4C-03A117139EE5} - \DTReg -> No File <==== ATTENTION
Task: {7A9B5B13-E79E-4B3E-85D9-44960E26A61E} - \DTChk -> No File <==== ATTENTION
Task: {E02C81F2-3D04-43FA-B206-2E6FE4F81F24} - System32\Tasks\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => pcalua.exe -a D:\setup.exe -d D:\
emptytemp:
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value removed successfully
"HKU\S-1-5-21-459464201-4007533415-338245963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-459464201-4007533415-338245963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-459464201-4007533415-338245963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
USTSScheduler => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26C9BB89-217A-4B63-AA4C-03A117139EE5} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26C9BB89-217A-4B63-AA4C-03A117139EE5} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A9B5B13-E79E-4B3E-85D9-44960E26A61E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9B5B13-E79E-4B3E-85D9-44960E26A61E} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E02C81F2-3D04-43FA-B206-2E6FE4F81F24} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E02C81F2-3D04-43FA-B206-2E6FE4F81F24} => key could not remove. Access Denied.
C:\Windows\System32\Tasks\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => key could not remove. Access Denied.
EmptyTemp: => 294.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 11:32:46 ====

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:35 PM

Posted 25 April 2016 - 01:58 PM

Hi Terri,

Some of the fix didn't get done in Safe Mode because of permissions issues but no big deal.

Did you have problems with copy/paste in Safe Mode?

Please do this.

===================================================

Clean Boot

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • Click the General tab then click Selective Startup
  • Check Load system services
  • Uncheck Load Startup Items
  • Click the Services tab
  • Click to select the Hide All Microsoft Services check box
  • Click Disable All, and then click OK
  • When you are prompted, click Restart and boot into Normal Mode
  • Check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Copy/paste in Safe Mode?
  • How are things in Clean Boot environment?

Edited by Oh My!, 25 April 2016 - 08:13 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 25 April 2016 - 07:40 PM

Hi, Gary, Yes, copy/paste worked in safe mode.

I did notice that about 'permissions' not working in safe mode, which is why I suspected you didn't mean for me to run the fix script in safe mode. Should I run again in normal mode or would that be bad?

In clean boot, the shut down took quite awhile, the screen which says, 'starting windows,' seemed to linger quite long, than the Gateway 'welcome' also stayed up long, but then desktop popped right up. I'm not sure if I could say it started up any faster overall.

I thought IE may have come up faster than before, but when I closed it, and hit on my Bleep Comp shortcut, that took long to come up. BTW, the 'remember password' for log in to this site doesn't work, but not thinking that's related to my problems here.

 I guess we wouldn't expect any difference in cut/paste by just changing start-up, but just for fun, I tried it my normal way, using choices under edit in notepad, and still no joy there. I can cut/paste using control v, which is how I was able to cut/paste fix text.

Not sure what else I can test in 'clean boot' environment?

Messing around on Internet Explorer, and web sites still seem very slow to come up.


Edited by Terri13th, 25 April 2016 - 08:07 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:35 PM

Posted 25 April 2016 - 08:14 PM

Very good Terri, thank you.

Rerun the FRST script after reversing the Clean Boot state. I have some other things for you to do as well.

===================================================

Reversing Clean Boot State
--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msconfig and press Enter
  • If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation
  • In the System Configuration Utility dialog box, click Normal Startup on the General tab
  • Click OK
  • When you are prompted, click Restart
===================================================

Running Combofix in Vista/7

--------------------
  • Please download ComboFix and save it to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Note: If after disabling Combofix warns you an Antivirus program is still running ignore the warning and run Combofix.
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouse click while the program is running or it may stall.
  • Patiently allow the program to run. At times it may appear nothing is happening
  • Copy and paste the report in your reply
  • If Combofix fails to run completely stop and let me know
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 25 April 2016 - 10:31 PM

Ok, Gary, I'm getting weird photo bucket pop ups on this site, even before turning off AVG to run Combofix. And windows security alert prompts when I click on the tool links you sent. TDSS found no threats. Here's Fixlog,  Combofix log,and TDSS report. Will send other next.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Mary (2016-04-25 22:18:55) Run:2
Running from C:\Users\Mary\Desktop
Loaded Profiles: Mary (Available Profiles: Mary)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
SearchScopes: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-459464201-4007533415-338245963-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S2 USTSScheduler; "C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe" [X]
Task: {26C9BB89-217A-4B63-AA4C-03A117139EE5} - \DTReg -> No File <==== ATTENTION
Task: {7A9B5B13-E79E-4B3E-85D9-44960E26A61E} - \DTChk -> No File <==== ATTENTION
Task: {E02C81F2-3D04-43FA-B206-2E6FE4F81F24} - System32\Tasks\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => pcalua.exe -a D:\setup.exe -d D:\
emptytemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value not found.
"HKU\S-1-5-21-459464201-4007533415-338245963-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-459464201-4007533415-338245963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-459464201-4007533415-338245963-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
USTSScheduler => service not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{26C9BB89-217A-4B63-AA4C-03A117139EE5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26C9BB89-217A-4B63-AA4C-03A117139EE5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A9B5B13-E79E-4B3E-85D9-44960E26A61E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A9B5B13-E79E-4B3E-85D9-44960E26A61E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E02C81F2-3D04-43FA-B206-2E6FE4F81F24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E02C81F2-3D04-43FA-B206-2E6FE4F81F24}" => key removed successfully
C:\Windows\System32\Tasks\{429B1077-C7B5-41F5-96EE-4929DA6AAC36} => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{429B1077-C7B5-41F5-96EE-4929DA6AAC36}" => key removed successfully
EmptyTemp: => 7.1 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 22:19:28 ====

 

ComboFix 16-04-22.01 - Mary 04/25/2016  22:40:45.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2908.1269 [GMT -4:00]
Running from: c:\users\Mary\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition *Disabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413}
SP: AVG AntiVirus Free Edition *Disabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mary\GoToAssistDownloadHelper.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2016-03-26 to 2016-04-26  )))))))))))))))))))))))))))))))
.
.
2016-04-26 02:49 . 2016-04-26 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-04-26 01:58 . 2016-04-26 01:58 -------- d-----w- C:\OneDriveTemp
2016-04-24 16:49 . 2016-02-05 18:56 20480 ----a-w- c:\windows\system32\tbs.dll
2016-04-24 16:49 . 2016-02-05 18:54 109568 ----a-w- c:\windows\system32\fveapibase.dll
2016-04-24 16:49 . 2016-02-05 18:53 8192 ----a-w- c:\windows\system32\drivers\en-US\tpm.sys.mui
2016-04-24 16:49 . 2016-02-05 17:33 15360 ----a-w- c:\windows\SysWow64\tbs.dll
2016-04-24 16:49 . 2015-06-03 20:22 257864 ----a-w- c:\windows\SysWow64\wbem\Win32_Tpm.dll
2016-04-24 16:49 . 2015-06-03 20:21 451080 ----a-w- c:\windows\system32\fveapi.dll
2016-04-24 16:49 . 2015-06-03 20:21 312600 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
2016-04-24 11:54 . 2016-04-26 02:24 -------- d-----w- C:\FRST
2016-04-23 02:14 . 2016-04-23 02:14 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d43712121d19d0503\DSETUP.dll
2016-04-23 02:14 . 2016-04-23 02:14 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d43712121d19d0503\DXSETUP.exe
2016-04-23 02:14 . 2016-04-23 02:14 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d43712121d19d0503\dsetup32.dll
2016-04-23 02:14 . 2016-04-23 02:14 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d2b573261d19d0502\DSETUP.dll
2016-04-23 02:14 . 2016-04-23 02:14 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d2b573261d19d0502\DXSETUP.exe
2016-04-23 02:14 . 2016-04-23 02:14 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d2b573261d19d0502\dsetup32.dll
2016-04-23 02:14 . 2016-04-23 02:14 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d0ff75f31d19d0501\DXSETUP.exe
2016-04-23 02:14 . 2016-04-23 02:14 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d0ff75f31d19d0501\DSETUP.dll
2016-04-23 02:14 . 2016-04-23 02:14 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d0ff75f31d19d0501\dsetup32.dll
2016-04-23 01:20 . 2016-04-23 02:01 -------- d-----w- C:\AdwCleaner
2016-04-22 18:07 . 2016-04-22 18:07 -------- d-----w- c:\program files (x86)\ESET
2016-04-22 17:50 . 2016-04-22 17:50 -------- d-----w- c:\program files\CPUID
2016-04-21 16:02 . 2016-03-06 18:53 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-21 16:02 . 2016-03-06 18:53 1885696 ----a-w- c:\windows\system32\msxml3.dll
2016-04-21 16:02 . 2016-03-06 18:38 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2016-04-21 16:02 . 2016-03-06 18:38 1240576 ----a-w- c:\windows\SysWow64\msxml3.dll
2016-04-21 14:47 . 2016-02-02 18:57 511488 ----a-w- c:\windows\system32\rpcss.dll
2016-04-21 14:37 . 2016-04-21 14:37 19924672 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-04-21 14:37 . 2016-03-16 18:50 156672 ----a-w- c:\windows\system32\mtxoci.dll
2016-04-21 14:37 . 2016-03-16 18:28 111616 ----a-w- c:\windows\SysWow64\mtxoci.dll
2016-04-21 14:37 . 2016-03-16 18:28 176128 ----a-w- c:\windows\SysWow64\msorcl32.dll
2016-04-21 14:37 . 2016-03-16 18:27 286720 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaora.dll
2016-04-21 14:33 . 2016-04-04 18:14 38120 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-21 14:33 . 2016-04-02 13:08 1386496 ----a-w- c:\windows\system32\appraiser.dll
2016-04-21 14:33 . 2016-03-17 18:04 698368 ----a-w- c:\windows\system32\generaltel.dll
2016-04-21 14:33 . 2016-04-04 18:02 1169408 ----a-w- c:\windows\system32\aeinv.dll
2016-04-21 14:33 . 2016-03-23 14:02 215040 ----a-w- c:\windows\system32\aepic.dll
2016-04-21 14:33 . 2016-03-17 18:04 499200 ----a-w- c:\windows\system32\devinv.dll
2016-04-21 14:33 . 2016-03-17 18:04 279040 ----a-w- c:\windows\system32\invagent.dll
2016-04-21 14:33 . 2016-03-17 18:04 76800 ----a-w- c:\windows\system32\acmigration.dll
2016-04-21 14:29 . 2016-01-21 00:51 73664 ----a-w- c:\windows\system32\drivers\disk.sys
2016-04-21 14:28 . 2016-03-29 17:53 3216896 ----a-w- c:\windows\system32\win32k.sys
2016-04-21 14:28 . 2016-03-16 00:16 760320 ----a-w- c:\windows\system32\samsrv.dll
2016-04-21 14:28 . 2016-03-16 00:16 106496 ----a-w- c:\windows\system32\samlib.dll
2016-04-21 14:28 . 2016-03-15 23:53 60416 ----a-w- c:\windows\SysWow64\samlib.dll
2016-04-21 14:27 . 2016-03-11 18:57 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-21 14:27 . 2016-03-11 18:35 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2016-04-21 13:41 . 2016-04-21 13:41 -------- d-----w- c:\program files (x86)\UltimateOutsider
2016-04-21 12:17 . 2016-04-21 12:17 -------- d-----w- c:\program files (x86)\Apple Software Update
2016-04-07 15:36 . 2016-04-07 15:36 -------- d-----w- c:\users\Mary\AppData\Local\Simplex Solutions Inc
2016-04-07 15:33 . 2016-04-07 15:36 -------- d-----w- c:\program files (x86)\Sync Photos to Storage
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-04-23 00:13 . 2015-01-13 23:29 192216 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-04-21 16:05 . 2013-06-09 14:48 135176864 ----a-w- c:\windows\system32\MRT.exe
2016-04-21 14:38 . 2012-05-28 02:47 797376 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-04-21 14:38 . 2012-05-28 02:47 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-03-17 22:24 . 2016-04-21 14:38 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2016-03-16 22:43 . 2014-03-28 16:16 642328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-03-10 18:09 . 2015-01-13 23:29 64896 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-03-10 18:08 . 2015-01-13 23:29 140672 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2016-03-10 18:08 . 2015-01-13 23:29 27008 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-03-08 21:12 . 2016-03-08 21:12 71456 ----a-w- c:\windows\system32\drivers\avguniva.sys
2016-03-08 21:12 . 2016-03-08 21:12 306976 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2016-03-07 18:39 . 2016-03-07 18:39 246560 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2016-02-16 20:07 . 2016-02-16 20:07 162592 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2016-02-16 20:05 . 2016-02-16 20:05 360736 ----a-w- c:\windows\system32\drivers\avgloga.sys
2016-02-12 18:52 . 2016-03-09 17:08 98816 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:52 . 2016-03-09 17:08 3169792 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:52 . 2016-03-09 17:08 192512 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:44 . 2016-03-09 17:08 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:39 . 2016-03-09 17:08 174080 ----a-w- c:\windows\SysWow64\wuwebv.dll
2016-02-12 18:22 . 2016-03-09 17:08 2610688 ----a-w- c:\windows\system32\wuaueng.dll
2016-02-12 18:19 . 2016-03-09 17:08 709120 ----a-w- c:\windows\system32\wuapi.dll
2016-02-12 18:18 . 2016-03-09 17:08 37888 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:18 . 2016-03-09 17:08 140288 ----a-w- c:\windows\system32\wuauclt.exe
2016-02-12 18:18 . 2016-03-09 17:08 36864 ----a-w- c:\windows\system32\wups.dll
2016-02-12 18:18 . 2016-03-09 17:08 37888 ----a-w- c:\windows\system32\wups2.dll
2016-02-12 18:18 . 2016-03-09 17:08 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2016-02-12 18:06 . 2016-03-09 17:08 573440 ----a-w- c:\windows\SysWow64\wuapi.dll
2016-02-12 18:05 . 2016-03-09 17:08 93696 ----a-w- c:\windows\SysWow64\wudriver.dll
2016-02-12 18:05 . 2016-03-09 17:08 30208 ----a-w- c:\windows\SysWow64\wups.dll
2016-02-12 18:05 . 2016-03-09 17:08 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2016-02-09 09:57 . 2016-03-09 17:04 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2016-02-09 09:57 . 2016-03-09 17:04 14634496 ----a-w- c:\windows\system32\wmp.dll
2016-02-09 09:56 . 2016-03-09 17:04 5120 ----a-w- c:\windows\system32\msdxm.ocx
2016-02-09 09:56 . 2016-03-09 17:04 5120 ----a-w- c:\windows\system32\dxmasf.dll
2016-02-09 09:55 . 2016-03-09 17:04 30720 ----a-w- c:\windows\system32\seclogon.dll
2016-02-09 09:54 . 2016-03-09 17:04 9728 ----a-w- c:\windows\system32\spwmp.dll
2016-02-09 09:51 . 2016-03-09 17:04 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2016-02-09 09:13 . 2016-03-09 17:04 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx
2016-02-09 09:13 . 2016-03-09 17:04 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll
2016-02-09 09:13 . 2016-03-09 17:04 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2016-02-05 18:54 . 2016-03-09 17:05 41472 ----a-w- c:\windows\system32\lpk.dll
2016-02-05 18:54 . 2016-03-09 17:05 100864 ----a-w- c:\windows\system32\fontsub.dll
2016-02-05 18:53 . 2016-03-09 17:05 14336 ----a-w- c:\windows\system32\dciman32.dll
2016-02-05 18:53 . 2016-03-09 17:05 46080 ----a-w- c:\windows\system32\atmlib.dll
2016-02-05 18:50 . 2016-03-09 17:05 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2016-02-05 18:44 . 2016-03-09 17:05 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2016-02-05 18:42 . 2016-03-09 17:05 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2016-02-05 17:48 . 2016-03-09 17:05 372736 ----a-w- c:\windows\system32\atmfd.dll
2016-02-05 17:43 . 2016-03-09 17:05 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2016-02-05 17:43 . 2016-03-09 17:05 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2016-02-05 01:19 . 2016-03-09 17:05 381440 ----a-w- c:\windows\system32\mfds.dll
2016-02-04 18:41 . 2016-03-09 17:05 296448 ----a-w- c:\windows\SysWow64\mfds.dll
2016-02-03 18:58 . 2016-03-09 17:07 862208 ----a-w- c:\windows\system32\oleaut32.dll
2016-02-03 18:52 . 2016-03-09 17:07 84992 ----a-w- c:\windows\system32\asycfilt.dll
2016-02-03 18:49 . 2016-03-09 17:07 572416 ----a-w- c:\windows\SysWow64\oleaut32.dll
2016-02-03 18:43 . 2016-03-09 17:07 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2016-02-03 18:07 . 2016-03-09 17:08 91648 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-04-21 14:46 1602248 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-04-21 14:46 1602248 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-04-21 14:46 1602248 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-04-21 14:46 1602248 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-04-21 14:46 1602248 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="c:\users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2016-04-21 554176]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2015-10-21 60688]
"iCloudPhotos"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe" [2015-10-21 349968]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2015-10-21 61200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files (x86)\AVG\Av\avuirunnerx.exe" [2016-04-06 32528]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2012-03-23 1105488]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"BackupManagerTray"="c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe" [2012-01-05 289816]
"AvgUi"="c:\program files (x86)\AVG\Framework\Common\avguirnx.exe" [2016-04-14 186640]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-12-17 60688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\Av\avgidsagent.exe;c:\program files (x86)\AVG\Av\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AvgAMPS;AvgAMPS;c:\program files (x86)\AVG\Av\avgamps.exe;c:\program files (x86)\AVG\Av\avgamps.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Gateway\WDAgent\DCDhcpService.exe;c:\program files (x86)\Gateway\WDAgent\DCDhcpService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 Avguniva;AVG Universal Driver;c:\windows\system32\DRIVERS\avguniva.sys;c:\windows\SYSNATIVE\DRIVERS\avguniva.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 avgsvc;AVG Service;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe;c:\program files (x86)\AVG\Framework\Common\avgsvca.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\Av\avgwdsvcx.exe;c:\program files (x86)\AVG\Av\avgwdsvcx.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ    SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2016-04-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 14:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive1]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2016-04-21 14:46 1659080 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive2]
@="{5AB7172C-9C11-405C-8DD5-AF20F3606282}"
[HKEY_CLASSES_ROOT\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}]
2016-04-21 14:46 1659080 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive3]
@="{A78ED123-AB77-406B-9962-2A5D9D2F7F30}"
[HKEY_CLASSES_ROOT\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}]
2016-04-21 14:46 1659080 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive4]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2016-04-21 14:46 1659080 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ OneDrive5]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2016-04-21 14:46 1659080 ----a-w- c:\users\Mary\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-04-21 12:30 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-04-21 12:30 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-04-21 12:30 2348848 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-27 12343400]
"Power Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2012-02-08 1829768]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-23 439064]
"OOTag"="c:\program files (x86)\Gateway\OOBEOffer\ootag.exe" [2010-02-23 13856]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-12-18 170256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-23 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-23 398616]
"GwxControlPanelMonitor"="c:\program files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe" [2016-04-02 4596296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1 4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-BlueStacks Agent - c:\program files (x86)\BlueStacks\HD-Agent.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Coupon Printer for Windows5.0.0.4 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-459464201-4007533415-338245963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-459464201-4007533415-338245963-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_21_0_0_213_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.21"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_21_0_0_213.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-04-25  22:54:01
ComboFix-quarantined-files.txt  2016-04-26 02:54
.
Pre-Run: 222,112,583,680 bytes free
Post-Run: 221,225,668,608 bytes free
.
- - End Of File - - CBA2B91352074C5C2E42AFC1657454CA

 

23:04:38.0482 0x131c  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
23:04:49.0587 0x131c  ============================================================
23:04:49.0587 0x131c  Current date / time: 2016/04/25 23:04:49.0587
23:04:49.0587 0x131c  SystemInfo:
23:04:49.0587 0x131c 
23:04:49.0587 0x131c  OS Version: 6.1.7601 ServicePack: 1.0
23:04:49.0587 0x131c  Product type: Workstation
23:04:49.0587 0x131c  ComputerName: MARY-PC
23:04:49.0587 0x131c  UserName: Mary
23:04:49.0587 0x131c  Windows directory: C:\Windows
23:04:49.0587 0x131c  System windows directory: C:\Windows
23:04:49.0587 0x131c  Running under WOW64
23:04:49.0587 0x131c  Processor architecture: Intel x64
23:04:49.0587 0x131c  Number of processors: 2
23:04:49.0587 0x131c  Page size: 0x1000
23:04:49.0587 0x131c  Boot type: Normal boot
23:04:49.0587 0x131c  ============================================================
23:04:49.0759 0x131c  KLMD registered as C:\Windows\system32\drivers\00750620.sys
23:04:50.0086 0x131c  System UUID: {6CD0D5DD-9153-21CA-7599-B45F5642E16F}
23:04:50.0600 0x131c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:04:50.0615 0x131c  ============================================================
23:04:50.0615 0x131c  \Device\Harddisk0\DR0:
23:04:50.0615 0x131c  MBR partitions:
23:04:50.0615 0x131c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2400800, BlocksNum 0x32000
23:04:50.0615 0x131c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2432800, BlocksNum 0x22FFB800
23:04:50.0615 0x131c  ============================================================
23:04:50.0631 0x131c  C: <-> \Device\Harddisk0\DR0\Partition2
23:04:50.0631 0x131c  ============================================================
23:04:50.0631 0x131c  Initialize success
23:04:50.0631 0x131c  ============================================================
23:05:01.0177 0x0728  ============================================================
23:05:01.0177 0x0728  Scan started
23:05:01.0177 0x0728  Mode: Manual;
23:05:01.0177 0x0728  ============================================================
23:05:01.0177 0x0728  KSN ping started
23:05:24.0443 0x0728  KSN ping finished: true
23:05:25.0196 0x0728  ================ Scan system memory ========================
23:05:25.0196 0x0728  System memory - ok
23:05:25.0196 0x0728  ================ Scan services =============================
23:05:25.0430 0x0728  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:05:25.0445 0x0728  1394ohci - ok
23:05:25.0492 0x0728  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:05:25.0508 0x0728  ACPI - ok
23:05:25.0523 0x0728  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:05:25.0523 0x0728  AcpiPmi - ok
23:05:25.0617 0x0728  [ F2CEEE9ABBCEF207ACB103215AC28BC2, F8F8B8AF6317926D7AC0CA2CA23628B2C69327A2792D58D3328443C5ED9514E9 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:05:25.0617 0x0728  AdobeARMservice - ok
23:05:25.0773 0x0728  [ 28FFB14117CCEDD7D2F124596AA9B785, 8FC482C6444C904B5536979B3354597FD714634EC7372B464118C42AA9DCB58A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:05:25.0804 0x0728  AdobeFlashPlayerUpdateSvc - ok
23:05:25.0882 0x0728  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:05:25.0945 0x0728  adp94xx - ok
23:05:26.0007 0x0728  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:05:26.0038 0x0728  adpahci - ok
23:05:26.0069 0x0728  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:05:26.0085 0x0728  adpu320 - ok
23:05:26.0116 0x0728  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:05:26.0116 0x0728  AeLookupSvc - ok
23:05:26.0210 0x0728  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
23:05:26.0257 0x0728  AFD - ok
23:05:26.0272 0x0728  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:05:26.0288 0x0728  agp440 - ok
23:05:26.0341 0x0728  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:05:26.0345 0x0728  ALG - ok
23:05:26.0363 0x0728  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:05:26.0365 0x0728  aliide - ok
23:05:26.0370 0x0728  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:05:26.0372 0x0728  amdide - ok
23:05:26.0390 0x0728  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:05:26.0393 0x0728  AmdK8 - ok
23:05:26.0413 0x0728  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
23:05:26.0416 0x0728  AmdPPM - ok
23:05:26.0446 0x0728  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:05:26.0451 0x0728  amdsata - ok
23:05:26.0472 0x0728  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:05:26.0479 0x0728  amdsbs - ok
23:05:26.0497 0x0728  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:05:26.0499 0x0728  amdxata - ok
23:05:26.0552 0x0728  [ A9FB80B0BBA6F765F4E691B7AD4963A7, 06BC740AF47ACECEE3707C433357F872EA0D9F2CA1B9FC2489FA3B421A262EF0 ] AppID           C:\Windows\system32\drivers\appid.sys
23:05:26.0555 0x0728  AppID - ok
23:05:26.0574 0x0728  [ C47B6624AF9AEE4146743DCB133A159D, 10D1E6C9F972C3A8CC304F38B0A52818A78D70B4AF71F6E22CE1773397FC2AB4 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:05:26.0574 0x0728  AppIDSvc - ok
23:05:26.0621 0x0728  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
23:05:26.0621 0x0728  Appinfo - ok
23:05:26.0793 0x0728  [ 2D564BB1C4559A517B390A031955714D, 3048C187FD107C958D43DD8B954AB55FDD1BC538D3E0066CBFCB428C7A8A87E1 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:05:26.0793 0x0728  Apple Mobile Device Service - ok
23:05:26.0871 0x0728  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:05:26.0871 0x0728  arc - ok
23:05:26.0886 0x0728  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:05:26.0902 0x0728  arcsas - ok
23:05:27.0027 0x0728  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:05:27.0027 0x0728  aspnet_state - ok
23:05:27.0058 0x0728  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:05:27.0058 0x0728  AsyncMac - ok
23:05:27.0105 0x0728  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:05:27.0105 0x0728  atapi - ok
23:05:27.0276 0x0728  [ 881AF14AD2F1207672873B65ACA6C92F, F91FECE09F1555DFADF8BF1FFE09FE7FD7D87A0BF94439B2FAA070FC7C0CB8EC ] athr            C:\Windows\system32\DRIVERS\athrx.sys
23:05:27.0432 0x0728  athr - ok
23:05:27.0526 0x0728  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:05:27.0557 0x0728  AudioEndpointBuilder - ok
23:05:27.0588 0x0728  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:05:27.0604 0x0728  AudioSrv - ok
23:05:27.0807 0x0728  [ 2D2C15A68FBBF28AEB1E778148070991, D1ED955681744CE3B2BA8818877E2BB3C1EB873821B1E61CC70BFA24D5FD85D0 ] AvgAMPS         C:\Program Files (x86)\AVG\Av\avgamps.exe
23:05:27.0854 0x0728  AvgAMPS - ok
23:05:27.0947 0x0728  [ 3BF8CE64524E6249469F4EE69EBD10F9, B01CE4290235AA487126483B1CA233868605A3765FA47932278558BDE227E62C ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
23:05:27.0963 0x0728  Avgdiska - ok
23:05:28.0228 0x0728  [ 56214DB3F7BC6F897243DD5739A79571, D3A3679FB3D29B9C5E7B138816E9FA1595A5C28A6170885C5E8701A81A87BFFE ] AVGIDSAgent     C:\Program Files (x86)\AVG\Av\avgidsagent.exe
23:05:28.0437 0x0728  AVGIDSAgent - ok
23:05:28.0531 0x0728  [ 96538B0E3BE198B742D73011BC7360FC, 241896706A9B8154E3A302F1B26F56A22A9D987D35EDD1DEC7732871EF09788D ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:05:28.0557 0x0728  AVGIDSDriver - ok
23:05:28.0588 0x0728  [ D54A730B8DA065C33901737446D7C006, 5054DE9BD322D8D794AC69A8F2FA91C6FA0D82CB67047796114DB958AB7A9771 ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
23:05:28.0604 0x0728  AVGIDSHA - ok
23:05:28.0682 0x0728  [ D2E83AA008426FC9408272035E50D40B, 6F3B3385C5E1BDBF29343737C5A72A3C8B671016BC805EC51B4C0728807726E3 ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
23:05:28.0682 0x0728  Avgldx64 - ok
23:05:28.0760 0x0728  [ 301E95F388C93D3C73EE35E3693C6A97, 512BA2905EDCC900B12037701A120EE527A14894BF562610F3CF57A65D20FCD5 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
23:05:28.0791 0x0728  Avgloga - ok
23:05:28.0838 0x0728  [ CDE9B174E5AEE0D324D145F54A8C9DAF, AD41D289560835FB640F2B3CCB5848C93EA995FDE9029A4F7E0FDA0A3382BAB1 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
23:05:28.0853 0x0728  Avgmfx64 - ok
23:05:28.0916 0x0728  [ 392339315A0738429B3C9E92A0F8F995, 3B101C2316DE151D39D88B33B382451C5C05C13FA5A52C4B00C5B7853931680A ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
23:05:28.0916 0x0728  Avgrkx64 - ok
23:05:29.0087 0x0728  [ 78D649EAFCCDC0510ABA6F11B3962755, 9BF74E87645BBA024DAA4CFDC929B22694446D9E4094D0239037F1EC17F9BD38 ] avgsvc          C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
23:05:29.0134 0x0728  avgsvc - ok
23:05:29.0228 0x0728  [ E78505E4A45999570F380EAA87571239, B1A22691ABCA55C68EBCF7C68E34028735B48BB6BDBEED02DA37E03752A7328A ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
23:05:29.0275 0x0728  Avgtdia - ok
23:05:29.0337 0x0728  [ B240F8B92F5210461D0D9784BA832A0A, A10310ECDB80EE746336DA4008B8DB88A470AFC5DEA6147B41E5D07555D71119 ] Avguniva        C:\Windows\system32\DRIVERS\avguniva.sys
23:05:29.0337 0x0728  Avguniva - ok
23:05:29.0446 0x0728  [ DC106E8C0138B667EB4E2B8C0DE01F62, 5A1D0B73B121ABF549C4F74079D1F03C5FBB5B1D3099181E6D26DA9DA29BB367 ] avgwd           C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
23:05:29.0462 0x0728  avgwd - ok
23:05:29.0540 0x0728  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:05:29.0540 0x0728  AxInstSV - ok
23:05:29.0618 0x0728  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:05:29.0649 0x0728  b06bdrv - ok
23:05:29.0680 0x0728  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:05:29.0696 0x0728  b57nd60a - ok
23:05:29.0727 0x0728  [ F9EB252CD589EBB2F77744450F123F60, 04558A7D5447143BFA9B0C958DCFFCF8267510A14D2F77CAAD18744DC526E392 ] b57xdbd         C:\Windows\system32\DRIVERS\b57xdbd.sys
23:05:29.0743 0x0728  b57xdbd - ok
23:05:29.0758 0x0728  [ FFA28D0356212A2DCF304C58E2369494, B8051A5A2C9FD41D71E625A84B8EA570239DD4DA7EB51618104B4FA998024A94 ] b57xdmp         C:\Windows\system32\DRIVERS\b57xdmp.sys
23:05:29.0758 0x0728  b57xdmp - ok
23:05:29.0789 0x0728  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:05:29.0789 0x0728  BDESVC - ok
23:05:29.0805 0x0728  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:05:29.0805 0x0728  Beep - ok
23:05:29.0899 0x0728  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:05:29.0945 0x0728  BFE - ok
23:05:30.0023 0x0728  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
23:05:30.0039 0x0728  BITS - ok
23:05:30.0070 0x0728  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:05:30.0086 0x0728  blbdrive - ok
23:05:30.0195 0x0728  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:05:30.0211 0x0728  Bonjour Service - ok
23:05:30.0242 0x0728  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:05:30.0242 0x0728  bowser - ok
23:05:30.0257 0x0728  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:05:30.0273 0x0728  BrFiltLo - ok
23:05:30.0289 0x0728  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:05:30.0289 0x0728  BrFiltUp - ok
23:05:30.0340 0x0728  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
23:05:30.0347 0x0728  BridgeMP - ok
23:05:30.0397 0x0728  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:05:30.0406 0x0728  Browser - ok
23:05:30.0441 0x0728  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:05:30.0463 0x0728  Brserid - ok
23:05:30.0481 0x0728  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:05:30.0484 0x0728  BrSerWdm - ok
23:05:30.0500 0x0728  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:05:30.0502 0x0728  BrUsbMdm - ok
23:05:30.0509 0x0728  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:05:30.0512 0x0728  BrUsbSer - ok
23:05:30.0556 0x0728  [ 45218A053209DA867A9B334CCAD0AD01, 87709FD719A7BBBC609C9AD805142B5708CCD482F9B8BBD84282C9C4D3332011 ] bScsiMSa        C:\Windows\system32\DRIVERS\bScsiMSa.sys
23:05:30.0560 0x0728  bScsiMSa - ok
23:05:30.0587 0x0728  [ 280E8031E1703CAFF17C7727B74817A5, FF4023AEBC7CFBFDA66E11EA84DDAA98661E316FFDCDF37D1D7A487ED77ACBF2 ] bScsiSDa        C:\Windows\system32\DRIVERS\bScsiSDa.sys
23:05:30.0593 0x0728  bScsiSDa - ok
23:05:30.0617 0x0728  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:05:30.0617 0x0728  BTHMODEM - ok
23:05:30.0648 0x0728  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:05:30.0648 0x0728  bthserv - ok
23:05:30.0695 0x0728  catchme - ok
23:05:30.0726 0x0728  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:05:30.0726 0x0728  cdfs - ok
23:05:30.0773 0x0728  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:05:30.0788 0x0728  cdrom - ok
23:05:30.0820 0x0728  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:05:30.0835 0x0728  CertPropSvc - ok
23:05:30.0851 0x0728  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:05:30.0851 0x0728  circlass - ok
23:05:30.0882 0x0728  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:05:30.0898 0x0728  CLFS - ok
23:05:31.0319 0x0728  [ 4DDC45ACA9EEAB337F6D8E50C87CF1BF, F004079B1E6629E1112190D4F773134EDEC1E2EF17E7181BC1D02A570EB8F1CE ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
23:05:31.0428 0x0728  ClickToRunSvc - ok
23:05:31.0522 0x0728  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:05:31.0522 0x0728  clr_optimization_v2.0.50727_32 - ok
23:05:31.0584 0x0728  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:05:31.0600 0x0728  clr_optimization_v2.0.50727_64 - ok
23:05:31.0709 0x0728  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:05:31.0709 0x0728  clr_optimization_v4.0.30319_32 - ok
23:05:31.0756 0x0728  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:05:31.0771 0x0728  clr_optimization_v4.0.30319_64 - ok
23:05:31.0818 0x0728  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:05:31.0818 0x0728  CmBatt - ok
23:05:31.0849 0x0728  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:05:31.0849 0x0728  cmdide - ok
23:05:31.0974 0x0728  [ CA3FB5A6B626D8A00A89E049CF95954E, CD5E3E40972513195108BA46CEC1D0AEA6B09A67EEBDD17EB759BD1729B07C06 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:05:32.0036 0x0728  CNG - ok
23:05:32.0068 0x0728  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:05:32.0068 0x0728  Compbatt - ok
23:05:32.0099 0x0728  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:05:32.0099 0x0728  CompositeBus - ok
23:05:32.0114 0x0728  COMSysApp - ok
23:05:32.0239 0x0728  [ 2EF1B96EF990B70F13D260F324E4AFA8, F9B8DA895C307B3AB61C982A46436E0DB9F1E360279C759B3D672756D021975C ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
23:05:32.0286 0x0728  cphs - ok
23:05:32.0302 0x0728  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:05:32.0302 0x0728  crcdisk - ok
23:05:32.0360 0x0728  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:05:32.0367 0x0728  CryptSvc - ok
23:05:32.0559 0x0728  [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:05:32.0600 0x0728  cvhsvc - ok
23:05:32.0690 0x0728  [ ED914342CCE2C3D5A7CEC79FC2FA2C0F, 84635F94449645888ED07BD17B9013397B96CA97E1E472BD9912AC847BF4E8DE ] DCDhcpService   C:\Program Files (x86)\Gateway\WDAgent\DCDhcpService.exe
23:05:32.0690 0x0728  DCDhcpService - ok
23:05:32.0783 0x0728  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:05:32.0799 0x0728  DcomLaunch - ok
23:05:32.0846 0x0728  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:05:32.0893 0x0728  defragsvc - ok
23:05:32.0908 0x0728  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:05:32.0908 0x0728  DfsC - ok
23:05:32.0939 0x0728  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:05:32.0939 0x0728  Dhcp - ok
23:05:33.0095 0x0728  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
23:05:33.0158 0x0728  DiagTrack - ok
23:05:33.0189 0x0728  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:05:33.0189 0x0728  discache - ok
23:05:33.0251 0x0728  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
23:05:33.0251 0x0728  Disk - ok
23:05:33.0298 0x0728  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:05:33.0314 0x0728  Dnscache - ok
23:05:33.0345 0x0728  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:05:33.0345 0x0728  dot3svc - ok
23:05:33.0392 0x0728  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:05:33.0407 0x0728  Dot4 - ok
23:05:33.0407 0x0728  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:05:33.0407 0x0728  Dot4Print - ok
23:05:33.0454 0x0728  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
23:05:33.0454 0x0728  dot4usb - ok
23:05:33.0470 0x0728  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:05:33.0470 0x0728  DPS - ok
23:05:33.0517 0x0728  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:05:33.0517 0x0728  drmkaud - ok
23:05:33.0595 0x0728  [ C02FF01B821FBB72104132E56EC5B881, 161AC96EE71C9B1F59ACE07EDC7550E1203C8DEFF6B333D298D564FAF536CF96 ] DsiWMIService   C:\Program Files (x86)\Launch Manager\dsiwmis.exe
23:05:33.0610 0x0728  DsiWMIService - ok
23:05:33.0704 0x0728  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:05:33.0751 0x0728  DXGKrnl - ok
23:05:33.0766 0x0728  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:05:33.0766 0x0728  EapHost - ok
23:05:33.0938 0x0728  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:05:34.0125 0x0728  ebdrv - ok
23:05:34.0172 0x0728  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] EFS             C:\Windows\System32\lsass.exe
23:05:34.0172 0x0728  EFS - ok
23:05:34.0265 0x0728  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:05:34.0297 0x0728  ehRecvr - ok
23:05:34.0328 0x0728  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:05:34.0328 0x0728  ehSched - ok
23:05:34.0397 0x0728  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:05:34.0432 0x0728  elxstor - ok
23:05:34.0546 0x0728  [ 76B978AD795A7E71C48390B000F6023F, 0A398C0FD9F72A0865343E2153F1F4CFA9EE375DC77E87FBDE38A1A8CA3061EB ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
23:05:34.0597 0x0728  ePowerSvc - ok
23:05:34.0609 0x0728  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:05:34.0611 0x0728  ErrDev - ok
23:05:34.0655 0x0728  [ 9FD76E7BA1D2A534B7BCF5BD5755E24B, ECC5E023CC778EDC0A9D9A6807D0457D583611B3968DEEEC4C2A34EE12391DE4 ] ETD             C:\Windows\system32\DRIVERS\ETD.sys
23:05:34.0670 0x0728  ETD - ok
23:05:34.0701 0x0728  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:05:34.0717 0x0728  EventSystem - ok
23:05:34.0748 0x0728  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:05:34.0764 0x0728  exfat - ok
23:05:34.0811 0x0728  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:05:34.0811 0x0728  fastfat - ok
23:05:34.0857 0x0728  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:05:34.0889 0x0728  Fax - ok
23:05:34.0904 0x0728  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:05:34.0920 0x0728  fdc - ok
23:05:34.0935 0x0728  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:05:34.0935 0x0728  fdPHost - ok
23:05:34.0951 0x0728  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:05:34.0951 0x0728  FDResPub - ok
23:05:34.0967 0x0728  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:05:34.0967 0x0728  FileInfo - ok
23:05:34.0982 0x0728  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:05:34.0998 0x0728  Filetrace - ok
23:05:35.0013 0x0728  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:05:35.0013 0x0728  flpydisk - ok
23:05:35.0029 0x0728  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:05:35.0045 0x0728  FltMgr - ok
23:05:35.0138 0x0728  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
23:05:35.0232 0x0728  FontCache - ok
23:05:35.0294 0x0728  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:05:35.0294 0x0728  FontCache3.0.0.0 - ok
23:05:35.0310 0x0728  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:05:35.0310 0x0728  FsDepends - ok
23:05:35.0357 0x0728  [ 8DE1B4F579F8F8897409856F3BB7A7D2, F6F6B2450951E875C3C236F7798F960FD4433EE6B0C57132CB3D32126BEE34E0 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
23:05:35.0357 0x0728  fssfltr - ok
23:05:35.0544 0x0728  [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:05:35.0637 0x0728  fsssvc - ok
23:05:35.0653 0x0728  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:05:35.0653 0x0728  Fs_Rec - ok
23:05:35.0715 0x0728  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:05:35.0731 0x0728  fvevol - ok
23:05:35.0762 0x0728  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:05:35.0762 0x0728  gagp30kx - ok
23:05:35.0825 0x0728  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:05:35.0840 0x0728  GEARAspiWDM - ok
23:05:35.0903 0x0728  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:05:35.0934 0x0728  gpsvc - ok
23:05:35.0996 0x0728  [ 32096F187020A54D29C95B3A1467D963, 2A50686C1FC921B02F6B7472AC09B2CFD9DE290D22DD0342A94AB8E95AC3DC6C ] GREGService     C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
23:05:36.0012 0x0728  GREGService - ok
23:05:36.0027 0x0728  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:05:36.0043 0x0728  hcw85cir - ok
23:05:36.0090 0x0728  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:05:36.0152 0x0728  HdAudAddService - ok
23:05:36.0183 0x0728  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:05:36.0183 0x0728  HDAudBus - ok
23:05:36.0199 0x0728  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:05:36.0215 0x0728  HidBatt - ok
23:05:36.0230 0x0728  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:05:36.0230 0x0728  HidBth - ok
23:05:36.0246 0x0728  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:05:36.0246 0x0728  HidIr - ok
23:05:36.0277 0x0728  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
23:05:36.0277 0x0728  hidserv - ok
23:05:36.0324 0x0728  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:05:36.0324 0x0728  HidUsb - ok
23:05:36.0361 0x0728  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:05:36.0367 0x0728  hkmsvc - ok
23:05:36.0416 0x0728  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:05:36.0430 0x0728  HomeGroupListener - ok
23:05:36.0477 0x0728  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:05:36.0488 0x0728  HomeGroupProvider - ok
23:05:36.0609 0x0728  [ 1DAE5C46D42B02A6D5862E1482EFB390, 90B14E0A8376AE51872D89C141E88AE144B742805F94B4F7948E295322C78B9D ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:05:36.0633 0x0728  hpqcxs08 - ok
23:05:36.0651 0x0728  [ 99E8EEF42FE2F4AF29B08C3355DD7685, D57BC2148653DA5596FB49F1086D165B11C9F6C644608202C08305D3C8499CFE ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:05:36.0651 0x0728  hpqddsvc - ok
23:05:36.0698 0x0728  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:05:36.0698 0x0728  HpSAMD - ok
23:05:36.0745 0x0728  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:05:36.0776 0x0728  HTTP - ok
23:05:36.0791 0x0728  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:05:36.0791 0x0728  hwpolicy - ok
23:05:36.0823 0x0728  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:05:36.0823 0x0728  i8042prt - ok
23:05:36.0901 0x0728  [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
23:05:36.0916 0x0728  iaStor - ok
23:05:36.0994 0x0728  [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:05:36.0994 0x0728  IAStorDataMgrSvc - ok
23:05:37.0025 0x0728  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:05:37.0057 0x0728  iaStorV - ok
23:05:37.0181 0x0728  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:05:37.0213 0x0728  idsvc - ok
23:05:37.0228 0x0728  IEEtwCollectorService - ok
23:05:37.0883 0x0728  [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:05:38.0529 0x0728  igfx - ok
23:05:38.0553 0x0728  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:05:38.0556 0x0728  iirsp - ok
23:05:38.0638 0x0728  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:05:38.0663 0x0728  IKEEXT - ok
23:05:38.0913 0x0728  [ D830262519DDCDFC8BE34EB7047C22DC, A3D41BD7EDBAD0B64245824E920804FB98468E32A649A7983AB3C13C89144D23 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:05:39.0131 0x0728  IntcAzAudAddService - ok
23:05:39.0193 0x0728  [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:05:39.0193 0x0728  IntcDAud - ok
23:05:39.0256 0x0728  [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
23:05:39.0303 0x0728  Intel® Capability Licensing Service Interface - ok
23:05:39.0318 0x0728  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:05:39.0318 0x0728  intelide - ok
23:05:39.0349 0x0728  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:05:39.0349 0x0728  intelppm - ok
23:05:39.0381 0x0728  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:05:39.0381 0x0728  IPBusEnum - ok
23:05:39.0412 0x0728  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:05:39.0412 0x0728  IpFilterDriver - ok
23:05:39.0459 0x0728  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:05:39.0474 0x0728  iphlpsvc - ok
23:05:39.0505 0x0728  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:05:39.0505 0x0728  IPMIDRV - ok
23:05:39.0521 0x0728  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:05:39.0537 0x0728  IPNAT - ok
23:05:39.0630 0x0728  [ B066C46E4B638B849245E35A5703AF80, 738A2A76A68721DCA5004DFF381EF2F032A7E309454294E4ABDFF5141BAC9337 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:05:39.0677 0x0728  iPod Service - ok
23:05:39.0708 0x0728  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:05:39.0708 0x0728  IRENUM - ok
23:05:39.0724 0x0728  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:05:39.0724 0x0728  isapnp - ok
23:05:39.0786 0x0728  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:05:39.0833 0x0728  iScsiPrt - ok
23:05:39.0927 0x0728  [ DBD76BC1D498FE368F2C8CB76C3E00A4, CDFB082B57807CE89509A16D1C8A5BAEEC026EDD7068F5E359AA50557D2525DC ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
23:05:39.0927 0x0728  jhi_service - ok
23:05:39.0989 0x0728  [ E610C2ADF44FFAB91BBA5CA6FC085640, FE273414EBE28445D4E2C4FB1CA10E3B4E172157338140FE67BD0D8F17A9E8E4 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
23:05:40.0020 0x0728  k57nd60a - ok
23:05:40.0051 0x0728  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:05:40.0051 0x0728  kbdclass - ok
23:05:40.0098 0x0728  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:05:40.0114 0x0728  kbdhid - ok
23:05:40.0145 0x0728  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] KeyIso          C:\Windows\system32\lsass.exe
23:05:40.0161 0x0728  KeyIso - ok
23:05:40.0192 0x0728  [ B6C2FA7F5E5BC1A488A57C6344D29D64, 857245D664CF9ED8121E2087D73F85DA3FED721484DDC6B51AF6A344EC29A27F ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:05:40.0207 0x0728  KSecDD - ok
23:05:40.0239 0x0728  [ FB4397DDCC732DB6A7B33B747C7EB708, AD8B9500AAE12C1507B982B74B86731BE75AFAC7F64538332A380AC43EDEC271 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:05:40.0239 0x0728  KSecPkg - ok
23:05:40.0254 0x0728  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:05:40.0254 0x0728  ksthunk - ok
23:05:40.0301 0x0728  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:05:40.0332 0x0728  KtmRm - ok
23:05:40.0388 0x0728  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:05:40.0397 0x0728  LanmanServer - ok
23:05:40.0433 0x0728  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:05:40.0439 0x0728  LanmanWorkstation - ok
23:05:40.0508 0x0728  [ 6BB516A31DE232DAB436FF3A117E1E80, 1B91633C9D2FDD27B1712557E95D5642973105F0161D57E074A0601B666F1221 ] Live Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
23:05:40.0524 0x0728  Live Updater Service - ok
23:05:40.0553 0x0728  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:05:40.0559 0x0728  lltdio - ok
23:05:40.0601 0x0728  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:05:40.0614 0x0728  lltdsvc - ok
23:05:40.0636 0x0728  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:05:40.0638 0x0728  lmhosts - ok
23:05:40.0678 0x0728  [ 86E4CC39C953D11EF57CF54C4DC78238, 076973CA22E8BA94877241EC39D97612C32F3E744E026FA0E518C4DDE8277A55 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:05:40.0693 0x0728  LMS - ok
23:05:40.0709 0x0728  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:05:40.0709 0x0728  LSI_FC - ok
23:05:40.0740 0x0728  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:05:40.0756 0x0728  LSI_SAS - ok
23:05:40.0771 0x0728  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:05:40.0771 0x0728  LSI_SAS2 - ok
23:05:40.0787 0x0728  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:05:40.0802 0x0728  LSI_SCSI - ok
23:05:40.0834 0x0728  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:05:40.0834 0x0728  luafv - ok
23:05:40.0849 0x0728  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:05:40.0849 0x0728  Mcx2Svc - ok
23:05:40.0865 0x0728  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:05:40.0865 0x0728  megasas - ok
23:05:40.0912 0x0728  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:05:40.0927 0x0728  MegaSR - ok
23:05:40.0958 0x0728  [ 6B01B7414A105B9E51652089A03027CF, 9B113DC22F7D0D0B376E577C6D7083F9EDC09BBFE47726393E16D4FDAAAE21FE ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
23:05:40.0958 0x0728  MEIx64 - ok
23:05:41.0005 0x0728  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:05:41.0005 0x0728  MMCSS - ok
23:05:41.0021 0x0728  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:05:41.0021 0x0728  Modem - ok
23:05:41.0036 0x0728  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:05:41.0036 0x0728  monitor - ok
23:05:41.0068 0x0728  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:05:41.0068 0x0728  mouclass - ok
23:05:41.0099 0x0728  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:05:41.0099 0x0728  mouhid - ok
23:05:41.0146 0x0728  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:05:41.0146 0x0728  mountmgr - ok
23:05:41.0177 0x0728  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:05:41.0192 0x0728  mpio - ok
23:05:41.0224 0x0728  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:05:41.0224 0x0728  mpsdrv - ok
23:05:41.0270 0x0728  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:05:41.0317 0x0728  MpsSvc - ok
23:05:41.0348 0x0728  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:05:41.0364 0x0728  MRxDAV - ok
23:05:41.0411 0x0728  [ ACEC16415275E1AD6F7983EF472810E3, E5017E157954F6C21AA66233FF2C1A6B1FF3E4685F26648A8A21F2B9718DD97C ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:05:41.0411 0x0728  mrxsmb - ok
23:05:41.0489 0x0728  [ 0F276F2F2018296FABC7BD2BCCAAB40B, 378A36F7282EE9FFEC8A1D5783ECD0A428E0215B1774AAA166C5AA09B3C636F7 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:05:41.0536 0x0728  mrxsmb10 - ok
23:05:41.0582 0x0728  [ 1D4B7972375052F5B7877A6FD9BE33A0, B3FD235F6FE975F1869436ED1215913F0E8EB1123BB252FD221C35AB1121C3F5 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:05:41.0582 0x0728  mrxsmb20 - ok
23:05:41.0614 0x0728  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:05:41.0614 0x0728  msahci - ok
23:05:41.0660 0x0728  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:05:41.0660 0x0728  msdsm - ok
23:05:41.0707 0x0728  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:05:41.0707 0x0728  MSDTC - ok
23:05:41.0738 0x0728  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:05:41.0738 0x0728  Msfs - ok
23:05:41.0754 0x0728  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:05:41.0754 0x0728  mshidkmdf - ok
23:05:41.0770 0x0728  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:05:41.0770 0x0728  msisadrv - ok
23:05:41.0801 0x0728  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:05:41.0816 0x0728  MSiSCSI - ok
23:05:41.0816 0x0728  msiserver - ok
23:05:41.0848 0x0728  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:05:41.0848 0x0728  MSKSSRV - ok
23:05:41.0863 0x0728  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:05:41.0863 0x0728  MSPCLOCK - ok
23:05:41.0863 0x0728  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:05:41.0863 0x0728  MSPQM - ok
23:05:41.0894 0x0728  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:05:41.0910 0x0728  MsRPC - ok
23:05:41.0941 0x0728  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:05:41.0941 0x0728  mssmbios - ok
23:05:41.0941 0x0728  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:05:41.0941 0x0728  MSTEE - ok
23:05:41.0957 0x0728  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:05:41.0957 0x0728  MTConfig - ok
23:05:41.0988 0x0728  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:05:41.0988 0x0728  Mup - ok
23:05:42.0035 0x0728  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:05:42.0050 0x0728  napagent - ok
23:05:42.0097 0x0728  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:05:42.0113 0x0728  NativeWifiP - ok
23:05:42.0222 0x0728  [ 7F79DA9E719D0774BDBC3622ABD3AFD9, BA45D9D5C983D85999BF18C6D7F985A8D2E2CA5B2A86FF2B8B0928565E789D61 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
23:05:42.0269 0x0728  NAUpdate - ok
23:05:42.0347 0x0728  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:05:42.0388 0x0728  NDIS - ok
23:05:42.0411 0x0728  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:05:42.0414 0x0728  NdisCap - ok
23:05:42.0454 0x0728  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:05:42.0458 0x0728  NdisTapi - ok
23:05:42.0493 0x0728  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:05:42.0497 0x0728  Ndisuio - ok
23:05:42.0519 0x0728  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:05:42.0527 0x0728  NdisWan - ok
23:05:42.0539 0x0728  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:05:42.0543 0x0728  NDProxy - ok
23:05:42.0594 0x0728  [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:05:42.0598 0x0728  Net Driver HPZ12 - ok
23:05:42.0609 0x0728  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:05:42.0612 0x0728  NetBIOS - ok
23:05:42.0636 0x0728  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:05:42.0645 0x0728  NetBT - ok
23:05:42.0668 0x0728  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] Netlogon        C:\Windows\system32\lsass.exe
23:05:42.0671 0x0728  Netlogon - ok
23:05:42.0722 0x0728  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:05:42.0738 0x0728  Netman - ok
23:05:42.0831 0x0728  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:42.0847 0x0728  NetMsmqActivator - ok
23:05:42.0863 0x0728  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:42.0878 0x0728  NetPipeActivator - ok
23:05:42.0909 0x0728  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:05:42.0925 0x0728  netprofm - ok
23:05:42.0941 0x0728  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:42.0941 0x0728  NetTcpActivator - ok
23:05:42.0956 0x0728  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:05:42.0956 0x0728  NetTcpPortSharing - ok
23:05:42.0987 0x0728  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:05:42.0987 0x0728  nfrd960 - ok
23:05:43.0034 0x0728  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:05:43.0065 0x0728  NlaSvc - ok
23:05:43.0081 0x0728  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:05:43.0081 0x0728  Npfs - ok
23:05:43.0112 0x0728  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:05:43.0112 0x0728  nsi - ok
23:05:43.0128 0x0728  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:05:43.0128 0x0728  nsiproxy - ok
23:05:43.0268 0x0728  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:05:43.0362 0x0728  Ntfs - ok
23:05:43.0455 0x0728  [ D27A4546417ED7C4AEA7B3420D4F1F50, 8D52FF7D2C6E338E2E8B414F0FE9ED296A901CB38BCFF8814B1ECE52D8D1599D ] NTI IScheduleSvc C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
23:05:43.0471 0x0728  NTI IScheduleSvc - ok
23:05:43.0487 0x0728  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
23:05:43.0487 0x0728  NTIDrvr - ok
23:05:43.0502 0x0728  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:05:43.0502 0x0728  Null - ok
23:05:43.0518 0x0728  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:05:43.0533 0x0728  nvraid - ok
23:05:43.0533 0x0728  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:05:43.0549 0x0728  nvstor - ok
23:05:43.0580 0x0728  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:05:43.0580 0x0728  nv_agp - ok
23:05:43.0596 0x0728  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:05:43.0596 0x0728  ohci1394 - ok
23:05:43.0674 0x0728  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:05:43.0689 0x0728  ose - ok
23:05:43.0986 0x0728  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:05:44.0235 0x0728  osppsvc - ok
23:05:44.0282 0x0728  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:05:44.0298 0x0728  p2pimsvc - ok
23:05:44.0329 0x0728  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:05:44.0345 0x0728  p2psvc - ok
23:05:44.0345 0x0728  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
23:05:44.0360 0x0728  Parport - ok
23:05:44.0407 0x0728  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:05:44.0407 0x0728  partmgr - ok
23:05:44.0465 0x0728  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:05:44.0478 0x0728  PcaSvc - ok
23:05:44.0501 0x0728  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:05:44.0508 0x0728  pci - ok
23:05:44.0534 0x0728  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:05:44.0536 0x0728  pciide - ok
23:05:44.0556 0x0728  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:05:44.0565 0x0728  pcmcia - ok
23:05:44.0582 0x0728  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:05:44.0584 0x0728  pcw - ok
23:05:44.0632 0x0728  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:05:44.0679 0x0728  PEAUTH - ok
23:05:44.0779 0x0728  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:05:44.0779 0x0728  PerfHost - ok
23:05:44.0888 0x0728  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:05:44.0966 0x0728  pla - ok
23:05:45.0044 0x0728  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:05:45.0059 0x0728  PlugPlay - ok
23:05:45.0122 0x0728  [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:05:45.0137 0x0728  Pml Driver HPZ12 - ok
23:05:45.0153 0x0728  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:05:45.0153 0x0728  PNRPAutoReg - ok
23:05:45.0200 0x0728  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:05:45.0200 0x0728  PNRPsvc - ok
23:05:45.0247 0x0728  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:05:45.0293 0x0728  PolicyAgent - ok
23:05:45.0309 0x0728  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:05:45.0325 0x0728  Power - ok
23:05:45.0340 0x0728  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:05:45.0356 0x0728  PptpMiniport - ok
23:05:45.0371 0x0728  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:05:45.0371 0x0728  Processor - ok
23:05:45.0418 0x0728  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:05:45.0434 0x0728  ProfSvc - ok
23:05:45.0449 0x0728  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:05:45.0449 0x0728  ProtectedStorage - ok
23:05:45.0496 0x0728  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:05:45.0496 0x0728  Psched - ok
23:05:45.0605 0x0728  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:05:45.0683 0x0728  ql2300 - ok
23:05:45.0715 0x0728  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:05:45.0715 0x0728  ql40xx - ok
23:05:45.0761 0x0728  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:05:45.0777 0x0728  QWAVE - ok
23:05:45.0808 0x0728  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:05:45.0808 0x0728  QWAVEdrv - ok
23:05:45.0824 0x0728  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:05:45.0824 0x0728  RasAcd - ok
23:05:45.0886 0x0728  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:05:45.0886 0x0728  RasAgileVpn - ok
23:05:45.0917 0x0728  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:05:45.0917 0x0728  RasAuto - ok
23:05:45.0964 0x0728  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:05:45.0980 0x0728  Rasl2tp - ok
23:05:46.0027 0x0728  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:05:46.0042 0x0728  RasMan - ok
23:05:46.0073 0x0728  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:05:46.0073 0x0728  RasPppoe - ok
23:05:46.0089 0x0728  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:05:46.0105 0x0728  RasSstp - ok
23:05:46.0120 0x0728  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:05:46.0136 0x0728  rdbss - ok
23:05:46.0167 0x0728  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
23:05:46.0167 0x0728  rdpbus - ok
23:05:46.0183 0x0728  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:05:46.0183 0x0728  RDPCDD - ok
23:05:46.0214 0x0728  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:05:46.0214 0x0728  RDPENCDD - ok
23:05:46.0229 0x0728  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:05:46.0229 0x0728  RDPREFMP - ok
23:05:46.0261 0x0728  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:05:46.0276 0x0728  RDPWD - ok
23:05:46.0307 0x0728  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:05:46.0307 0x0728  rdyboost - ok
23:05:46.0339 0x0728  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:05:46.0339 0x0728  RemoteAccess - ok
23:05:46.0370 0x0728  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:05:46.0385 0x0728  RemoteRegistry - ok
23:05:46.0401 0x0728  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:05:46.0401 0x0728  RpcEptMapper - ok
23:05:46.0430 0x0728  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:05:46.0433 0x0728  RpcLocator - ok
23:05:46.0481 0x0728  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
23:05:46.0497 0x0728  RpcSs - ok
23:05:46.0528 0x0728  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:05:46.0531 0x0728  rspndr - ok
23:05:46.0558 0x0728  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] SamSs           C:\Windows\system32\lsass.exe
23:05:46.0560 0x0728  SamSs - ok
23:05:46.0591 0x0728  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:05:46.0596 0x0728  sbp2port - ok
23:05:46.0619 0x0728  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:05:46.0628 0x0728  SCardSvr - ok
23:05:46.0649 0x0728  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:05:46.0651 0x0728  scfilter - ok
23:05:46.0728 0x0728  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
23:05:46.0791 0x0728  Schedule - ok
23:05:46.0822 0x0728  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:05:46.0822 0x0728  SCPolicySvc - ok
23:05:46.0853 0x0728  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
23:05:46.0853 0x0728  sdbus - ok
23:05:46.0869 0x0728  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:05:46.0884 0x0728  SDRSVC - ok
23:05:46.0915 0x0728  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:05:46.0915 0x0728  secdrv - ok
23:05:46.0947 0x0728  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
23:05:46.0947 0x0728  seclogon - ok
23:05:46.0993 0x0728  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
23:05:46.0993 0x0728  SENS - ok
23:05:47.0025 0x0728  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:05:47.0040 0x0728  SensrSvc - ok
23:05:47.0056 0x0728  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
23:05:47.0071 0x0728  Serenum - ok
23:05:47.0103 0x0728  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
23:05:47.0103 0x0728  Serial - ok
23:05:47.0134 0x0728  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:05:47.0134 0x0728  sermouse - ok
23:05:47.0165 0x0728  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:05:47.0181 0x0728  SessionEnv - ok
23:05:47.0196 0x0728  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:05:47.0196 0x0728  sffdisk - ok
23:05:47.0196 0x0728  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:05:47.0196 0x0728  sffp_mmc - ok
23:05:47.0212 0x0728  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:05:47.0227 0x0728  sffp_sd - ok
23:05:47.0227 0x0728  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:05:47.0227 0x0728  sfloppy - ok
23:05:47.0305 0x0728  [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:05:47.0337 0x0728  Sftfs - ok
23:05:47.0446 0x0728  [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:05:47.0477 0x0728  sftlist - ok
23:05:47.0508 0x0728  [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:05:47.0524 0x0728  Sftplay - ok
23:05:47.0524 0x0728  [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:05:47.0539 0x0728  Sftredir - ok
23:05:47.0555 0x0728  [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:05:47.0555 0x0728  Sftvol - ok
23:05:47.0571 0x0728  [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:05:47.0586 0x0728  sftvsa - ok
23:05:47.0617 0x0728  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:05:47.0633 0x0728  SharedAccess - ok
23:05:47.0664 0x0728  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:05:47.0680 0x0728  ShellHWDetection - ok
23:05:47.0711 0x0728  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:05:47.0711 0x0728  SiSRaid2 - ok
23:05:47.0727 0x0728  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:05:47.0742 0x0728  SiSRaid4 - ok
23:05:47.0758 0x0728  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:05:47.0758 0x0728  Smb - ok
23:05:47.0789 0x0728  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:05:47.0789 0x0728  SNMPTRAP - ok
23:05:47.0805 0x0728  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:05:47.0805 0x0728  spldr - ok
23:05:47.0851 0x0728  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:05:47.0867 0x0728  Spooler - ok
23:05:48.0070 0x0728  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:05:48.0241 0x0728  sppsvc - ok
23:05:48.0257 0x0728  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:05:48.0257 0x0728  sppuinotify - ok
23:05:48.0288 0x0728  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:05:48.0335 0x0728  srv - ok
23:05:48.0351 0x0728  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:05:48.0366 0x0728  srv2 - ok
23:05:48.0382 0x0728  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:05:48.0397 0x0728  srvnet - ok
23:05:48.0413 0x0728  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:05:48.0429 0x0728  SSDPSRV - ok
23:05:48.0444 0x0728  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:05:48.0449 0x0728  SstpSvc - ok
23:05:48.0470 0x0728  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:05:48.0472 0x0728  stexstor - ok
23:05:48.0524 0x0728  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:05:48.0560 0x0728  stisvc - ok
23:05:48.0578 0x0728  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:05:48.0580 0x0728  swenum - ok
23:05:48.0615 0x0728  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:05:48.0632 0x0728  swprv - ok
23:05:48.0759 0x0728  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
23:05:48.0868 0x0728  SysMain - ok
23:05:48.0899 0x0728  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:05:48.0899 0x0728  TabletInputService - ok
23:05:48.0930 0x0728  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:05:48.0946 0x0728  TapiSrv - ok
23:05:49.0071 0x0728  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:05:49.0149 0x0728  Tcpip - ok
23:05:49.0227 0x0728  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:05:49.0289 0x0728  TCPIP6 - ok
23:05:49.0336 0x0728  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:05:49.0336 0x0728  tcpipreg - ok
23:05:49.0367 0x0728  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:05:49.0367 0x0728  TDPIPE - ok
23:05:49.0383 0x0728  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:05:49.0383 0x0728  TDTCP - ok
23:05:49.0429 0x0728  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:05:49.0429 0x0728  tdx - ok
23:05:49.0461 0x0728  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:05:49.0461 0x0728  TermDD - ok
23:05:49.0524 0x0728  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
23:05:49.0540 0x0728  TermService - ok
23:05:49.0571 0x0728  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:05:49.0571 0x0728  Themes - ok
23:05:49.0602 0x0728  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:05:49.0618 0x0728  THREADORDER - ok
23:05:49.0649 0x0728  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:05:49.0664 0x0728  TrkWks - ok
23:05:49.0711 0x0728  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:05:49.0711 0x0728  TrustedInstaller - ok
23:05:49.0758 0x0728  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:05:49.0758 0x0728  tssecsrv - ok
23:05:49.0805 0x0728  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:05:49.0805 0x0728  TsUsbFlt - ok
23:05:49.0820 0x0728  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:05:49.0820 0x0728  TsUsbGD - ok
23:05:49.0852 0x0728  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:05:49.0867 0x0728  tunnel - ok
23:05:49.0883 0x0728  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:05:49.0883 0x0728  uagp35 - ok
23:05:49.0898 0x0728  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
23:05:49.0898 0x0728  UBHelper - ok
23:05:49.0945 0x0728  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:05:49.0976 0x0728  udfs - ok
23:05:50.0023 0x0728  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:05:50.0023 0x0728  UI0Detect - ok
23:05:50.0054 0x0728  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:05:50.0054 0x0728  uliagpkx - ok
23:05:50.0086 0x0728  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:05:50.0086 0x0728  umbus - ok
23:05:50.0101 0x0728  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:05:50.0101 0x0728  UmPass - ok
23:05:50.0195 0x0728  [ D80B1075B69B57A3AB78F750CE463ECE, E8435B723C3D9F5B28D5588365E7D6BED298565BCF61240C2B505B1033180DAA ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:05:50.0210 0x0728  UNS - ok
23:05:50.0242 0x0728  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:05:50.0288 0x0728  upnphost - ok
23:05:50.0320 0x0728  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:05:50.0320 0x0728  USBAAPL64 - ok
23:05:50.0366 0x0728  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:05:50.0366 0x0728  usbccgp - ok
23:05:50.0413 0x0728  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:05:50.0413 0x0728  usbcir - ok
23:05:50.0464 0x0728  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:05:50.0468 0x0728  usbehci - ok
23:05:50.0498 0x0728  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:05:50.0531 0x0728  usbhub - ok
23:05:50.0565 0x0728  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:05:50.0566 0x0728  usbohci - ok
23:05:50.0592 0x0728  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:05:50.0594 0x0728  usbprint - ok
23:05:50.0634 0x0728  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
23:05:50.0637 0x0728  usbscan - ok
23:05:50.0677 0x0728  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
23:05:50.0680 0x0728  USBSTOR - ok
23:05:50.0714 0x0728  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:05:50.0716 0x0728  usbuhci - ok
23:05:50.0771 0x0728  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:05:50.0787 0x0728  usbvideo - ok
23:05:50.0802 0x0728  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:05:50.0818 0x0728  UxSms - ok
23:05:50.0834 0x0728  [ 626BE7CD27F44185AA4DCD3603830312, EBE197BAA8F0ACEA219B402A1D03534A448048F1010A50680D728493A9B0641E ] VaultSvc        C:\Windows\system32\lsass.exe
23:05:50.0834 0x0728  VaultSvc - ok
23:05:50.0865 0x0728  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:05:50.0865 0x0728  vdrvroot - ok
23:05:50.0912 0x0728  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:05:50.0943 0x0728  vds - ok
23:05:50.0958 0x0728  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:05:50.0958 0x0728  vga - ok
23:05:50.0990 0x0728  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:05:50.0990 0x0728  VgaSave - ok
23:05:51.0005 0x0728  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:05:51.0021 0x0728  vhdmp - ok
23:05:51.0036 0x0728  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:05:51.0036 0x0728  viaide - ok
23:05:51.0052 0x0728  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:05:51.0068 0x0728  volmgr - ok
23:05:51.0099 0x0728  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:05:51.0114 0x0728  volmgrx - ok
23:05:51.0130 0x0728  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:05:51.0130 0x0728  volsnap - ok
23:05:51.0161 0x0728  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:05:51.0161 0x0728  vsmraid - ok
23:05:51.0270 0x0728  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:05:51.0364 0x0728  VSS - ok
23:05:51.0380 0x0728  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:05:51.0395 0x0728  vwifibus - ok
23:05:51.0411 0x0728  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:05:51.0411 0x0728  vwififlt - ok
23:05:51.0458 0x0728  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
23:05:51.0473 0x0728  vwifimp - ok
23:05:51.0489 0x0728  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:05:51.0504 0x0728  W32Time - ok
23:05:51.0520 0x0728  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:05:51.0520 0x0728  WacomPen - ok
23:05:51.0551 0x0728  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:05:51.0567 0x0728  WANARP - ok
23:05:51.0582 0x0728  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:05:51.0598 0x0728  Wanarpv6 - ok
23:05:51.0707 0x0728  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:05:51.0785 0x0728  WatAdminSvc - ok
23:05:51.0848 0x0728  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:05:51.0957 0x0728  wbengine - ok
23:05:51.0988 0x0728  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:05:51.0988 0x0728  WbioSrvc - ok
23:05:52.0019 0x0728  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:05:52.0035 0x0728  wcncsvc - ok
23:05:52.0050 0x0728  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:05:52.0050 0x0728  WcsPlugInService - ok
23:05:52.0082 0x0728  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:05:52.0082 0x0728  Wd - ok
23:05:52.0175 0x0728  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:05:52.0206 0x0728  Wdf01000 - ok
23:05:52.0253 0x0728  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:05:52.0269 0x0728  WdiServiceHost - ok
23:05:52.0269 0x0728  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:05:52.0269 0x0728  WdiSystemHost - ok
23:05:52.0316 0x0728  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
23:05:52.0331 0x0728  WebClient - ok
23:05:52.0347 0x0728  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:05:52.0362 0x0728  Wecsvc - ok
23:05:52.0378 0x0728  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:05:52.0378 0x0728  wercplsupport - ok
23:05:52.0409 0x0728  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:05:52.0409 0x0728  WerSvc - ok
23:05:52.0440 0x0728  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:05:52.0440 0x0728  WfpLwf - ok
23:05:52.0469 0x0728  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:05:52.0470 0x0728  WIMMount - ok
23:05:52.0503 0x0728  WinDefend - ok
23:05:52.0510 0x0728  WinHttpAutoProxySvc - ok
23:05:52.0596 0x0728  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:05:52.0642 0x0728  Winmgmt - ok
23:05:52.0768 0x0728  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
23:05:52.0893 0x0728  WinRM - ok
23:05:52.0940 0x0728  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
23:05:52.0940 0x0728  WinUsb - ok
23:05:53.0002 0x0728  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:05:53.0049 0x0728  Wlansvc - ok
23:05:53.0205 0x0728  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:05:53.0314 0x0728  wlidsvc - ok
23:05:53.0330 0x0728  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:05:53.0330 0x0728  WmiAcpi - ok
23:05:53.0377 0x0728  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:05:53.0392 0x0728  wmiApSrv - ok
23:05:53.0408 0x0728  WMPNetworkSvc - ok
23:05:53.0439 0x0728  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:05:53.0439 0x0728  WPCSvc - ok
23:05:53.0470 0x0728  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:05:53.0486 0x0728  WPDBusEnum - ok
23:05:53.0517 0x0728  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:05:53.0517 0x0728  ws2ifsl - ok
23:05:53.0548 0x0728  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
23:05:53.0548 0x0728  wscsvc - ok
23:05:53.0548 0x0728  WSearch - ok
23:05:53.0720 0x0728  [ 86F11B85102AFA6A1A6101DCE2F09386, 68A0F0E628C8F33FDAC114876DA8ED14776DD74E80AC5A6A52257E19DE011091 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:05:53.0829 0x176c  Object required for P2P: [ 4DDC45ACA9EEAB337F6D8E50C87CF1BF ] ClickToRunSvc
23:05:53.0860 0x0728  wuauserv - ok
23:05:53.0923 0x0728  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:05:53.0923 0x0728  WudfPf - ok
23:05:53.0969 0x0728  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
23:05:53.0985 0x0728  WUDFRd - ok
23:05:54.0047 0x0728  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:05:54.0047 0x0728  wudfsvc - ok
23:05:54.0110 0x0728  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:05:54.0157 0x0728  WwanSvc - ok
23:05:54.0188 0x0728  ================ Scan global ===============================
23:05:54.0235 0x0728  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
23:05:54.0297 0x0728  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
23:05:54.0359 0x0728  [ 841BF993597DCD498247684B5D3AE845, B80FDDE2F36F7DC9BCE253FFE0148C918DC3DD4357F37761B364DE7B887239EA ] C:\Windows\system32\winsrv.dll
23:05:54.0406 0x0728  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:05:54.0453 0x0728  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
23:05:54.0470 0x0728  [ Global ] - ok
23:05:54.0470 0x0728  ================ Scan MBR ==================================
23:05:54.0486 0x0728  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:05:54.0888 0x0728  \Device\Harddisk0\DR0 - ok
23:05:54.0888 0x0728  ================ Scan VBR ==================================
23:05:54.0888 0x0728  [ 024A3604189B2DB37EAFB8139FDC1A97 ] \Device\Harddisk0\DR0\Partition1
23:05:54.0919 0x0728  \Device\Harddisk0\DR0\Partition1 - ok
23:05:54.0935 0x0728  [ 154B6B15AA5593D5D38A88D8F3EC89B2 ] \Device\Harddisk0\DR0\Partition2
23:05:54.0935 0x0728  \Device\Harddisk0\DR0\Partition2 - ok
23:05:54.0935 0x0728  ================ Scan generic autorun ======================
23:05:55.0528 0x0728  [ 6522AA1BCFC503A2417B7358E31F4EB9, 7E0AC65A1A99877DAFC139C7F712C19A92FED4D1E80BD8DC6FD857EA2D40E1CA ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:05:56.0058 0x0728  RTHDVCPL - ok
23:05:56.0245 0x0728  [ 9634F2078F66B901B171F7E75FFF3261, DF82CF522847F930A26A438096C32A34F448A89F28BA4C681F396F0C25B96E28 ] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
23:05:56.0323 0x0728  Power Management - ok
23:05:56.0370 0x0728  [ B187ECB8297487F6B08BB93852334ABE, 73909B14AD47DE206777CE6E66923E00FB0292691A3E6E84F73BF485241D8B76 ] C:\Windows\system32\igfxpers.exe
23:05:56.0401 0x0728  Persistence - ok
23:05:56.0464 0x0728  [ 5A89395D7185A2B1B6A43870079D808F, 6557F3F82931D2782B33976FB7B441FFE65AB98377ADB2E8582D0CA41A28F581 ] C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe
23:05:56.0464 0x0728  OOTag - ok
23:05:56.0553 0x0728  [ ADFCC68B42627055979B26FC00759D17, 5C1C8395A7846E5DDEB6FFE2B37B537DDA4712D62CE05D7EA8B1773C75D46DE6 ] C:\Program Files\iTunes\iTunesHelper.exe
23:05:56.0565 0x0728  iTunesHelper - ok
23:05:56.0609 0x0728  [ 65E11A42752FDAE5EFE2EC07816BA006, F778E52B56FA76C1FD3875D066D78C223482D4FE2DE80D414B251CE77667D9C7 ] C:\Windows\system32\igfxtray.exe
23:05:56.0621 0x0728  IgfxTray - ok
23:05:56.0667 0x0728  [ 276D5DAAB9EA87B839C2D41E4697CF1B, 3B663DF34DBA37BA97574285485FBC56F378C0CD1E5D955ED902120C05B28F40 ] C:\Windows\system32\hkcmd.exe
23:05:56.0701 0x0728  HotKeysCmds - ok
23:05:57.0243 0x0728  [ C6EA8429C22C53BC7A738FFEC4831429, BF0B2C1F38F2DDE284C20CA0C4027495F52E52B35B846A1F655C6670816552C8 ] C:\Program Files (x86)\UltimateOutsider\GWX Control Panel\GWX_control_panel.exe
23:05:57.0368 0x0728  GwxControlPanelMonitor - ok
23:05:57.0383 0x0728  ETDCtrl - ok
23:05:57.0539 0x0728  [ F9387D080BF8566354CDB0445AB8F87B, 4EE5D4A15E2D3DF578FA0370449C0894166B1B2998B63D9F02A994845350B86A ] C:\Users\Mary\AppData\Local\Microsoft\OneDrive\OneDrive.exe
23:05:57.0586 0x0728  OneDrive - ok
23:05:57.0742 0x0728  [ 5D47E37C1E1F03C1E7E8DCEDD4A4BCDF, 72F9675AEA8ED5ACF19161E8FDD481460BE158A65EF2B998AE4E93A7804B2172 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
23:05:57.0758 0x0728  iCloudServices - ok
23:05:57.0804 0x0728  [ 2E4529B5F54B843F1E3A51B8DAEC899B, 3282107810062FEE024CBFB626F91F342B10E7278A4876C75E25B51B07AC3BCA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
23:05:57.0820 0x0728  iCloudPhotos - ok
23:05:57.0882 0x0728  [ BB9217E339B1DE7EB08E2ED0CD89F988, ED488890DD801506C0E6144C6CF7CD878B1E436E4F2B5C5A7C5DA4994532082F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
23:05:57.0882 0x0728  ApplePhotoStreams - ok
23:05:57.0882 0x0728  Waiting for KSN requests completion. In queue: 380
23:05:58.0023 0x176c  Object send P2P result: true
23:05:58.0883 0x0728  Waiting for KSN requests completion. In queue: 88
23:05:59.0897 0x0728  Waiting for KSN requests completion. In queue: 88
23:06:00.0910 0x0728  Waiting for KSN requests completion. In queue: 88
23:06:01.0955 0x0728  AV detected via SS2: AVG AntiVirus Free Edition, C:\Program Files (x86)\AVG\Av\avgwsc.exe ( 16.61.0.7539 ), 0x42000 ( disabled : updated )
23:06:02.0002 0x0728  Win FW state via NFP2: enabled ( trusted )
23:06:15.0093 0x0728  ============================================================
23:06:15.0093 0x0728  Scan finished
23:06:15.0093 0x0728  ============================================================
23:06:15.0108 0x1248  Detected object count: 0
23:06:15.0108 0x1248  Actual detected object count: 0
23:06:49.0255 0x13f4  Deinitialize success

 

 

Hopefully this is correct! Now I'll run the other one...
 

 



#8 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 25 April 2016 - 11:40 PM

I got some weird happenings with ASW MBR scan. It had finally finished loading definitions, and was scanning...I went to brush my teeth, and when I returned, there was a 'windows has shut down unexpectedly' or rather, was not shut down properly. Then a really slow restart, lots of black screen time. So, no scan log, but I do see that mbr file you mentioned wd be on desktop.

Also, I cked avg because it was to stay off till a restart, so wanted to be sure it was back on, and the web protection part was not activated, strangely enough, so I turned that on before coming here to report. At least I seem to have lost the weird photo bucket prompts that were all over this site earlier! Plus the screen shots in your directions were just tiny boxes earlier and are now normal.

As to ASW scan, I'll await your instructions after what happened....I have no idea what made it shut down the notebook! I figured when it finished, I would have time to clk on 'save log,' and didn't leave it very long at all!

So, it's after midnight here on East Coast, and I'll await your guidance on this situation.

Thanks for all your help.

p.s. now morning--on the avg 'web protection,' I hope I didn't enable that stupid 'secure search,' which I had uninstalled b/f contacting you--I don't like AVG anymore.  It's not what it used to be, and eventually hope to install a replacement anti-vir on here for my sister. Natch, not doing so until I get the green light from you, tho.


Edited by Terri13th, 26 April 2016 - 08:51 AM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:35 PM

Posted 26 April 2016 - 08:58 AM

Hi Terri, thanks for the information.

The Photobucket issue was on my end. Some of the links to my account are broken for some reason.

Please attempt to run aswMBR in Safe Mode with Networking.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 26 April 2016 - 09:44 AM

Hi, Gary--I confess I forgot to disable AVG. I let it run in safe-mode w/networking but it's been stopped at 'Microsoft Windows live Installer Catalogue' for over 10 minutes....hey, it just continued on.( I'm writing from my net book, btw.) Anyway should I let it continue even tho I didn't disable avg and see what we get?

It's still scanning and hopefully will let me save log this time.



#11 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 26 April 2016 - 09:55 AM

Aswmbr completed successfully--here's log--

 

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-04-26 10:18:35
-----------------------------
10:18:35.244    OS Version: Windows x64 6.1.7601 Service Pack 1
10:18:35.244    Number of processors: 2 586 0x2A07
10:18:35.322    ComputerName: MARY-PC  UserName: Mary
10:18:36.289    Initialize success
10:19:35.195    AVAST engine defs: 16042502
10:19:46.677    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:19:46.677    Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:19:46.817    Disk 0 MBR read successfully
10:19:46.817    Disk 0 MBR scan
10:19:46.848    Disk 0 Windows 7 default MBR code
10:19:46.879    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        18432 MB offset 2048
10:19:46.895    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 37750784
10:19:46.911    Disk 0 Boot: NTFS     code=1
10:19:46.942    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       286711 MB offset 37955584
10:19:46.973    Disk 0 scanning C:\Windows\system32\drivers
10:19:57.019    Service scanning
10:20:25.053    Modules scanning
10:20:25.053    Disk 0 trace - called modules:
10:20:25.084    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:20:25.084    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800651b060]
10:20:25.084    3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8003eb9050]
10:20:26.425    AVAST engine scan C:\Windows
10:20:29.701    AVAST engine scan C:\Windows\system32
10:23:53.251    AVAST engine scan C:\Windows\system32\drivers
10:24:07.712    AVAST engine scan C:\Users\Mary
10:42:33.582    AVAST engine scan C:\ProgramData
10:46:30.110    Disk 0 statistics 4072597/0/0 @ 1.49 MB/s
10:46:30.110    Scan finished successfully
10:46:56.162    Disk 0 MBR has been saved successfully to "C:\Users\Mary\Desktop\MBR.dat"
10:46:56.162    The log file has been saved successfully to "C:\Users\Mary\Desktop\aswMBR.txt"

 

Ok, I had some underlining of text in post going on, but didn't show up in preview, so hopefully this is ok, and the forgetfulness of me concerning AVG didn't mess things up...


Edited by Terri13th, 26 April 2016 - 10:44 AM.


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:35 PM

Posted 26 April 2016 - 08:49 PM

Hi Terri,

You did just fine. Please do this.

===================================================

Running Startup Repair

--------------------
  • Reboot your computer and gently tap F8 to enter the Advanced Boot Options menu
  • Highlight Repair Your Computer and press Enter
  • Click Next
  • Enter the password information if necessary then click OK
  • Click Startup Repair and allow the process to complete
  • Restart the computer if required
  • Check your computer performance
===================================================

Autoruns

--------------------
  • Please download AutoRuns and save it to your desktop
  • Double click the AutoRuns.zip folder (or if necessary right click and select Extract)
  • Double click autoruns.exe (not autorunsc.exe), select Run, then Run again and allow the information to populate
  • Hit the Ctrl + S key at the same time
  • Save the file to your Desktop as autoruns
  • Please zip and upload the file here
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Startup Repair run?
  • Attached Autoruns file
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 27 April 2016 - 02:16 PM

Ok, Gary--btw, thanks for all your help!

I ran start-up repair, I guess it did its thing, and did want a restart. That particular restart took long, but I figure it was doing its thing.

I went right to second assignment, so haven't tested a restart since the repair. First I wanted to report in and send you the Autoruns report, especially as I had some doubts about how I did it...

Let me know if I goofed on sending autoruns zipped file.

I'll try some restarts now and see how notebook is running.

p.s. I referred to you as 'Gary,' in my comments section when sending, and probably should have used 'Oh My!'


Edited by Terri13th, 27 April 2016 - 02:25 PM.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,995 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:35 PM

Posted 27 April 2016 - 03:37 PM

Hi Terri,

That uploaded file goes directly to me so Gary was just fine. :) I got the file.

Test your computer and let me know if there is any difference.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Terri13th

Terri13th
  • Topic Starter

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:35 PM

Posted 28 April 2016 - 08:45 AM

The notebook still seems sluggish, as far as start-up from off, surfing web, and even bringing IE up the first time of a session. Somewhere along the line, I did stayed logged into this site each time I bring it up from shortcut, when the 'remember me' never worked earlier, so that's good. Even non-internet tasks, such as going into power options to change some settings, seems very slow. Also getting that 'Internet Explorer has stopped working' prompt when cruising sites on web.

Last nite on a shutdown, the desktop blinked 3 times, black screen, but continued shutting down and no prompts came on reboot about it, but it was a different occurance, so worth a mention. It still seems slow to me, and this is going back and forth between it and my windows 7 starter netbook.

'Any difference' well, maybe, but just a tad.

Was anything uncovered in any of the scans?

Also, is it ok for me to run malwarebytes and avg scan at this point? (I wanted to be sure with you before running.)


Edited by Terri13th, 28 April 2016 - 08:46 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users