Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with hijackthis log file


  • This topic is locked This topic is locked
29 replies to this topic

#1 scojoh

scojoh

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 16 May 2016 - 02:16 PM

Please review and advise which objects are suspicious or to delete ?  PC is windows 7 SP 1.  Reply to (email address deleted).

Attached Files


Edited by Queen-Evie, 16 May 2016 - 03:04 PM.
moved from Windows 7 to Malware Removal Logs, which is the only place HJT logs are allowed. Removed email address.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 17 May 2016 - 10:13 PM

Greetings scojoh and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Are you experiencing any issues? Is there a reason you ran HijackThis?

Please do this.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your Desktop. <<< Important
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 20 May 2016 - 08:23 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 22 May 2016 - 01:30 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 31 May 2016 - 08:05 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 scojoh

scojoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 31 May 2016 - 02:27 PM

In response to your questions:

 

Are you experiencing any issues?  Yes, when computer is running in normal boot mode it is very slow or even unresponsive.  I can use it ok when booted into safe mode with networking.

 

Is there a reason you ran HijackThis?   I had used this tool in the past on a different computer to try and fix a similar issue.



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 31 May 2016 - 02:46 PM

Thank you. Please boot into Safe Mode and run FRST as instructed.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 scojoh

scojoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 01 June 2016 - 10:19 AM

Gary,

 

Sorry, I just noticed your post to run in safe mode.  I ran this in normal mode.  Do I need to rerun ?

 

 

 

Results from FRST tool scan.  System summary attached.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Scott Johnson (administrator) on JOHNSONFAMILYPC (01-06-2016 10:45:56)
Running from C:\Users\Scott Johnson\Downloads
Loaded Profiles: Scott Johnson (Available Profiles: Mitch Johnson & Johanna Johnson & Scott Johnson & Johanna)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
( ) C:\Windows\System32\lxdvcoms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
() C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Crawler, LLC) C:\Program Files (x86)\SiteRanker\SiteRankTray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Acer) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [822816 2009-10-29] (Acer Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-10-20] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1881384 2009-10-23] (Synaptics Incorporated)
HKLM\...\Run: [lxdvmon.exe] => C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe [455336 2007-11-01] ()
HKLM\...\Run: [lxdvamon] => C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe [25256 2007-11-01] ()
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [163568 2010-09-24] (Microsoft Corporation)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1157640 2009-09-17] (Dritek System Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-08-03] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe [244480 2009-10-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [Lexmark X5400 Series] => C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe [307880 2007-11-01] ()
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2016-01-28] (Crawler, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1230704 2011-01-10] ()
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\...\Run: [EPSON Stylus Photo R290 Series (Copy 1)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKL.EXE [213504 2007-04-13] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\...\MountPoints2: {1d661d8a-cc1f-11df-a852-00235a769c29} - E:\LaunchU3.exe -a
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\...\MountPoints2: {975e5a42-7782-11e2-974f-00235a769c29} - E:\MotoCastSetup.exe -a
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Gateway.scr [442368 2009-07-30] ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-10-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-10-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Johanna Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-08-12]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (No File)
Startup: C:\Users\Johanna Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2010-06-09]
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)
Startup: C:\Users\Mitch Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk [2011-02-19]
ShortcutTarget: Advanced Registry Optimizer.lnk -> C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (No File)
Startup: C:\Users\Mitch Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2010-04-07]
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.104.2.36 208.104.244.45
Tcpip\..\Interfaces\{27BD6776-E27E-408C-B4EB-758EC68F1810}: [DhcpNameServer] 8.8.8.8 208.104.2.36 208.104.244.45
Tcpip\..\Interfaces\{31CEA266-7414-4C54-9C72-0A5B01F4C4CD}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n945l0364z115a4922y243
SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100716184432400&tb_oid=16-07-2010&tb_mrud=16-07-2010
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS374
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60500
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {2A4A6757-0702-4981-94D8-646CA0634404} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=298E7004-67FB-4304-96E3-05AF22F3DCB7&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17631&doi=2015-03-07&trgb=IE&q={searchTerms}&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACGW_enUS374
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll [2016-01-28] (Crawler, LLC)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" => No File
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-07] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
BHO-x32: Inbox Toolbar -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\PROGRA~2\INBOXT~1\Inbox.dll => No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-07] (Oracle Corporation)
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
DPF: HKLM {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-17] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Scott Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\x5s0mtkh.default-1462888728397
FF Homepage: hxxp://www.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-18] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-18] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-03-06] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-01-24] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-07] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-05-04] [not signed]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2016-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2010-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [HBLite@HBLite.com] - C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions => not found
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox [2016-05-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-02-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-08]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2016-05-16]

Chrome:
=======
CHR Profile: C:\Users\Scott Johnson\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Scott Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-01]
CHR Extension: (DivX HiQ) - C:\Users\Scott Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2016-03-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Scott Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Scott Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2016-03-31]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 lxdv_device; C:\Windows\system32\lxdvcoms.exe [1044136 2007-10-18] ( )
R2 lxdv_device; C:\Windows\SysWOW64\lxdvcoms.exe [594600 2007-10-18] ( )
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZuneWlanCfgSvc; c:\Windows\system32\ZuneWlanCfgSvc.exe [467696 2010-09-24] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
S3 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-01] (Realtek Semiconductor Corp.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [91536 2015-06-28] (Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.)
U2 TMAgent; no ImagePath
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 10:45 - 2016-06-01 10:48 - 00027531 _____ C:\Users\Scott Johnson\Downloads\FRST.txt
2016-06-01 10:45 - 2016-06-01 10:45 - 00000000 ____D C:\FRST
2016-06-01 10:41 - 2016-06-01 10:41 - 02383872 _____ (Farbar) C:\Users\Scott Johnson\Downloads\FRST64.exe
2016-06-01 10:36 - 2016-06-01 10:36 - 00000000 ___RD C:\Users\Scott Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2016-05-17 08:27 - 2016-05-17 08:27 - 00000943 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-05-17 08:27 - 2016-05-17 08:27 - 00000931 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-05-17 08:25 - 2016-05-17 08:25 - 46547112 _____ C:\Users\Scott Johnson\Downloads\Firefox Setup 46.0.1.exe
2016-05-13 09:11 - 2016-05-17 08:26 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-05-12 10:01 - 2016-05-12 10:01 - 00000000 ____D C:\Users\Scott Johnson\AppData\Roaming\Malwarebytes
2016-05-12 09:37 - 2016-05-12 09:37 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\Deployment
2016-05-12 09:37 - 2016-05-12 09:37 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\Apps\2.0
2016-05-11 12:09 - 2016-05-11 12:09 - 00000000 ___RD C:\Users\Johanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
2016-05-10 17:17 - 2016-05-25 08:06 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-10 17:17 - 2016-05-10 17:26 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-10 17:17 - 2016-05-10 17:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-10 17:17 - 2016-05-10 17:26 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-10 17:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-10 17:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-10 17:15 - 2016-05-10 17:16 - 22851472 _____ (Malwarebytes ) C:\Users\Scott Johnson\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-10 16:49 - 2016-05-10 16:49 - 06748160 _____ C:\Program Files (x86)\GUTA9E6.tmp
2016-05-10 16:49 - 2016-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\GUMA977.tmp
2016-05-10 10:14 - 2016-02-05 14:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-05-10 10:14 - 2016-02-05 14:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-05-10 10:14 - 2016-02-05 13:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-05-10 10:14 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-05-10 10:14 - 2015-06-03 16:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-05-10 09:59 - 2016-05-10 09:59 - 00000000 ____D C:\Users\Scott Johnson\Desktop\Old Firefox Data
2016-05-10 09:44 - 2016-03-11 14:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-10 09:44 - 2016-03-11 14:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-10 09:34 - 2016-05-10 09:34 - 00003416 ____N C:\bootsqm.dat
2016-05-10 09:06 - 2016-05-10 09:10 - 00000000 ____D C:\60c17e458833880aac
2016-05-09 14:19 - 2016-05-31 08:01 - 02013454 _____ C:\Windows\ntbtlog.txt
2016-05-05 11:22 - 2016-05-05 11:22 - 02120256 _____ C:\Users\Scott Johnson\Downloads\Claimanthandbook.pdf
2016-05-04 23:08 - 2016-05-12 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-05-02 10:14 - 2016-05-02 10:14 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\{4451156A-9DAA-474C-AFA6-7F2D8C98AF71}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-01 10:47 - 2010-04-06 21:16 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-06-01 10:44 - 2010-04-06 21:16 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-06-01 10:36 - 2011-02-03 17:23 - 00000000 ____D C:\Program Files (x86)\SiteRanker
2016-06-01 10:33 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-31 07:59 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-31 07:59 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-25 08:09 - 2010-07-16 14:40 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333064775-2984497836-3761070090-1001UA.job
2016-05-25 08:06 - 2012-05-13 19:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-20 10:24 - 2011-02-19 21:09 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-20 10:24 - 2011-02-19 21:09 - 00002150 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-20 09:55 - 2012-05-13 19:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-05-18 09:53 - 2012-05-13 19:45 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-05-18 09:53 - 2011-06-15 19:47 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-18 09:52 - 2010-07-16 14:40 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333064775-2984497836-3761070090-1001Core.job
2016-05-17 20:01 - 2011-02-06 17:11 - 00000000 ____D C:\Users\Scott Johnson\AppData\LocalLow\SiteRanker
2016-05-17 18:47 - 2016-04-05 09:52 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\ElevatedDiagnostics
2016-05-17 08:27 - 2012-08-31 13:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-17 01:18 - 2015-06-03 20:34 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-17 01:18 - 2012-05-13 19:45 - 00000000 ____D C:\Windows\system32\Macromed
2016-05-17 01:18 - 2010-10-19 20:56 - 00000000 ____D C:\Users\Johanna
2016-05-17 01:18 - 2010-04-06 22:08 - 00000000 ____D C:\Users\Johanna Johnson
2016-05-17 01:18 - 2010-04-06 20:52 - 00000000 ____D C:\Users\Mitch Johnson
2016-05-17 01:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-17 01:17 - 2015-04-13 20:56 - 00000000 ____D C:\Users\Johanna\AppData\Local\AskPartnerNetwork
2016-05-17 01:17 - 2015-03-07 09:28 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\AskPartnerNetwork
2016-05-17 01:17 - 2011-02-19 21:15 - 00000000 ____D C:\Users\Mitch Johnson\AppData\Roaming\OpenCandy
2016-05-17 01:17 - 2011-02-03 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
2016-05-17 01:17 - 2011-02-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
2016-05-17 01:17 - 2011-02-03 17:22 - 00000000 ____D C:\Program Files (x86)\Inbox Toolbar
2016-05-17 01:17 - 2011-02-03 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
2016-05-17 01:17 - 2010-08-12 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
2016-05-17 01:17 - 2010-08-12 19:31 - 00000000 ____D C:\Program Files (x86)\GIMP-2.0
2016-05-17 01:17 - 2010-05-07 19:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2016-05-17 01:17 - 2010-05-07 19:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2016-05-17 01:16 - 2009-07-14 03:44 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-05-17 01:15 - 2010-04-06 22:13 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\VirtualStore
2016-05-17 01:14 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-05-16 21:30 - 2010-04-06 22:13 - 00000000 ____D C:\Users\Scott Johnson
2016-05-16 11:51 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\tracing
2016-05-16 10:06 - 2015-03-07 09:27 - 00000000 ____D C:\ProgramData\APN
2016-05-12 09:27 - 2009-11-09 23:39 - 00000000 ____D C:\Program Files\Google
2016-05-12 09:27 - 2009-11-09 23:39 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-12 09:22 - 2010-04-11 22:42 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\Google
2016-05-12 09:22 - 2009-11-09 23:39 - 00000000 ____D C:\ProgramData\Google
2016-05-10 23:39 - 2010-04-06 21:16 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 23:39 - 2010-04-06 21:16 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 17:17 - 2010-05-07 19:13 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-10 09:34 - 2016-03-28 16:03 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-05-10 08:53 - 2015-11-17 18:30 - 00000000 ____D C:\ProgramData\TMDP_Log
2016-05-10 08:51 - 2015-11-17 18:31 - 00000000 ____D C:\Users\Johanna\AppData\Roaming\Trend Micro
2016-05-10 08:51 - 2015-11-17 18:30 - 00000000 ____D C:\Program Files\Trend Micro
2016-05-10 08:43 - 2016-03-28 16:03 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\Dropbox
2016-05-10 08:41 - 2016-03-28 16:09 - 00000000 ___RD C:\Users\Scott Johnson\Dropbox
2016-05-09 18:02 - 2015-11-17 19:59 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\DP_Tower
2016-05-09 09:35 - 2015-11-17 21:56 - 00000010 _____ C:\Users\Scott Johnson\AppData\Local\sponge.last.runtime.cache
2016-05-05 15:51 - 2014-11-11 12:38 - 00006115 _____ C:\Windows\wininit.ini
2016-05-02 10:14 - 2010-10-23 09:19 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\Windows Live

==================== Files in the root of some directories =======

2016-05-10 16:49 - 2016-05-10 16:49 - 6748160 _____ () C:\Program Files (x86)\GUTA9E6.tmp
2015-03-31 12:57 - 2015-11-08 20:09 - 0000033 _____ () C:\Users\Scott Johnson\AppData\Roaming\ARCompanion.log
2010-04-14 10:22 - 2010-04-14 10:22 - 0000000 _____ () C:\Users\Scott Johnson\AppData\Roaming\wklnhst.dat
2015-11-17 21:56 - 2016-05-09 09:35 - 0000010 _____ () C:\Users\Scott Johnson\AppData\Local\sponge.last.runtime.cache
2010-07-27 00:12 - 2010-07-27 00:12 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2013-04-10 18:36 - 2013-04-13 14:26 - 0000469 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2012-12-11 20:09 - 2012-12-11 20:09 - 1136305 _____ () C:\ProgramData\SPL4F53.tmp
2014-07-28 19:19 - 2014-07-28 19:19 - 1831163 _____ () C:\ProgramData\SPL975C.tmp
2013-12-13 11:56 - 2013-12-13 11:56 - 0068552 _____ () C:\ProgramData\SPLB915.tmp

Files to move or delete:
====================
C:\Users\Johanna\CTX.DAT
C:\Users\Johanna\g2ax_customer_downloadhelper_win32_x86.exe


Some files in TEMP:
====================
C:\Users\Johanna\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Johanna\AppData\Local\Temp\ARCompanionForSession2.exe
C:\Users\Johanna\AppData\Local\Temp\drq7kfwh.dll
C:\Users\Johanna\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Johanna\AppData\Local\Temp\jniverify.dll
C:\Users\Johanna\AppData\Local\Temp\jre-6u22-windows-i586-iftw-rv.exe
C:\Users\Johanna\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Johanna\AppData\Local\Temp\_isE78.exe
C:\Users\Johanna\AppData\Local\Temp\_isF88D.exe
C:\Users\Johanna Johnson\AppData\Local\Temp\EpsonInkjetDriverDownloader.EXE
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1171506483569350642.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1331865049774719151.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1361332611749091999.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1370040819930956846.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1574212957466521804.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1581564791652664049.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1604790397609881204.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1707280194872993986.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna173578629695039458.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1808165918262905346.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1862592861905022793.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1899062476386932160.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1936315437133221596.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna1952605196655245159.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2021307603911709364.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2022516119841871711.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna207474509312666789.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2078671101152063406.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2136528737109219720.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna214609423580501335.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2190054698483865007.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2228864691479300943.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2260888190814418685.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2299384047439000419.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2365796738603856698.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2399024834842697979.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2408570100715257282.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2439982283924506850.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2444879025671802843.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2588319675527409468.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2625911620562019642.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2632330323916947784.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2665296713420583398.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2666521749925453956.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2677744684573578465.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2744477745741471743.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2749122170715235648.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2837968564750804343.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna288550772438047855.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2918910558536799239.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2923521869565112906.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2945293004117240932.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna2998761112561458440.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3032391553651810814.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3125386890246625045.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3355937031833080892.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3537677232707480979.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3551249619464657802.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3616274240593536826.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3690295845881551676.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3721494303296405414.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3723843136396361339.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3729782800026297764.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3768030350679249988.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3803333152366853851.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3809925163546242862.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3842487934267928307.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna3948744230421520486.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4086442616882675866.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4114778219298693070.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4138722031138039524.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4141665587338778859.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4158494588435499631.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4164956037280108564.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4177050577892659281.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4195433872318312396.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4206525534306577039.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4321638971791836850.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4332732699848314256.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4350088309837675210.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4359742985128525851.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4415930524130022831.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4503891668950778918.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4651546065900405480.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna46702598929668083.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4681465964950887903.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4683808260554750675.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4700366112026157939.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4704161453525807507.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4752057400916957156.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4872417143763180328.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna4908252498566353949.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5018612217236880245.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5129563011917693837.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5132989419445823436.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5218378823796598670.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5258606259869273493.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5282772466126644578.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5291255873381007837.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5445951440411390844.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5613687921616789745.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5675216208876061467.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5711020119296051653.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5789091355816929693.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna579677683340064744.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna583949704236486430.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna588680505679562730.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5912833266725056902.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5961847161897747900.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna5986817909544486857.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6109254139349604702.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6182673663569511047.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6193439072740379544.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6405325294886766469.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6418739441714651926.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6503350304381681936.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6515046464903413740.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6602986702527930111.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6656743361796723954.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6663202047886024197.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6681221443662565087.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna673057504676919755.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6859783117737570034.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6865097917225845591.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6905742744205773801.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna694165927633325294.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna6993415661969369239.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7001624086316379814.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7099854991276198343.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7132997933251708823.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7146863074220366827.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7249817193035605681.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7254625418482883302.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7309075144086068105.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7324262371921368288.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna732780823993135917.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna734845599617843951.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7353176825364946000.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7381623607543749078.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna739938947594941611.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna75872504532779000.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7625937075530921261.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7636647575676892554.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7681483482017628210.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7940756240019237655.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna7991120682226682719.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8009537712050927638.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8015049660737367848.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8162102661219176233.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8249126341120495652.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8288124221226085312.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8297758381314905223.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8317402964033300991.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8422521374450582898.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8447477825624410028.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8466808448561431420.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8472163619377085944.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8551155377964218568.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8555801417272734933.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8558040530838282066.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8625744524700482172.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8788183278236538624.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8789373643374092904.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8809885297132853502.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8810974518336908146.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna8987182161571689491.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna9052132943740282407.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna9068869583176959530.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna9088990715020780116.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jna9095398252516058630.dll
C:\Users\Johanna Johnson\AppData\Local\Temp\jre-6u20-windows-i586-iftw-rv.exe
C:\Users\Johanna Johnson\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Johanna Johnson\AppData\Local\Temp\NEW3521.tmp.exe
C:\Users\Johanna Johnson\AppData\Local\Temp\setup.exe
C:\Users\Johanna Johnson\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Johanna Johnson\AppData\Local\Temp\tabfixA408.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\aim_toolbar9148.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\aol-messaging_toolbarF684.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\atl80.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\FP_PL_MSI_INSTALLER.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\GoogleChromeInstaller.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\jna1324353691711109048.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna1618159221813542500.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna2416383192849294957.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna259421676756278950.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna2650118492769834117.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna2764171058567118562.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna3740594666197043610.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna4078977938153042479.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna4325824783572659969.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna4687129612829438580.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna4827703050200975732.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna4906220260010254012.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna504695820875974110.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna5784127238111064669.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna6205403342726743846.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna7283472424427491696.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna7933861725597465353.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna805534790083949198.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna8895524689529084184.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jna961241560225845478.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\jre-6u21-windows-i586-iftw-rv.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\libexpat.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\mfc80.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\mfc80u.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\mfcm80.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\mfcm80u.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\mp3el.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\msvcm80.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\msvcp80.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\msvcr80.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\nlsdl.dll
C:\Users\Mitch Johnson\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\tabfix47D0.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\tbpreinst18F2.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\tbpreinst513E.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\tbpreinst9DCB.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\tbpreinstA1FF.exe
C:\Users\Mitch Johnson\AppData\Local\Temp\tmdbg64.dll
C:\Users\Scott Johnson\AppData\Local\Temp\APNSetup.exe
C:\Users\Scott Johnson\AppData\Local\Temp\ApnStub.exe
C:\Users\Scott Johnson\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\Scott Johnson\AppData\Local\Temp\chuaopyv.dll
C:\Users\Scott Johnson\AppData\Local\Temp\CUninst.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Scott Johnson\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Scott Johnson\AppData\Local\Temp\mssinstaller.exe
C:\Users\Scott Johnson\AppData\Local\Temp\unwise.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-28 01:26

==================== End of FRST.txt ============================

 

 

 

 

 

 

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Scott Johnson (2016-06-01 10:57:43)
Running from C:\Users\Scott Johnson\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2010-04-07 00:52:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-333064775-2984497836-3761070090-500 - Administrator - Disabled)
Guest (S-1-5-21-333064775-2984497836-3761070090-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-333064775-2984497836-3761070090-1002 - Limited - Enabled)
Johanna (S-1-5-21-333064775-2984497836-3761070090-1005 - Administrator - Enabled) => C:\Users\Johanna
Johanna Johnson (S-1-5-21-333064775-2984497836-3761070090-1003 - Administrator - Enabled) => C:\Users\Johanna Johnson
Mitch Johnson (S-1-5-21-333064775-2984497836-3761070090-1001 - Administrator - Enabled) => C:\Users\Mitch Johnson
Scott Johnson (S-1-5-21-333064775-2984497836-3761070090-1004 - Administrator - Enabled) => C:\Users\Scott Johnson

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AS: Trend Micro Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2201.41622 - ABBYY Software House)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Antares Auto-Tune Evo RTAS (HKLM-x32\...\{4D68D398-7760-426D-8395-83EE0676FC7E}) (Version: 6.00.0009 - Antares Audio Technologies)
Antares Auto-Tune Evo TDM (HKLM-x32\...\{E43E5F45-E924-4D83-9DB9-8D74BCF7A9DD}) (Version: 6.00.0009 - Antares Audio Technologies)
Apple Application Support (HKLM-x32\...\{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}) (Version: 1.5.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8F473675-D702-45F9-8EBC-342B40C17BF5}) (Version: 3.4.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Backup Manager Basic (x32 Version: 2.0.0.33 - NewTech Infosystems) Hidden
Best Buy pc app (Version: 3.0.1.2 - Best Buy) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Correction Client 1 (HKLM-x32\...\{E22FF1F3-79E5-4688-AA00-4CE0FDFEB8BA}) (Version: 16.1.12 - Nuance Communications, Inc.)
CyberLink PowerDVD 8 (HKLM-x32\...\InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}) (Version: 8.0.3428.50 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup.divx.com) (Version: 2.3.1.2 - DivX, LLC)
Download Updater (AOL LLC) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - ) <==== ATTENTION
Encoder Pro v5.7.0 (HKLM-x32\...\{DF1098C3-84F7-11D5-9091-0006290FF49C}) (Version: 570 - Ingenix)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EXText Client Applications (HKLM-x32\...\{E59F3FF8-C920-4FFA-A97B-5B3E1B5DE763}) (Version: 7.001.141.11 - )
EXTextClient (HKLM-x32\...\{2CD75CF5-8180-4617-920B-E08B826F8AA8}) (Version: 83.161.3 - Nuance Communications, Inc.)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Gateway InfoCentre (HKLM-x32\...\Gateway InfoCentre) (Version: 3.02.3000 - Gateway Incorporated)
Gateway MyBackup (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.33 - NewTech Infosystems)
Gateway Power Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3006 - Gateway Incorporated)
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3006 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.02.3006 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.7.0730 - Gateway Incorporated)
Gateway Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Gateway Incorporated)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.4.58 - Conexant Systems)
Hotbar (HKLM-x32\...\HBLiteSA) (Version: 11.0.349.0 - Pinball Corporation.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Gateway Incorporated)
Inbox Toolbar (HKLM-x32\...\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1) (Version: 1.0.0 - Inbox.com, Inc.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Interlok driver setup x64 (HKLM\...\{25613C10-27D2-410B-942B-D922D5C3A7BE}) (Version: 5.8.13 - PACE Anti-Piracy)
iTunes (HKLM\...\{9545E9DB-6F4C-4404-BF25-E221BE8B44C5}) (Version: 10.2.1.1 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 0.0.05 - Gateway)
Lexmark X5400 Series (HKLM\...\Lexmark X5400 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word 2003 (HKLM-x32\...\{901B0409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{56F26668-13DA-497A-883F-61434A10CBAB}) (Version: 3.1.5.0 - Apple Inc.)
Mozilla Firefox 46.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 46.0.1 (x64 en-US)) (Version: 46.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5963 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30104 - Realtek Semiconductor Corp.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.2 - Roxio)
Safari (HKLM-x32\...\{C73F2967-062E-48F2-A462-D335B8950183}) (Version: 5.33.20.27 - Apple Inc.)
Search App by Ask (HKLM-x32\...\{4F524A2D-5350-4500-76A7-A758B70C2802}) (Version: 12.40.2.466 - APN, LLC) <==== ATTENTION
SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.20 - Crawler, LLC) <==== ATTENTION
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version:  - NCH Software)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.12.0 - Synaptics Incorporated)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TomTom HOME 2.8.0.2146 (HKLM-x32\...\TomTom HOME) (Version: 2.8.0.2146 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TWC Customer Controls (HKLM-x32\...\{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}) (Version: 11 - SupportSoft)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0 - DivX, Inc) Hidden
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.00.3009 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
Zune (HKLM\...\Zune) (Version: 04.07.1404.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08C8A022-0F1C-46E8-A620-6FE809C71855} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23503439-7466-4D1B-863F-79C09107D544} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-333064775-2984497836-3761070090-1001Core => C:\Users\Mitch Johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {4B5585CB-3502-451A-BEDE-95BDB5074DBC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-333064775-2984497836-3761070090-1001UA => C:\Users\Mitch Johnson\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-13] (Google Inc.)
Task: {9B7622CD-E94F-4E68-BA97-6E058FAFD9CD} - System32\Tasks\{4B47D46B-B6C1-4E8F-BE7F-F1ED9D5B6BDF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {9E1546D9-5DC3-463D-A0A0-2EF8867E3FA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B54C383B-7C92-4C7F-B375-F56FFB6F835B} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
Task: {EF8D4568-24AC-4AC1-B264-D6AA82CF1976} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-18] (Adobe Systems Incorporated)
Task: {F1EEE629-FC1A-4265-94EF-36B7E2CDD40A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333064775-2984497836-3761070090-1001Core.job => C:\Users\Mitch Johnson\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333064775-2984497836-3761070090-1001UA.job => C:\Users\Mitch Johnson\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-04-13 18:50 - 2007-09-24 17:03 - 00045568 _____ () C:\Windows\System32\LXDVPMON.DLL
2010-04-13 18:50 - 2007-08-13 23:17 - 00069632 _____ () C:\Windows\System32\LXDVOEM.DLL
2010-04-13 18:49 - 2007-09-24 16:53 - 00081408 _____ () C:\Program Files (x86)\Lexmark X5400 Series\ipcmt64.dll
2010-04-13 18:53 - 2007-05-02 19:43 - 00138240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdvdrpp.dll
2015-11-17 18:33 - 2015-07-16 14:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2015-11-17 18:33 - 2015-07-16 14:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-11-17 18:33 - 2015-07-16 14:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2015-11-17 18:33 - 2015-07-16 14:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2010-04-13 18:47 - 2007-11-01 23:38 - 00455336 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
2010-04-13 18:48 - 2007-11-01 23:38 - 00025256 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
2012-01-10 22:12 - 2012-01-10 22:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-08-03 12:05 - 2009-08-03 12:05 - 00498160 _____ () C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
2011-01-10 19:25 - 2011-01-10 19:25 - 01230704 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2016-05-18 09:53 - 2016-05-18 09:53 - 26774720 _____ () C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll
2010-04-13 18:47 - 2007-09-06 12:38 - 00278528 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvscw.dll
2010-04-13 18:47 - 2007-07-20 03:30 - 00188416 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvdatr.dll
2010-04-13 18:47 - 2006-12-28 06:47 - 00073728 _____ () C:\Program Files (x86)\Lexmark X5400 Series\lxdvcats.dll
2010-04-13 18:48 - 2007-10-08 00:59 - 00028672 _____ () C:\Program Files (x86)\Lexmark X5400 Series\App4R.Monitor.Common.dll
2010-04-13 18:48 - 2007-10-08 00:59 - 00036864 _____ () C:\Program Files (x86)\Lexmark X5400 Series\App4R.Monitor.Core.dll
2010-04-13 18:47 - 2007-10-08 00:58 - 00057344 _____ () C:\Program Files (x86)\Lexmark X5400 Series\app4r.devmons.mcmdevmon.dll
2010-04-13 18:47 - 2007-08-09 22:12 - 00011776 _____ () C:\Program Files (x86)\Lexmark X5400 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
2009-02-02 21:33 - 2009-02-02 21:33 - 00460199 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll
2011-01-10 19:25 - 2011-01-10 19:25 - 00096112 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2008-09-28 21:55 - 2008-09-28 21:55 - 01076224 _____ () C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:F60B9166 [131]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-333064775-2984497836-3761070090-1004\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Scott Johnson\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 208.104.2.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: AnyConnect SMC => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe -minimized
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7F70553F-4765-44CD-964E-1C235FBFF3AF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{87C78933-E04C-4D07-8B2F-860A2F4790FA}] => (Allow) svchost.exe
FirewallRules: [{0CAFABE6-97AD-42D9-8C91-9A357B805F95}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{0754EFA3-F06B-4A8B-9B3E-14AB7F6E6EB1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD8\PowerDVD8.EXE
FirewallRules: [TCP Query User{27698715-08B8-4014-B6E5-E57E49C54910}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [UDP Query User{61760423-4261-44F7-92BA-D79ECBC7F775}C:\program files (x86)\limewire\limewire.exe] => (Allow) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [{30ECBF49-1AF6-4A01-B02F-6E6E7868A4D7}] => (Allow) C:\Windows\SysWOW64\lxdvcoms.exe
FirewallRules: [{8A6C19A1-567F-46B4-8AD9-B17B29A9D508}] => (Allow) C:\Windows\SysWOW64\lxdvcoms.exe
FirewallRules: [{1D1B82E5-DBEA-4A62-8FA1-605B9C63CE68}] => (Allow) C:\Windows\System32\lxdvcoms.exe
FirewallRules: [{588AB308-3ADA-4A90-98B9-5C1BB1268DE2}] => (Allow) C:\Windows\System32\lxdvcoms.exe
FirewallRules: [{300AEF6A-59B9-45BD-B4A2-FD46962AF284}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
FirewallRules: [{63F45C76-1B67-495D-836C-E0DEF29D267A}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
FirewallRules: [{8045D38D-4D74-4052-8376-6422285BB527}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\frun.exe
FirewallRules: [{8D872D17-F3A7-4BC1-844E-532A4597205D}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\frun.exe
FirewallRules: [{EC1026F4-87A4-41CD-A2DC-DAD31884345C}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{5E69E806-1649-47B7-B40F-BE58D1635CD9}] => (Allow) C:\Program Files (x86)\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe
FirewallRules: [{641A5BD5-61C5-41C3-BDF2-46EFB8717778}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\LXDVFax.exe
FirewallRules: [{C819B1CA-826E-49E5-AF65-0F4DF8DC9B2C}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\LXDVFax.exe
FirewallRules: [{04C69516-7963-4B92-A0C5-C408CD989D4C}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
FirewallRules: [{AF18B420-6A19-45F1-B0AF-F942AE2AA875}] => (Allow) C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
FirewallRules: [TCP Query User{DE253C00-FE77-45DC-87F3-54529AF5915B}C:\program files (x86)\lexmark x5400 series\lxdvmon.exe] => (Block) C:\program files (x86)\lexmark x5400 series\lxdvmon.exe
FirewallRules: [UDP Query User{829F4101-402E-4373-9115-959FD4A5B9D0}C:\program files (x86)\lexmark x5400 series\lxdvmon.exe] => (Block) C:\program files (x86)\lexmark x5400 series\lxdvmon.exe
FirewallRules: [TCP Query User{96C8F4B2-9B3F-4469-8C76-273BF6C1F181}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [UDP Query User{9E4271C5-EDEA-4BFE-B16C-42E2BC7D677E}C:\program files (x86)\limewire\limewire.exe] => (Block) C:\program files (x86)\limewire\limewire.exe
FirewallRules: [{3EDA0D2F-85D0-4F37-B114-D93487240F01}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{7DF1BAD6-50C5-4F8E-85B7-D4E2717A2890}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{F500731C-3E28-40EA-8F8C-32849D7D68C9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{316974A7-2783-4CB2-A6AA-FE3912A435DA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1EA26672-67D7-4E45-AC53-A6F939AFAE02}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{09B63F05-C5D3-4BAD-AA34-1300D3A1F19E}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{677026E0-6D2E-4E9F-9BC1-DD4144D560FA}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1F22086A-F0DA-4755-A727-59A6A5C53D7E}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E1968B31-93ED-47A1-B30A-3CC0344856E3}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{784E6097-245D-439D-9C7A-EBB455400938}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{F6C7C5DA-07CD-4B13-AC22-65D8C6982CDE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{64FE59F6-9573-4329-BD90-8A11BEB99160}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{24CD41B2-1F9D-409C-8B3D-7CC3EEB935BF}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{E4E94037-D566-4C21-B651-8B82703B0A2D}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{6AEBD3F4-A707-4F7B-A391-D387C540A9EC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{5F541B93-5656-43CC-BDA4-79B5FA1E0923}] => (Allow) LPort=2869
FirewallRules: [{10CAD33F-EED4-459E-A37E-DC029D2D143F}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{FAB3E9CE-9804-4415-AA98-80F0DB637683}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{E3092C1A-283C-482D-880C-C893843B3786}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [{23A0922E-9B0A-45F0-B074-12E9CE3EB602}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{38F7C2EF-1B02-4F4A-A08C-D69C5BA918AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A8FAB777-7CC4-4F90-931C-706977878B62}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{6C5C8C87-80AE-455D-9470-8F8C4F9A68D0}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{22CA02C1-62EA-421B-B45D-3AFE232E30EF}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{F2842BAA-424E-4AEA-87E2-57D356545ECB}C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe
FirewallRules: [UDP Query User{BDFFCE89-28C3-4A30-9767-A27167EAE5C7}C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe
FirewallRules: [TCP Query User{38685732-29C5-4745-BBD3-47A1D5EEC6FB}C:\program files (x86)\lexmark x5400 series\frun.exe] => (Allow) C:\program files (x86)\lexmark x5400 series\frun.exe
FirewallRules: [UDP Query User{72449967-25F7-407E-9164-FF646C9E1349}C:\program files (x86)\lexmark x5400 series\frun.exe] => (Allow) C:\program files (x86)\lexmark x5400 series\frun.exe
FirewallRules: [TCP Query User{20923CEC-3DB7-416A-8424-66F4FA878207}C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe
FirewallRules: [UDP Query User{9EEBF0B7-6455-43A5-BE82-CCA46E14EAB0}C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdvpswx.exe
FirewallRules: [{CF87CBDC-EB8E-48A3-8A87-0526411A1CC5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{77A96C6B-BDCF-417D-996A-CE05C8AF373D}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D91911F1-811D-4724-A75F-A7C3C3ED2CAD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0B9FD122-1F97-4C90-88FF-4B97E80D90F7}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{252A4BA0-5CED-4E61-BE72-3CDDDA62991A}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B1144BA1-8630-42B5-B933-78EF9EE031DB}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [TCP Query User{9B8047D9-FD53-4613-B453-9EF97189BE64}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{91585D47-5C42-46BB-B61E-471D320F3472}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{DCDAB374-4430-4F80-A4B7-8FEE011A9134}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8F7F8958-41FD-4AB0-B298-D17991EE98C4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C8C0C8E6-81CB-41FA-BEA6-F72A380561F9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

10-05-2016 08:54:46 Windows Update
11-05-2016 08:30:57 Windows Update
12-05-2016 09:57:05 Removed TWC Customer Controls

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2016 10:45:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/24/2016 05:49:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 156001

Error: (05/24/2016 05:49:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 156001

Error: (05/24/2016 05:49:32 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2016 05:49:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 140401

Error: (05/24/2016 05:49:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 140401

Error: (05/24/2016 05:49:16 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/24/2016 05:49:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 124801

Error: (05/24/2016 05:49:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 124801

Error: (05/24/2016 05:49:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (06/01/2016 10:42:10 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/01/2016 10:32:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:32:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:32:24 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:30:22 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:30:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:30:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/01/2016 10:30:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
  Date: 2010-12-05 14:27:39.384
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-12-05 14:27:39.371
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-12-05 14:27:01.515
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2010-12-05 14:27:01.503
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 72%
Total physical RAM: 3766.77 MB
Available physical RAM: 1046.93 MB
Total Virtual: 7531.75 MB
Available Virtual: 5025.4 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:453.66 GB) (Free:341.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1007224C)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=453.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 01 June 2016 - 11:00 AM

These reports are fine. I suggested Safe Mode because I thought you might have trouble completing it in Normal Boot.

You have a lot of junk on your computer so we are going to be aggressive in removing it.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have evidence of P2P downloads. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Best Buy pc app
Bing Rewards Client Installer
Download Updater
Hotbar
Search App by Ask
SiteRanker

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2016-01-28] (Crawler, LLC)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-10-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-10-23]
Startup: C:\Users\Johanna Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-08-12]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (No File)
Startup: C:\Users\Mitch Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk [2011-02-19]
ShortcutTarget: Advanced Registry Optimizer.lnk -> C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (No File)
SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100716184432400&tb_oid=16-07-2010&tb_mrud=16-07-2010
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60500
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {2A4A6757-0702-4981-94D8-646CA0634404} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=298E7004-67FB-4304-96E3-05AF22F3DCB7&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17631&doi=2015-03-07&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" => No File
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll [2016-01-28] (Crawler, LLC)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" => No File
BHO-x32: Inbox Toolbar -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\PROGRA~2\INBOXT~1\Inbox.dll => No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
FF HKLM-x32\...\Firefox\Extensions: [HBLite@HBLite.com] - C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions => not found
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox [2016-05-16] [not signed]
S3 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
C:\Program Files (x86)\Common Files\supportsoft
U2 TMAgent; no ImagePath
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
2016-05-10 16:49 - 2016-05-10 16:49 - 06748160 _____ C:\Program Files (x86)\GUTA9E6.tmp
2016-05-10 16:49 - 2016-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\GUMA977.tmp
2016-05-02 10:14 - 2016-05-02 10:14 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\{4451156A-9DAA-474C-AFA6-7F2D8C98AF71}
2016-06-01 10:36 - 2011-02-03 17:23 - 00000000 ____D C:\Program Files (x86)\SiteRanker
2016-05-17 20:01 - 2011-02-06 17:11 - 00000000 ____D C:\Users\Scott Johnson\AppData\LocalLow\SiteRanker
2016-05-17 01:17 - 2015-04-13 20:56 - 00000000 ____D C:\Users\Johanna\AppData\Local\AskPartnerNetwork
2016-05-17 01:17 - 2015-03-07 09:28 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\AskPartnerNetwork
2016-05-17 01:17 - 2011-02-19 21:15 - 00000000 ____D C:\Users\Mitch Johnson\AppData\Roaming\OpenCandy
2016-05-17 01:17 - 2011-02-03 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
2016-05-17 01:17 - 2011-02-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
2016-05-17 01:17 - 2011-02-03 17:22 - 00000000 ____D C:\Program Files (x86)\Inbox Toolbar
2016-05-17 01:17 - 2011-02-03 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
2016-05-16 10:06 - 2015-03-07 09:27 - 00000000 ____D C:\ProgramData\APN
2012-12-11 20:09 - 2012-12-11 20:09 - 1136305 _____ () C:\ProgramData\SPL4F53.tmp
2014-07-28 19:19 - 2014-07-28 19:19 - 1831163 _____ () C:\ProgramData\SPL975C.tmp
2013-12-13 11:56 - 2013-12-13 11:56 - 0068552 _____ () C:\ProgramData\SPLB915.tmp
C:\Users\Johanna\CTX.DAT
C:\Users\Johanna\g2ax_customer_downloadhelper_win32_x86.exe
Task: {B54C383B-7C92-4C7F-B375-F56FFB6F835B} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Veoh Networks
AlternateDataStreams: C:\ProgramData\Temp:F60B9166 [131]
cmd: reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist
cmd: reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen
cmd: reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush
FirewallRules: [{A8FAB777-7CC4-4F90-931C-706977878B62}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{6C5C8C87-80AE-455D-9470-8F8C4F9A68D0}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [TCP Query User{FAB3E9CE-9804-4415-AA98-80F0DB637683}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{E3092C1A-283C-482D-880C-C893843B3786}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [{3EDA0D2F-85D0-4F37-B114-D93487240F01}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{7DF1BAD6-50C5-4F8E-85B7-D4E2717A2890}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Cleaning
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did all programs uninstall?
  • Fixlog
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 scojoh

scojoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 03 June 2016 - 10:38 AM

Gary,

Responses to your requests:

 

  • Did all programs uninstall?   SiteRanker did not uninstall.  Received message stating:  "c:\Program Files(x86) \SiteRanker\unins000.dat" does not exist.  Cannot uninstall.

           I did not see these in list of programs:  Best Buy pc app,  Bing Rewards Client Installer

          

  • Fixlog

           Fix result of Farbar Recovery Scan Tool (x64) Version:01-06-2016
Ran by Scott Johnson (2016-06-03 08:49:34) Run:1
Running from C:\Users\Scott Johnson\Downloads
Loaded Profiles: Scott Johnson (Available Profiles: Mitch Johnson & Johanna Johnson & Scott Johnson & Johanna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SiteRanker] => C:\Program Files (x86)\SiteRanker\SiteRankTray.exe [1084888 2016-01-28] (Crawler, LLC)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-10-23]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2010-10-23]
Startup: C:\Users\Johanna Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-08-12]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (No File)
Startup: C:\Users\Mitch Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk [2011-02-19]
ShortcutTarget: Advanced Registry Optimizer.lnk -> C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (No File)
SearchScopes: HKLM-x32 -> {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100716184432400&tb_oid=16-07-2010&tb_mrud=16-07-2010
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60500
SearchScopes: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> {2A4A6757-0702-4981-94D8-646CA0634404} URL = hxxp://www.search.ask.com/web?tpid=ORJ-SPE&o=APN11405&pf=V7&p2=^BBD^OSJ000^YY^US&gct=&itbv=12.24.1.51&apn_uid=298E7004-67FB-4304-96E3-05AF22F3DCB7&apn_ptnrs=BBD&apn_dtid=^OSJ000^YY^US&apn_dbr=ie_11.0.9600.17631&doi=2015-03-07&trgb=IE&q={searchTerms}&psv=&pt=tb
BHO: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" => No File
BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll [2016-01-28] (Crawler, LLC)
BHO-x32: Search App by Ask -> {4F524A2D-5350-4500-76A7-7A786E7484D7} -> "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" => No File
BHO-x32: Inbox Toolbar -> {D3D233D5-9F6D-436C-B6C7-E63F77503B30} -> C:\PROGRA~2\INBOXT~1\Inbox.dll => No File
Toolbar: HKLM - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll" No File
Toolbar: HKLM-x32 - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
Toolbar: HKLM-x32 - Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} -  No File
Toolbar: HKU\S-1-5-21-333064775-2984497836-3761070090-1004 -> No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} -  No File
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll No File
FF HKLM-x32\...\Firefox\Extensions: [HBLite@HBLite.com] - C:\Program Files (x86)\HBLite\bin\11.0.349.0\firefox\extensions => not found
FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefox
FF Extension: SiteRanker - C:\Program Files (x86)\SiteRanker\firefox [2016-05-16] [not signed]
S3 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
C:\Program Files (x86)\Common Files\supportsoft
U2 TMAgent; no ImagePath
S3 vpnva; system32\DRIVERS\vpnva64.sys [X]
2016-05-10 16:49 - 2016-05-10 16:49 - 06748160 _____ C:\Program Files (x86)\GUTA9E6.tmp
2016-05-10 16:49 - 2016-05-10 16:49 - 00000000 ____D C:\Program Files (x86)\GUMA977.tmp
2016-05-02 10:14 - 2016-05-02 10:14 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\{4451156A-9DAA-474C-AFA6-7F2D8C98AF71}
2016-06-01 10:36 - 2011-02-03 17:23 - 00000000 ____D C:\Program Files (x86)\SiteRanker
2016-05-17 20:01 - 2011-02-06 17:11 - 00000000 ____D C:\Users\Scott Johnson\AppData\LocalLow\SiteRanker
2016-05-17 01:17 - 2015-04-13 20:56 - 00000000 ____D C:\Users\Johanna\AppData\Local\AskPartnerNetwork
2016-05-17 01:17 - 2015-03-07 09:28 - 00000000 ____D C:\Users\Scott Johnson\AppData\Local\AskPartnerNetwork
2016-05-17 01:17 - 2011-02-19 21:15 - 00000000 ____D C:\Users\Mitch Johnson\AppData\Roaming\OpenCandy
2016-05-17 01:17 - 2011-02-03 17:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker
2016-05-17 01:17 - 2011-02-03 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar
2016-05-17 01:17 - 2011-02-03 17:22 - 00000000 ____D C:\Program Files (x86)\Inbox Toolbar
2016-05-17 01:17 - 2011-02-03 17:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar
2016-05-16 10:06 - 2015-03-07 09:27 - 00000000 ____D C:\ProgramData\APN
2012-12-11 20:09 - 2012-12-11 20:09 - 1136305 _____ () C:\ProgramData\SPL4F53.tmp
2014-07-28 19:19 - 2014-07-28 19:19 - 1831163 _____ () C:\ProgramData\SPL975C.tmp
2013-12-13 11:56 - 2013-12-13 11:56 - 0068552 _____ () C:\ProgramData\SPLB915.tmp
C:\Users\Johanna\CTX.DAT
C:\Users\Johanna\g2ax_customer_downloadhelper_win32_x86.exe
Task: {B54C383B-7C92-4C7F-B375-F56FFB6F835B} - System32\Tasks\RunAsStdUser Task for VeohWebPlayer => C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files (x86)\Veoh Networks
AlternateDataStreams: C:\ProgramData\Temp:F60B9166 [131]
cmd: reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist
cmd: reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen
cmd: reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush
FirewallRules: [{A8FAB777-7CC4-4F90-931C-706977878B62}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [{6C5C8C87-80AE-455D-9470-8F8C4F9A68D0}] => (Allow) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
FirewallRules: [TCP Query User{FAB3E9CE-9804-4415-AA98-80F0DB637683}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [UDP Query User{E3092C1A-283C-482D-880C-C893843B3786}C:\program files (x86)\aim\aim.exe] => (Block) C:\program files (x86)\aim\aim.exe
FirewallRules: [{3EDA0D2F-85D0-4F37-B114-D93487240F01}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
FirewallRules: [{7DF1BAD6-50C5-4F8E-85B7-D4E2717A2890}] => (Allow) C:\Program Files (x86)\AIM\aim.exe
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SiteRanker => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon => value not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => moved successfully
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => moved successfully
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
C:\Users\Johanna Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk => moved successfully
C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe => not found.
C:\Users\Mitch Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Advanced Registry Optimizer.lnk => moved successfully
C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe => not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0B4A10D1-FBD6-451d-BFDA-F03252B05984} => key not found.
"HKU\S-1-5-21-333064775-2984497836-3761070090-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}" => key removed successfully
HKCR\CLSID\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} => key not found.
"HKU\S-1-5-21-333064775-2984497836-3761070090-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2A4A6757-0702-4981-94D8-646CA0634404}" => key removed successfully
HKCR\CLSID\{2A4A6757-0702-4981-94D8-646CA0634404} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value not found.
HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value removed successfully
"HKCR\Wow6432Node\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value not found.
HKCR\Wow6432Node\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7} => key not found.
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value removed successfully
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => key not found.
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => value removed successfully
HKCR\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} => key not found.
HKU\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => value removed successfully
HKCR\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} => key not found.
"HKCR\PROTOCOLS\Handler\inbox" => key removed successfully
HKCR\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27} => key not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\HBLite@HBLite.com => value removed successfully
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\siteranker@siteranker.com => value removed successfully
C:\Program Files (x86)\SiteRanker\firefox => moved successfully
APNMCP => service not found.
SupportSoft RemoteAssist => service removed successfully
C:\Program Files (x86)\Common Files\supportsoft => moved successfully
TMAgent => service removed successfully
vpnva => service removed successfully
C:\Program Files (x86)\GUTA9E6.tmp => moved successfully
C:\Program Files (x86)\GUMA977.tmp => moved successfully
C:\Users\Scott Johnson\AppData\Local\{4451156A-9DAA-474C-AFA6-7F2D8C98AF71} => moved successfully
C:\Program Files (x86)\SiteRanker => moved successfully
C:\Users\Scott Johnson\AppData\LocalLow\SiteRanker => moved successfully
"C:\Users\Johanna\AppData\Local\AskPartnerNetwork" => not found.
"C:\Users\Scott Johnson\AppData\Local\AskPartnerNetwork" => not found.
C:\Users\Mitch Johnson\AppData\Roaming\OpenCandy => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiteRanker => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar => moved successfully
C:\Program Files (x86)\Inbox Toolbar => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotbar => moved successfully
C:\ProgramData\APN => moved successfully
C:\ProgramData\SPL4F53.tmp => moved successfully
C:\ProgramData\SPL975C.tmp => moved successfully
C:\ProgramData\SPLB915.tmp => moved successfully
C:\Users\Johanna\CTX.DAT => moved successfully
C:\Users\Johanna\g2ax_customer_downloadhelper_win32_x86.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B54C383B-7C92-4C7F-B375-F56FFB6F835B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B54C383B-7C92-4C7F-B375-F56FFB6F835B}" => key removed successfully
C:\Windows\System32\Tasks\RunAsStdUser Task for VeohWebPlayer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task for VeohWebPlayer" => key removed successfully
C:\Program Files (x86)\Veoh Networks => moved successfully
C:\ProgramData\Temp => ":F60B9166" ADS removed successfully.

=========  reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.

========= End of CMD: =========


=========  reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.

========= End of CMD: =========


=========  reg del HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush =========

ERROR: Invalid Argument/Option - 'del'.
Type "REG /?" for usage.

========= End of CMD: =========

HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A8FAB777-7CC4-4F90-931C-706977878B62} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C5C8C87-80AE-455D-9470-8F8C4F9A68D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FAB3E9CE-9804-4415-AA98-80F0DB637683}C:\program files (x86)\aim\aim.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3092C1A-283C-482D-880C-C893843B3786}C:\program files (x86)\aim\aim.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3EDA0D2F-85D0-4F37-B114-D93487240F01} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7DF1BAD6-50C5-4F8E-85B7-D4E2717A2890} => value removed successfully
EmptyTemp: => 20.2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:21:22 ====

 

 

 

  • AdwCleaner log

 

          # AdwCleaner v5.119 - Logfile created 03/06/2016 at 09:43:54
# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Scott Johnson - JOHNSONFAMILYPC
# Running from : C:\Users\Scott Johnson\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Ask
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\Best Buy pc app
[#] Folder Deleted : C:\ProgramData\Application Data\Ask
[#] Folder Deleted : C:\ProgramData\Application Data\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\Best Buy pc app
[-] Folder Deleted : C:\Users\Mitch Johnson\AppData\Local\AskToolbar
[-] Folder Deleted : C:\Users\Mitch Johnson\AppData\Local\OpenCandy
[-] Folder Deleted : C:\Users\Mitch Johnson\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Mitch Johnson\AppData\LocalLow\Inbox Toolbar
[-] Folder Deleted : C:\Users\Mitch Johnson\AppData\LocalLow\SiteRanker
[-] Folder Deleted : C:\Users\Johanna Johnson\AppData\Local\AskToolbar
[-] Folder Deleted : C:\Users\Johanna Johnson\AppData\LocalLow\Inbox Toolbar
[-] Folder Deleted : C:\Users\Johanna Johnson\AppData\LocalLow\SiteRanker
[-] Folder Deleted : C:\Users\Scott Johnson\AppData\LocalLow\Inbox Toolbar
[-] Folder Deleted : C:\Users\Johanna\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Johanna\AppData\Local\Best Buy pc app
[-] Folder Deleted : C:\Users\Johanna\AppData\LocalLow\Inbox Toolbar
[-] Folder Deleted : C:\Users\Johanna\AppData\LocalLow\SiteRanker
[-] Folder Deleted : C:\Users\Johanna\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\Johanna Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\67v4g5ot.default\SiteRanker
[-] Folder Deleted : C:\Users\Scott Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\x5s0mtkh.default-1462888728397\SiteRanker
[-] Folder Deleted : C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\92gzfxzv.default\SiteRanker

***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\HBLiteAx.Info
[-] Key Deleted : HKLM\SOFTWARE\Classes\HBLiteAx.Info.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\HBLiteAX.UserProfiles
[-] Key Deleted : HKLM\SOFTWARE\Classes\HBLiteAX.UserProfiles.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Inbox.WS.com IE Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6F098504-CDB1-420F-A2E6-DDC0B835FEDF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4D1EC4CA-4B92-4324-B8F8-C9A6ED06A8AE}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4E674574-3F0B-491D-8AE3-F90B43A34FD6}
[-] Key Deleted : HKCU\Software\hblitesa
[-] Key Deleted : HKCU\Software\SiteRanker
[-] Key Deleted : HKLM\SOFTWARE\HBLite
[-] Key Deleted : HKLM\SOFTWARE\Inbox Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Buy pc app
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-333064775-2984497836-3761070090-1004\Software\AskToolbar

***** [ Web browsers ] *****

[-] [C:\Users\Mitch Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vovswca1.default\prefs.js] Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[-] [C:\Users\Mitch Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vovswca1.default\prefs.js] Deleted : user_pref("browser.search.defaultenginename", "Ask.com");
[-] [C:\Users\Mitch Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vovswca1.default\prefs.js] Deleted : user_pref("browser.search.order.1", "Ask.com");
[-] [C:\Users\Mitch Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vovswca1.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[-] [C:\Users\Mitch Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vovswca1.default\prefs.js] Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[-] [C:\Users\Mitch Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vovswca1.default\prefs.js] Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=99EE979D-537C-437B-98C9-6855F7CC1501&apn_ptnrs=TV&apn_sauid=C9230775-DD53-4931-894D[...]
[-] [C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\92gzfxzv.default\prefs.js] Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[-] [C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\92gzfxzv.default\prefs.js] Deleted : user_pref("browser.search.order.1", "Ask.com");
[-] [C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\92gzfxzv.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "Ask.com");
[-] [C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\92gzfxzv.default\prefs.js] Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
[-] [C:\Users\Johanna\AppData\Roaming\Mozilla\Firefox\Profiles\92gzfxzv.default\prefs.js] Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000031&locale=en_US&apn_uid=99EE979D-537C-437B-98C9-6855F7CC1501&apn_ptnrs=TV&apn_sauid=C9230775-DD53-4931-894D[...]
[-] [C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : websearch.ask.com
[-] [C:\Users\Johanna\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : crawler.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [8852 bytes] - [03/06/2016 09:43:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [8646 bytes] - [03/06/2016 09:37:05]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8998 bytes] ##########
 

  • Update on computer performance

           Computer seemed to work OK for first 20 mins. I used in normal boot mode.  But then responses started slowing, and then    

           became vitually unresponsive.   Not sure if it may be something in FireFox ? 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 03 June 2016 - 10:58 AM

Thanks for the information. Is your computer only slow when using Firefox?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Test your computer performance and if symptoms remain complete the next step
===================================================

Running Firefox in Browser Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Copy and paste the following into the run box and press Enter

firefox --safe-mode

  • Select Start in Safe Mode
  • Please report how Firefox is running
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Symptoms just with Firefox?
  • Fixlog
  • Firefox in Safe Mode, if necessary

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 06 June 2016 - 02:57 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 scojoh

scojoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 06 June 2016 - 03:17 PM

  • Symptoms just with Firefox?  IE also.

 

  • Fixlog   (seems to be error in first registry entry delete)

Fix result of Farbar Recovery Scan Tool (x64) Version:05-06-2016 02
Ran by Scott Johnson (2016-06-06 13:59:30) Run:2
Running from C:\Users\Scott Johnson\Downloads
Loaded Profiles: Scott Johnson (Available Profiles: Mitch Johnson & Johanna Johnson & Scott Johnson & Johanna)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen
Reg: reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush
emptytemp:
*****************


========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SupportSoft RemoteAssist =========

ERROR: Invalid syntax.
Type "REG DELETE /?" for usage.


========= End of Reg: =========


========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListen (Yes/No)? The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SprtListenPush (Yes/No)? The operation completed successfully.



========= End of Reg: =========

EmptyTemp: => 917.5 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:07:48 ====

 

 

  • Firefox in Safe Mode, if necessary  -  As before Firefox ran ok for around 15 mins. then slowed to unresponsive.  Also started in safe mode and same result.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:07 PM

Posted 06 June 2016 - 05:37 PM

Thank you,

Internet Explorer does the exact same thing, meaning slows after 15 minutes? Does your computer itself slow down if you try non-web browser activity?

Please run these.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • If you receive a warning you are running a 32 bit version, ignore the warning and click Yes to continue anywar
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • TDSSKiller log
  • aswMBR log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 scojoh

scojoh
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:07 PM

Posted 07 June 2016 - 04:05 PM

Internet Explorer does the exact same thing, meaning slows after 15 minutes?   Yes

Does your computer itself slow down if you try non-web browser activity?      Yes

 

 

 

  • RogueKiller log

RogueKiller V12.3.2.0 [Jun  6 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Scott Johnson [Administrator]
Started from : C:\Users\Scott Johnson\Desktop\RogueKiller.exe
Mode : Scan -- Date : 06/07/2016 14:37:43

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-333064775-2984497836-3761070090-1004\Software\Microsoft\Internet Explorer\Main | Default_Page_URL :

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000BEVT-22A0RT0 +++++
--- User ---
[MBR] 8f63ec385acc10e0fd0007f463018d3d
[BSP] 3ab7d7b472f9bc5e5f0546538ea3cedc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 12291 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 25173855 | Size: 101 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 25382700 | Size: 464545 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

 

 

 

  • TDSSKiller log

15:42:48.0286 0x1048  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
15:42:53.0606 0x1048  ============================================================
15:42:53.0606 0x1048  Current date / time: 2016/06/07 15:42:53.0606
15:42:53.0606 0x1048  SystemInfo:
15:42:53.0606 0x1048  
15:42:53.0606 0x1048  OS Version: 6.1.7601 ServicePack: 1.0
15:42:53.0606 0x1048  Product type: Workstation
15:42:53.0606 0x1048  ComputerName: JOHNSONFAMILYPC
15:42:53.0606 0x1048  UserName: Scott Johnson
15:42:53.0606 0x1048  Windows directory: C:\Windows
15:42:53.0606 0x1048  System windows directory: C:\Windows
15:42:53.0606 0x1048  Running under WOW64
15:42:53.0606 0x1048  Processor architecture: Intel x64
15:42:53.0606 0x1048  Number of processors: 4
15:42:53.0606 0x1048  Page size: 0x1000
15:42:53.0606 0x1048  Boot type: Normal boot
15:42:53.0606 0x1048  ============================================================
15:43:01.0110 0x1048  KLMD registered as C:\Windows\system32\drivers\81464254.sys
15:43:02.0451 0x1048  System UUID: {76F48607-BB72-B79D-FE3B-4127B5F5B417}
15:43:03.0106 0x1048  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:03.0122 0x1048  ============================================================
15:43:03.0122 0x1048  \Device\Harddisk0\DR0:
15:43:03.0122 0x1048  MBR partitions:
15:43:03.0122 0x1048  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1801F5F, BlocksNum 0x32FCD
15:43:03.0122 0x1048  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1834F2C, BlocksNum 0x38B50904
15:43:03.0122 0x1048  ============================================================
15:43:03.0153 0x1048  C: <-> \Device\Harddisk0\DR0\Partition2
15:43:03.0153 0x1048  ============================================================
15:43:03.0153 0x1048  Initialize success
15:43:03.0153 0x1048  ============================================================
15:43:10.0688 0x0c0c  ============================================================
15:43:10.0688 0x0c0c  Scan started
15:43:10.0688 0x0c0c  Mode: Manual;
15:43:10.0688 0x0c0c  ============================================================
15:43:10.0688 0x0c0c  KSN ping started
15:43:13.0075 0x0c0c  KSN ping finished: true
15:43:16.0335 0x0c0c  ================ Scan system memory ========================
15:43:16.0335 0x0c0c  System memory - ok
15:43:16.0351 0x0c0c  ================ Scan services =============================
15:43:16.0725 0x0c0c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
15:43:16.0741 0x0c0c  1394ohci - ok
15:43:16.0834 0x0c0c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
15:43:16.0850 0x0c0c  ACPI - ok
15:43:16.0912 0x0c0c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
15:43:16.0912 0x0c0c  AcpiPmi - ok
15:43:17.0240 0x0c0c  [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:43:17.0256 0x0c0c  AdobeFlashPlayerUpdateSvc - ok
15:43:17.0349 0x0c0c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
15:43:17.0365 0x0c0c  adp94xx - ok
15:43:17.0474 0x0c0c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
15:43:17.0474 0x0c0c  adpahci - ok
15:43:17.0521 0x0c0c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
15:43:17.0568 0x0c0c  adpu320 - ok
15:43:17.0630 0x0c0c  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:43:17.0630 0x0c0c  AeLookupSvc - ok
15:43:17.0786 0x0c0c  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
15:43:17.0802 0x0c0c  AFD - ok
15:43:17.0848 0x0c0c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
15:43:17.0864 0x0c0c  agp440 - ok
15:43:17.0895 0x0c0c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
15:43:17.0895 0x0c0c  ALG - ok
15:43:17.0942 0x0c0c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
15:43:17.0942 0x0c0c  aliide - ok
15:43:17.0989 0x0c0c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
15:43:17.0989 0x0c0c  amdide - ok
15:43:18.0036 0x0c0c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:43:18.0036 0x0c0c  AmdK8 - ok
15:43:18.0051 0x0c0c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:43:18.0067 0x0c0c  AmdPPM - ok
15:43:18.0114 0x0c0c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
15:43:18.0114 0x0c0c  amdsata - ok
15:43:18.0192 0x0c0c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:43:18.0192 0x0c0c  amdsbs - ok
15:43:18.0238 0x0c0c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
15:43:18.0238 0x0c0c  amdxata - ok
15:43:18.0550 0x0c0c  [ 6145123D11421B211D994660A55CA022, 5453EF58BDE23A435AFF0B241CC324942086827EB87272E83E0A0FA12A894E9C ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
15:43:18.0566 0x0c0c  Amsp - ok
15:43:18.0597 0x0c0c  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
15:43:18.0597 0x0c0c  AppID - ok
15:43:18.0660 0x0c0c  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:43:18.0660 0x0c0c  AppIDSvc - ok
15:43:18.0753 0x0c0c  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
15:43:18.0769 0x0c0c  Appinfo - ok
15:43:19.0003 0x0c0c  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:43:19.0003 0x0c0c  Apple Mobile Device - ok
15:43:19.0065 0x0c0c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
15:43:19.0065 0x0c0c  arc - ok
15:43:19.0096 0x0c0c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:43:19.0096 0x0c0c  arcsas - ok
15:43:19.0284 0x0c0c  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:43:19.0486 0x0c0c  aspnet_state - ok
15:43:19.0580 0x0c0c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:43:19.0611 0x0c0c  AsyncMac - ok
15:43:19.0674 0x0c0c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
15:43:19.0674 0x0c0c  atapi - ok
15:43:19.0814 0x0c0c  [ 0ACC06FCF46F64ED4F11E57EE461C1F4, F2AB7198C7F7D36AB1D6D03C1FEFD929ED402002AC835B909FC14938BC0EE24B ] athr            C:\Windows\system32\DRIVERS\athrx.sys
15:43:19.0845 0x0c0c  athr - ok
15:43:19.0970 0x0c0c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:43:20.0001 0x0c0c  AudioEndpointBuilder - ok
15:43:20.0032 0x0c0c  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
15:43:20.0048 0x0c0c  AudioSrv - ok
15:43:20.0126 0x0c0c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:43:20.0142 0x0c0c  AxInstSV - ok
15:43:20.0298 0x0c0c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
15:43:20.0313 0x0c0c  b06bdrv - ok
15:43:20.0344 0x0c0c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
15:43:20.0344 0x0c0c  b57nd60a - ok
15:43:20.0391 0x0c0c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:43:20.0391 0x0c0c  BDESVC - ok
15:43:20.0407 0x0c0c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:43:20.0407 0x0c0c  Beep - ok
15:43:20.0547 0x0c0c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
15:43:20.0563 0x0c0c  BFE - ok
15:43:20.0703 0x0c0c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
15:43:20.0719 0x0c0c  BITS - ok
15:43:20.0766 0x0c0c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:43:20.0766 0x0c0c  blbdrive - ok
15:43:20.0828 0x0c0c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:43:20.0828 0x0c0c  bowser - ok
15:43:20.0890 0x0c0c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:43:20.0890 0x0c0c  BrFiltLo - ok
15:43:20.0922 0x0c0c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:43:20.0922 0x0c0c  BrFiltUp - ok
15:43:20.0984 0x0c0c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
15:43:21.0000 0x0c0c  Browser - ok
15:43:21.0031 0x0c0c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
15:43:21.0046 0x0c0c  Brserid - ok
15:43:21.0062 0x0c0c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:43:21.0062 0x0c0c  BrSerWdm - ok
15:43:21.0093 0x0c0c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:43:21.0093 0x0c0c  BrUsbMdm - ok
15:43:21.0109 0x0c0c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:43:21.0109 0x0c0c  BrUsbSer - ok
15:43:21.0156 0x0c0c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:43:21.0156 0x0c0c  BTHMODEM - ok
15:43:21.0234 0x0c0c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
15:43:21.0234 0x0c0c  bthserv - ok
15:43:21.0327 0x0c0c  [ D1787E11C6A0078DDEAF8CF3EE2AB293, 15362A48EFF3DDD6C6D9B333CB7F5FE835B60A256B29467AD749DCFAC6C761D3 ] CAXHWAZL        C:\Windows\system32\DRIVERS\CAXHWAZL.sys
15:43:21.0327 0x0c0c  CAXHWAZL - ok
15:43:21.0374 0x0c0c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:43:21.0390 0x0c0c  cdfs - ok
15:43:21.0530 0x0c0c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:43:21.0530 0x0c0c  cdrom - ok
15:43:21.0608 0x0c0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
15:43:21.0608 0x0c0c  CertPropSvc - ok
15:43:21.0655 0x0c0c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:43:21.0655 0x0c0c  circlass - ok
15:43:21.0717 0x0c0c  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
15:43:21.0733 0x0c0c  CLFS - ok
15:43:21.0858 0x0c0c  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:43:21.0858 0x0c0c  clr_optimization_v2.0.50727_32 - ok
15:43:21.0936 0x0c0c  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:43:21.0951 0x0c0c  clr_optimization_v2.0.50727_64 - ok
15:43:22.0107 0x0c0c  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:43:22.0575 0x0c0c  clr_optimization_v4.0.30319_32 - ok
15:43:22.0606 0x0c0c  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:43:22.0887 0x0c0c  clr_optimization_v4.0.30319_64 - ok
15:43:22.0934 0x0c0c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:43:22.0934 0x0c0c  CmBatt - ok
15:43:22.0950 0x0c0c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:43:22.0950 0x0c0c  cmdide - ok
15:43:23.0043 0x0c0c  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
15:43:23.0043 0x0c0c  CNG - ok
15:43:23.0106 0x0c0c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:43:23.0106 0x0c0c  Compbatt - ok
15:43:23.0168 0x0c0c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
15:43:23.0168 0x0c0c  CompositeBus - ok
15:43:23.0184 0x0c0c  COMSysApp - ok
15:43:23.0199 0x0c0c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
15:43:23.0199 0x0c0c  crcdisk - ok
15:43:23.0293 0x0c0c  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:43:23.0293 0x0c0c  CryptSvc - ok
15:43:23.0371 0x0c0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:43:23.0371 0x0c0c  DcomLaunch - ok
15:43:23.0449 0x0c0c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
15:43:23.0464 0x0c0c  defragsvc - ok
15:43:23.0542 0x0c0c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:43:23.0589 0x0c0c  DfsC - ok
15:43:23.0683 0x0c0c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:43:23.0683 0x0c0c  Dhcp - ok
15:43:23.0854 0x0c0c  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
15:43:23.0917 0x0c0c  DiagTrack - ok
15:43:23.0964 0x0c0c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
15:43:23.0964 0x0c0c  discache - ok
15:43:24.0026 0x0c0c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:43:24.0026 0x0c0c  Disk - ok
15:43:24.0229 0x0c0c  [ D5BCB77BE83CF99F508943945D46343D, 00C5624CE970A05075A19168643BF6E8FA60C764333ECEC088D7FFCA10547833 ] DKbFltr         C:\Windows\syswow64\Drivers\DKbFltr.sys
15:43:24.0229 0x0c0c  DKbFltr - ok
15:43:24.0322 0x0c0c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:43:24.0322 0x0c0c  Dnscache - ok
15:43:24.0385 0x0c0c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
15:43:24.0400 0x0c0c  dot3svc - ok
15:43:24.0463 0x0c0c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
15:43:24.0463 0x0c0c  DPS - ok
15:43:24.0556 0x0c0c  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:43:24.0556 0x0c0c  drmkaud - ok
15:43:24.0650 0x0c0c  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:43:24.0681 0x0c0c  DXGKrnl - ok
15:43:25.0040 0x0c0c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
15:43:25.0056 0x0c0c  EapHost - ok
15:43:25.0680 0x0c0c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
15:43:25.0773 0x0c0c  ebdrv - ok
15:43:25.0836 0x0c0c  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] EFS             C:\Windows\System32\lsass.exe
15:43:25.0836 0x0c0c  EFS - ok
15:43:25.0960 0x0c0c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:43:25.0976 0x0c0c  ehRecvr - ok
15:43:26.0054 0x0c0c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
15:43:26.0054 0x0c0c  ehSched - ok
15:43:26.0179 0x0c0c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
15:43:26.0194 0x0c0c  elxstor - ok
15:43:26.0366 0x0c0c  [ 8E910F796F5F30281CDD24ABA47DDEA2, E59B373956D1D065CF5642B2585652526F8E3C0586018E172B3FE85BFC648264 ] ePowerSvc       C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
15:43:26.0382 0x0c0c  ePowerSvc - ok
15:43:26.0584 0x0c0c  [ 1E345F2A2D95DA3190596E691CDE9342, 9D1D48F3B749ADA598D155E11E63CD52A4EEABF9BE92A1D997D25D07CF350084 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
15:43:26.0584 0x0c0c  EPSON_PM_RPCV4_01 - ok
15:43:26.0647 0x0c0c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:43:26.0647 0x0c0c  ErrDev - ok
15:43:26.0740 0x0c0c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
15:43:26.0756 0x0c0c  EventSystem - ok
15:43:26.0772 0x0c0c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:43:26.0787 0x0c0c  exfat - ok
15:43:26.0959 0x0c0c  Fabs - ok
15:43:26.0990 0x0c0c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:43:26.0990 0x0c0c  fastfat - ok
15:43:27.0084 0x0c0c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
15:43:27.0115 0x0c0c  Fax - ok
15:43:27.0177 0x0c0c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:43:27.0177 0x0c0c  fdc - ok
15:43:27.0208 0x0c0c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
15:43:27.0208 0x0c0c  fdPHost - ok
15:43:27.0240 0x0c0c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:43:27.0240 0x0c0c  FDResPub - ok
15:43:27.0271 0x0c0c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:43:27.0271 0x0c0c  FileInfo - ok
15:43:27.0286 0x0c0c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:43:27.0286 0x0c0c  Filetrace - ok
15:43:27.0676 0x0c0c  [ FFF1130F7C9FA01D093A1EDFC5CCE8FC, 159EAA1893D871C309A063829CB3BC51A019FBCA1E07530B5CA1A382B2CCAF61 ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
15:43:27.0817 0x0c0c  FirebirdServerMAGIXInstance - ok
15:43:27.0864 0x0c0c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:43:27.0864 0x0c0c  flpydisk - ok
15:43:27.0942 0x0c0c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:43:27.0957 0x0c0c  FltMgr - ok
15:43:28.0066 0x0c0c  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
15:43:28.0129 0x0c0c  FontCache - ok
15:43:28.0238 0x0c0c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:43:28.0238 0x0c0c  FontCache3.0.0.0 - ok
15:43:28.0285 0x0c0c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
15:43:28.0285 0x0c0c  FsDepends - ok
15:43:28.0332 0x0c0c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:43:28.0332 0x0c0c  Fs_Rec - ok
15:43:28.0410 0x0c0c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:43:28.0410 0x0c0c  fvevol - ok
15:43:28.0456 0x0c0c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:43:28.0472 0x0c0c  gagp30kx - ok
15:43:28.0519 0x0c0c  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:43:28.0519 0x0c0c  GEARAspiWDM - ok
15:43:28.0628 0x0c0c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
15:43:28.0644 0x0c0c  gpsvc - ok
15:43:28.0831 0x0c0c  [ 816FD5A6F3C2F3D600900096632FC60E, D92401C4B56663F8A12B6390562608A125713408B00266C53844129679E48E9C ] Greg_Service    C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
15:43:28.0862 0x0c0c  Greg_Service - ok
15:43:28.0987 0x0c0c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:28.0987 0x0c0c  gupdate - ok
15:43:29.0049 0x0c0c  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:43:29.0049 0x0c0c  gupdatem - ok
15:43:29.0096 0x0c0c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:43:29.0096 0x0c0c  hcw85cir - ok
15:43:29.0190 0x0c0c  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:43:29.0205 0x0c0c  HdAudAddService - ok
15:43:29.0268 0x0c0c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
15:43:29.0268 0x0c0c  HDAudBus - ok
15:43:29.0346 0x0c0c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
15:43:29.0346 0x0c0c  HECIx64 - ok
15:43:29.0377 0x0c0c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
15:43:29.0377 0x0c0c  HidBatt - ok
15:43:29.0408 0x0c0c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:43:29.0424 0x0c0c  HidBth - ok
15:43:29.0439 0x0c0c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
15:43:29.0439 0x0c0c  HidIr - ok
15:43:29.0470 0x0c0c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
15:43:29.0470 0x0c0c  hidserv - ok
15:43:29.0564 0x0c0c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:43:29.0564 0x0c0c  HidUsb - ok
15:43:29.0626 0x0c0c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:43:29.0626 0x0c0c  hkmsvc - ok
15:43:29.0689 0x0c0c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:43:29.0704 0x0c0c  HomeGroupListener - ok
15:43:29.0751 0x0c0c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:43:29.0767 0x0c0c  HomeGroupProvider - ok
15:43:29.0860 0x0c0c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
15:43:29.0860 0x0c0c  HpSAMD - ok
15:43:29.0938 0x0c0c  [ 447256D1C026654C5CD3CC17E7B20631, F89589AC17BC50483E6687963370937E6CD19D6030F30D70577A7DA266116919 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
15:43:29.0954 0x0c0c  HsfXAudioService - ok
15:43:30.0079 0x0c0c  [ 26C5D00321937E49B6BC91029947D094, 610BBA49EAB5926FBC4B7990A64A8C3E5B7634CB25A39FC4D9104DD60FA3451A ] HSF_DPV         C:\Windows\system32\DRIVERS\CAX_DPV.sys
15:43:30.0126 0x0c0c  HSF_DPV - ok
15:43:30.0219 0x0c0c  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:43:30.0235 0x0c0c  HTTP - ok
15:43:30.0297 0x0c0c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:43:30.0297 0x0c0c  hwpolicy - ok
15:43:30.0422 0x0c0c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
15:43:30.0422 0x0c0c  i8042prt - ok
15:43:30.0594 0x0c0c  [ 660BF3255A1EB18ED803FD2FBA6AE400, 74A77E9828D62F2821D398EAA84BB15BF093EAD1BD5A7824362ED3D1A063C509 ] IAANTMON        C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
15:43:30.0609 0x0c0c  IAANTMON - ok
15:43:30.0734 0x0c0c  [ BE7D72FCF442C26975942007E0831241, A0FD29B3D1A1278787F8B3FBE7EC3216AAF328467974A6D90752639BB44DCD84 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:43:30.0734 0x0c0c  iaStor - ok
15:43:30.0921 0x0c0c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
15:43:30.0921 0x0c0c  iaStorV - ok
15:43:31.0155 0x0c0c  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:43:31.0171 0x0c0c  idsvc - ok
15:43:31.0233 0x0c0c  IEEtwCollectorService - ok
15:43:31.0951 0x0c0c  [ F4F91789C7C7A159CE8215C1F69F2A85, E60155402FB647B55EAD6B090204A1AA497294D473A7CCF850BB21C0DCCCB49C ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
15:43:32.0450 0x0c0c  igfx - ok
15:43:32.0544 0x0c0c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
15:43:32.0544 0x0c0c  iirsp - ok
15:43:32.0653 0x0c0c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
15:43:32.0684 0x0c0c  IKEEXT - ok
15:43:32.0762 0x0c0c  [ 4FF8A2082D78255D2EB169F986BCC981, FC3AB8C5845ABBB0CC0C5860281997537B42FF39D873B90F82EF1E8393AF40CF ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
15:43:32.0762 0x0c0c  Impcd - ok
15:43:32.0949 0x0c0c  [ 492CD3A94913D753B4591CD9E29EC843, 2DC95A60E2FB4DB13F936BCA9B63F261D473F693FC01F43588BAC232CBB34AED ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:43:32.0996 0x0c0c  IntcAzAudAddService - ok
15:43:33.0058 0x0c0c  [ 49072EDBC5C2F964917D1B585C90ED0A, 23B39F2813229CBB88A987A4A0B04C6D86234B1B8684E4E51A2F05ADDF06084B ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
15:43:33.0058 0x0c0c  IntcDAud - ok
15:43:33.0121 0x0c0c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
15:43:33.0121 0x0c0c  intelide - ok
15:43:33.0168 0x0c0c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:43:33.0183 0x0c0c  intelppm - ok
15:43:33.0339 0x0c0c  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
15:43:33.0339 0x0c0c  IntuitUpdateServiceV4 - ok
15:43:33.0370 0x0c0c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:43:33.0370 0x0c0c  IPBusEnum - ok
15:43:33.0433 0x0c0c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:43:33.0433 0x0c0c  IpFilterDriver - ok
15:43:33.0526 0x0c0c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:43:33.0542 0x0c0c  iphlpsvc - ok
15:43:33.0620 0x0c0c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
15:43:33.0620 0x0c0c  IPMIDRV - ok
15:43:33.0682 0x0c0c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
15:43:33.0682 0x0c0c  IPNAT - ok
15:43:33.0901 0x0c0c  [ F8E8676D1B6B2CC12DF9AA6B1A43D929, A1C45908A0E838F84BE941BFD96642B539BD031DB66B4E7B49F6B62B1039739E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
15:43:33.0932 0x0c0c  iPod Service - ok
15:43:33.0963 0x0c0c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:43:33.0963 0x0c0c  IRENUM - ok
15:43:34.0041 0x0c0c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:43:34.0041 0x0c0c  isapnp - ok
15:43:34.0135 0x0c0c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
15:43:34.0135 0x0c0c  iScsiPrt - ok
15:43:34.0213 0x0c0c  [ D85F3F18E44F7447B5F1BA5C85BAEB7C, 0FA419F9BF061AC3F81A978FAE1523904081BA6FEA6FACEA228B20F5608FCF1E ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
15:43:34.0213 0x0c0c  k57nd60a - ok
15:43:34.0306 0x0c0c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:43:34.0306 0x0c0c  kbdclass - ok
15:43:34.0384 0x0c0c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:43:34.0384 0x0c0c  kbdhid - ok
15:43:34.0400 0x0c0c  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] KeyIso          C:\Windows\system32\lsass.exe
15:43:34.0416 0x0c0c  KeyIso - ok
15:43:34.0478 0x0c0c  [ 0F776895884B8DC430A307D57FD867BB, F9E8C8A04D757CEAD86938BEEFFAD9750589037E16FB1A2B0A90E4484E1A6B65 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:43:34.0478 0x0c0c  KSecDD - ok
15:43:34.0525 0x0c0c  [ 28E75F316CCCD79337E4957C53017D4B, 3BABDA50B4CE72F7F9A0FD7A33DDB19463A01F188D46354E0B411FC0389C01BE ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
15:43:34.0525 0x0c0c  KSecPkg - ok
15:43:34.0587 0x0c0c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
15:43:34.0587 0x0c0c  ksthunk - ok
15:43:34.0665 0x0c0c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:43:34.0681 0x0c0c  KtmRm - ok
15:43:34.0759 0x0c0c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:43:34.0774 0x0c0c  LanmanServer - ok
15:43:34.0821 0x0c0c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:43:34.0837 0x0c0c  LanmanWorkstation - ok
15:43:34.0915 0x0c0c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:43:34.0915 0x0c0c  lltdio - ok
15:43:35.0008 0x0c0c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:43:35.0008 0x0c0c  lltdsvc - ok
15:43:35.0024 0x0c0c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:43:35.0024 0x0c0c  lmhosts - ok
15:43:35.0164 0x0c0c  [ 7485FBCEF9136F530953575E2977859D, 5A6A67EE407C6ECE637C2B2AC21259BB86D032E47CE59F77AAF48D687B74CFCB ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:43:35.0180 0x0c0c  LMS - ok
15:43:35.0258 0x0c0c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:43:35.0258 0x0c0c  LSI_FC - ok
15:43:35.0289 0x0c0c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
15:43:35.0289 0x0c0c  LSI_SAS - ok
15:43:35.0320 0x0c0c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:43:35.0336 0x0c0c  LSI_SAS2 - ok
15:43:35.0352 0x0c0c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:43:35.0367 0x0c0c  LSI_SCSI - ok
15:43:35.0414 0x0c0c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
15:43:35.0430 0x0c0c  luafv - ok
15:43:35.0492 0x0c0c  lxdv_device - ok
15:43:35.0539 0x0c0c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:43:35.0570 0x0c0c  Mcx2Svc - ok
15:43:35.0710 0x0c0c  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:43:35.0726 0x0c0c  MDM - ok
15:43:35.0788 0x0c0c  [ E4F44EC214B3E381E1FC844A02926666, 6EE8C87EFCEFFBEA08B9B9DA036B37564542EE4D31942115CDBF895295DD5FE2 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:43:35.0788 0x0c0c  mdmxsdk - ok
15:43:35.0820 0x0c0c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
15:43:35.0835 0x0c0c  megasas - ok
15:43:35.0913 0x0c0c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:43:35.0929 0x0c0c  MegaSR - ok
15:43:36.0007 0x0c0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
15:43:36.0007 0x0c0c  MMCSS - ok
15:43:36.0054 0x0c0c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
15:43:36.0054 0x0c0c  Modem - ok
15:43:36.0178 0x0c0c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:43:36.0178 0x0c0c  monitor - ok
15:43:36.0303 0x0c0c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:43:36.0303 0x0c0c  mouclass - ok
15:43:36.0506 0x0c0c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:43:36.0506 0x0c0c  mouhid - ok
15:43:36.0568 0x0c0c  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:43:36.0568 0x0c0c  mountmgr - ok
15:43:36.0740 0x0c0c  [ 096C5D009C554DBC8F2E2EFEDFE10A47, D72F1286807FE471755D992AAF398D519680A160D71DB6327019F6DC5A9DEFFC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:43:36.0756 0x0c0c  MozillaMaintenance - ok
15:43:36.0818 0x0c0c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:43:36.0818 0x0c0c  mpio - ok
15:43:36.0849 0x0c0c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:43:36.0849 0x0c0c  mpsdrv - ok
15:43:36.0974 0x0c0c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:43:36.0990 0x0c0c  MpsSvc - ok
15:43:37.0052 0x0c0c  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:43:37.0052 0x0c0c  MRxDAV - ok
15:43:37.0130 0x0c0c  [ 32B85C4923D895B2FB35821A799BA38D, 7A7E5D08F745DB9B498B4BE946325FF7DAA7FA27589D9423FCA4558D20780026 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:43:37.0130 0x0c0c  mrxsmb - ok
15:43:37.0161 0x0c0c  [ A572BEF41F3C55D7DAF24D2340C91FEC, 1E51EEFEABCDCB664CD39437C2275B160860FB433EAA8DC905D5BC742FD03529 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:43:37.0177 0x0c0c  mrxsmb10 - ok
15:43:37.0239 0x0c0c  [ C49F1C4CA74FC52AFB2E892D8E50EA39, 9E7A2453627A82AFF4CE3F285AFF105C3F92F423C07E5C43E76BEC523841B8F7 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:43:37.0239 0x0c0c  mrxsmb20 - ok
15:43:37.0302 0x0c0c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:43:37.0302 0x0c0c  msahci - ok
15:43:37.0380 0x0c0c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:43:37.0380 0x0c0c  msdsm - ok
15:43:37.0395 0x0c0c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
15:43:37.0395 0x0c0c  MSDTC - ok
15:43:37.0426 0x0c0c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:43:37.0426 0x0c0c  Msfs - ok
15:43:37.0442 0x0c0c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
15:43:37.0442 0x0c0c  mshidkmdf - ok
15:43:37.0504 0x0c0c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:43:37.0504 0x0c0c  msisadrv - ok
15:43:37.0582 0x0c0c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:43:37.0614 0x0c0c  MSiSCSI - ok
15:43:37.0614 0x0c0c  msiserver - ok
15:43:37.0645 0x0c0c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:43:37.0645 0x0c0c  MSKSSRV - ok
15:43:37.0660 0x0c0c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:43:37.0660 0x0c0c  MSPCLOCK - ok
15:43:37.0692 0x0c0c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:43:37.0692 0x0c0c  MSPQM - ok
15:43:37.0754 0x0c0c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:43:37.0770 0x0c0c  MsRPC - ok
15:43:37.0832 0x0c0c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
15:43:37.0832 0x0c0c  mssmbios - ok
15:43:37.0848 0x0c0c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:43:37.0848 0x0c0c  MSTEE - ok
15:43:37.0879 0x0c0c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:43:37.0879 0x0c0c  MTConfig - ok
15:43:37.0894 0x0c0c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
15:43:37.0894 0x0c0c  Mup - ok
15:43:37.0988 0x0c0c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
15:43:38.0004 0x0c0c  napagent - ok
15:43:38.0082 0x0c0c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:43:38.0097 0x0c0c  NativeWifiP - ok
15:43:38.0175 0x0c0c  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:43:38.0206 0x0c0c  NDIS - ok
15:43:38.0222 0x0c0c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
15:43:38.0222 0x0c0c  NdisCap - ok
15:43:38.0269 0x0c0c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:43:38.0269 0x0c0c  NdisTapi - ok
15:43:38.0347 0x0c0c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:43:38.0347 0x0c0c  Ndisuio - ok
15:43:38.0394 0x0c0c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:43:38.0394 0x0c0c  NdisWan - ok
15:43:38.0456 0x0c0c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:43:38.0456 0x0c0c  NDProxy - ok
15:43:38.0472 0x0c0c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:43:38.0472 0x0c0c  NetBIOS - ok
15:43:38.0550 0x0c0c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
15:43:38.0565 0x0c0c  NetBT - ok
15:43:38.0581 0x0c0c  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] Netlogon        C:\Windows\system32\lsass.exe
15:43:38.0581 0x0c0c  Netlogon - ok
15:43:38.0674 0x0c0c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
15:43:38.0690 0x0c0c  Netman - ok
15:43:38.0830 0x0c0c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:38.0846 0x0c0c  NetMsmqActivator - ok
15:43:38.0846 0x0c0c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:38.0862 0x0c0c  NetPipeActivator - ok
15:43:38.0893 0x0c0c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
15:43:38.0908 0x0c0c  netprofm - ok
15:43:38.0908 0x0c0c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:38.0924 0x0c0c  NetTcpActivator - ok
15:43:38.0924 0x0c0c  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:43:38.0940 0x0c0c  NetTcpPortSharing - ok
15:43:38.0955 0x0c0c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
15:43:38.0971 0x0c0c  nfrd960 - ok
15:43:39.0033 0x0c0c  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:43:39.0049 0x0c0c  NlaSvc - ok
15:43:39.0064 0x0c0c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:43:39.0064 0x0c0c  Npfs - ok
15:43:39.0080 0x0c0c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
15:43:39.0096 0x0c0c  nsi - ok
15:43:39.0111 0x0c0c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:43:39.0111 0x0c0c  nsiproxy - ok
15:43:39.0252 0x0c0c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:43:39.0298 0x0c0c  Ntfs - ok
15:43:39.0392 0x0c0c  [ 3589BFAF27183772B7F0F976AAAEDE43, F46E7BC052D0BDE585D92514CD76B9941E28A2937CE402560692353C4746CB75 ] NTI IScheduleSvc C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
15:43:39.0408 0x0c0c  NTI IScheduleSvc - ok
15:43:39.0423 0x0c0c  [ 64DDD0DEE976302F4BD93E5EFCC2F013, 19F54B4549999EF96FAE1B2B97973F281304843ADE0CF5823574453AB41E3E9C ] NTIDrvr         C:\Windows\system32\drivers\NTIDrvr.sys
15:43:39.0423 0x0c0c  NTIDrvr - ok
15:43:39.0439 0x0c0c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
15:43:39.0439 0x0c0c  Null - ok
15:43:39.0532 0x0c0c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:43:39.0579 0x0c0c  nvraid - ok
15:43:39.0657 0x0c0c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:43:39.0657 0x0c0c  nvstor - ok
15:43:39.0720 0x0c0c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:43:39.0720 0x0c0c  nv_agp - ok
15:43:39.0782 0x0c0c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:43:39.0782 0x0c0c  ohci1394 - ok
15:43:39.0876 0x0c0c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:43:39.0876 0x0c0c  ose - ok
15:43:39.0938 0x0c0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:43:39.0954 0x0c0c  p2pimsvc - ok
15:43:39.0985 0x0c0c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
15:43:40.0000 0x0c0c  p2psvc - ok
15:43:40.0047 0x0c0c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
15:43:40.0047 0x0c0c  Parport - ok
15:43:40.0094 0x0c0c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:43:40.0094 0x0c0c  partmgr - ok
15:43:40.0141 0x0c0c  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:43:40.0156 0x0c0c  PcaSvc - ok
15:43:40.0219 0x0c0c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
15:43:40.0219 0x0c0c  pci - ok
15:43:40.0297 0x0c0c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
15:43:40.0297 0x0c0c  pciide - ok
15:43:40.0328 0x0c0c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:43:40.0328 0x0c0c  pcmcia - ok
15:43:40.0359 0x0c0c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
15:43:40.0359 0x0c0c  pcw - ok
15:43:40.0437 0x0c0c  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:43:40.0453 0x0c0c  PEAUTH - ok
15:43:40.0578 0x0c0c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
15:43:40.0578 0x0c0c  PerfHost - ok
15:43:40.0702 0x0c0c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
15:43:40.0765 0x0c0c  pla - ok
15:43:41.0202 0x0c0c  [ 097C9A90323C7B09AAF5503DFAAF8052, EF3186BD8B9A8720DDB1F9C6A7CB262A691231D99EF303D1C2C8F74803067839 ] Platinum Host Service C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
15:43:41.0233 0x0c0c  Platinum Host Service - ok
15:43:41.0295 0x0c0c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:43:41.0311 0x0c0c  PlugPlay - ok
15:43:41.0358 0x0c0c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
15:43:41.0358 0x0c0c  PNRPAutoReg - ok
15:43:41.0404 0x0c0c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
15:43:41.0404 0x0c0c  PNRPsvc - ok
15:43:41.0482 0x0c0c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:43:41.0498 0x0c0c  PolicyAgent - ok
15:43:41.0623 0x0c0c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
15:43:41.0638 0x0c0c  Power - ok
15:43:41.0748 0x0c0c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:43:41.0748 0x0c0c  PptpMiniport - ok
15:43:41.0810 0x0c0c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
15:43:41.0841 0x0c0c  Processor - ok
15:43:41.0982 0x0c0c  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
15:43:41.0997 0x0c0c  ProfSvc - ok
15:43:42.0044 0x0c0c  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] ProtectedStorage C:\Windows\system32\lsass.exe
15:43:42.0044 0x0c0c  ProtectedStorage - ok
15:43:42.0184 0x0c0c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:43:42.0184 0x0c0c  Psched - ok
15:43:42.0262 0x0c0c  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
15:43:42.0262 0x0c0c  PxHlpa64 - ok
15:43:42.0606 0x0c0c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:43:42.0652 0x0c0c  ql2300 - ok
15:43:42.0668 0x0c0c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:43:42.0668 0x0c0c  ql40xx - ok
15:43:42.0730 0x0c0c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
15:43:42.0730 0x0c0c  QWAVE - ok
15:43:42.0762 0x0c0c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:43:42.0762 0x0c0c  QWAVEdrv - ok
15:43:42.0777 0x0c0c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:43:42.0777 0x0c0c  RasAcd - ok
15:43:42.0855 0x0c0c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
15:43:42.0855 0x0c0c  RasAgileVpn - ok
15:43:42.0871 0x0c0c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
15:43:42.0871 0x0c0c  RasAuto - ok
15:43:42.0933 0x0c0c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:43:42.0949 0x0c0c  Rasl2tp - ok
15:43:43.0027 0x0c0c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
15:43:43.0042 0x0c0c  RasMan - ok
15:43:43.0058 0x0c0c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:43:43.0058 0x0c0c  RasPppoe - ok
15:43:43.0074 0x0c0c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:43:43.0074 0x0c0c  RasSstp - ok
15:43:43.0214 0x0c0c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:43:43.0230 0x0c0c  rdbss - ok
15:43:43.0245 0x0c0c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:43:43.0245 0x0c0c  rdpbus - ok
15:43:43.0276 0x0c0c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:43:43.0276 0x0c0c  RDPCDD - ok
15:43:43.0292 0x0c0c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:43:43.0292 0x0c0c  RDPENCDD - ok
15:43:43.0308 0x0c0c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:43:43.0308 0x0c0c  RDPREFMP - ok
15:43:43.0588 0x0c0c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
15:43:43.0588 0x0c0c  RdpVideoMiniport - ok
15:43:43.0682 0x0c0c  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:43:43.0682 0x0c0c  RDPWD - ok
15:43:43.0744 0x0c0c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:43:43.0744 0x0c0c  rdyboost - ok
15:43:43.0807 0x0c0c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:43:43.0807 0x0c0c  RemoteAccess - ok
15:43:43.0854 0x0c0c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:43:43.0869 0x0c0c  RemoteRegistry - ok
15:43:43.0900 0x0c0c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:43:43.0916 0x0c0c  RpcEptMapper - ok
15:43:43.0947 0x0c0c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
15:43:43.0947 0x0c0c  RpcLocator - ok
15:43:44.0025 0x0c0c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
15:43:44.0025 0x0c0c  RpcSs - ok
15:43:44.0072 0x0c0c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:43:44.0088 0x0c0c  rspndr - ok
15:43:44.0275 0x0c0c  [ DB30AA4DAA0D492FA5D7717D8181FFA1, 1126AD4998D410918CFB7DBD9C74DA7F4066A4C0F90F0E7D689A6E65B2420817 ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
15:43:44.0275 0x0c0c  RSUSBSTOR - ok
15:43:44.0306 0x0c0c  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] SamSs           C:\Windows\system32\lsass.exe
15:43:44.0306 0x0c0c  SamSs - ok
15:43:44.0400 0x0c0c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:43:44.0415 0x0c0c  sbp2port - ok
15:43:44.0478 0x0c0c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:43:44.0478 0x0c0c  SCardSvr - ok
15:43:44.0556 0x0c0c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:43:44.0556 0x0c0c  scfilter - ok
15:43:44.0712 0x0c0c  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
15:43:44.0805 0x0c0c  Schedule - ok
15:43:44.0852 0x0c0c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:43:44.0852 0x0c0c  SCPolicySvc - ok
15:43:44.0899 0x0c0c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:43:44.0914 0x0c0c  SDRSVC - ok
15:43:44.0946 0x0c0c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:43:44.0961 0x0c0c  secdrv - ok
15:43:45.0008 0x0c0c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
15:43:45.0008 0x0c0c  seclogon - ok
15:43:45.0039 0x0c0c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
15:43:45.0039 0x0c0c  SENS - ok
15:43:45.0070 0x0c0c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:43:45.0070 0x0c0c  SensrSvc - ok
15:43:45.0102 0x0c0c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
15:43:45.0102 0x0c0c  Serenum - ok
15:43:45.0148 0x0c0c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:43:45.0148 0x0c0c  Serial - ok
15:43:45.0211 0x0c0c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:43:45.0211 0x0c0c  sermouse - ok
15:43:45.0289 0x0c0c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
15:43:45.0289 0x0c0c  SessionEnv - ok
15:43:45.0336 0x0c0c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:43:45.0336 0x0c0c  sffdisk - ok
15:43:45.0382 0x0c0c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:43:45.0382 0x0c0c  sffp_mmc - ok
15:43:45.0429 0x0c0c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:43:45.0429 0x0c0c  sffp_sd - ok
15:43:45.0460 0x0c0c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
15:43:45.0460 0x0c0c  sfloppy - ok
15:43:45.0585 0x0c0c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:43:45.0601 0x0c0c  SharedAccess - ok
15:43:45.0710 0x0c0c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:43:45.0726 0x0c0c  ShellHWDetection - ok
15:43:45.0757 0x0c0c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:43:45.0757 0x0c0c  SiSRaid2 - ok
15:43:45.0788 0x0c0c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:43:45.0804 0x0c0c  SiSRaid4 - ok
15:43:45.0991 0x0c0c  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
15:43:45.0991 0x0c0c  SkypeUpdate - ok
15:43:46.0038 0x0c0c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:43:46.0053 0x0c0c  Smb - ok
15:43:46.0084 0x0c0c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:43:46.0100 0x0c0c  SNMPTRAP - ok
15:43:46.0116 0x0c0c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:43:46.0116 0x0c0c  spldr - ok
15:43:46.0194 0x0c0c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
15:43:46.0209 0x0c0c  Spooler - ok
15:43:46.0443 0x0c0c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
15:43:46.0521 0x0c0c  sppsvc - ok
15:43:46.0552 0x0c0c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
15:43:46.0568 0x0c0c  sppuinotify - ok
15:43:46.0677 0x0c0c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:43:46.0677 0x0c0c  srv - ok
15:43:46.0755 0x0c0c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:43:46.0771 0x0c0c  srv2 - ok
15:43:46.0833 0x0c0c  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
15:43:46.0833 0x0c0c  SrvHsfHDA - ok
15:43:47.0130 0x0c0c  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
15:43:47.0176 0x0c0c  SrvHsfV92 - ok
15:43:47.0332 0x0c0c  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
15:43:47.0348 0x0c0c  SrvHsfWinac - ok
15:43:47.0410 0x0c0c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:43:47.0410 0x0c0c  srvnet - ok
15:43:47.0473 0x0c0c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:43:47.0473 0x0c0c  SSDPSRV - ok
15:43:47.0488 0x0c0c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:43:47.0488 0x0c0c  SstpSvc - ok
15:43:47.0535 0x0c0c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:43:47.0551 0x0c0c  stexstor - ok
15:43:47.0660 0x0c0c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
15:43:47.0676 0x0c0c  stisvc - ok
15:43:47.0722 0x0c0c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
15:43:47.0722 0x0c0c  swenum - ok
15:43:47.0769 0x0c0c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
15:43:47.0785 0x0c0c  swprv - ok
15:43:47.0878 0x0c0c  [ ECB9097C86DB32BF3940590E0E1792C3, 027C5642D39431DBD2A918228DFAD56B22FD9A584AF7037E23D1A3EA9E8865FE ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
15:43:47.0878 0x0c0c  SynTP - ok
15:43:48.0003 0x0c0c  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
15:43:48.0097 0x0c0c  SysMain - ok
15:43:48.0190 0x0c0c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:43:48.0190 0x0c0c  TabletInputService - ok
15:43:48.0268 0x0c0c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:43:48.0284 0x0c0c  TapiSrv - ok
15:43:48.0440 0x0c0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:43:48.0518 0x0c0c  Tcpip - ok
15:43:48.0627 0x0c0c  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:43:48.0674 0x0c0c  TCPIP6 - ok
15:43:48.0736 0x0c0c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:43:48.0736 0x0c0c  tcpipreg - ok
15:43:48.0783 0x0c0c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:43:48.0783 0x0c0c  TDPIPE - ok
15:43:48.0830 0x0c0c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:43:48.0830 0x0c0c  TDTCP - ok
15:43:48.0924 0x0c0c  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:43:48.0924 0x0c0c  tdx - ok
15:43:48.0986 0x0c0c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
15:43:48.0986 0x0c0c  TermDD - ok
15:43:49.0064 0x0c0c  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
15:43:49.0080 0x0c0c  TermService - ok
15:43:49.0111 0x0c0c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
15:43:49.0111 0x0c0c  Themes - ok
15:43:49.0158 0x0c0c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
15:43:49.0158 0x0c0c  THREADORDER - ok
15:43:49.0220 0x0c0c  [ 462CE5BC5B8C22C459B98A9400F386FA, D61D6C4FE1A76F481911D0AF5357BDBADA85F7444876501531AB8DA44EE86826 ] tmactmon        C:\Windows\system32\DRIVERS\tmactmon.sys
15:43:49.0236 0x0c0c  tmactmon - ok
15:43:49.0329 0x0c0c  [ CE526F14D13627B7A4A0035AB4238841, 8DEFF8B546083FDB50FF223744587C58F5945DE01577D924A848D5062D8574D5 ] tmcomm          C:\Windows\system32\DRIVERS\tmcomm.sys
15:43:49.0345 0x0c0c  tmcomm - ok
15:43:49.0423 0x0c0c  [ E5E5DB2B3B162F074556F992A904827F, C819DC7A9A4DA3BA7F2F543BF8D6C8F194C0A038C611BE915EC0949DDAF21BA6 ] TMEBC           C:\Windows\system32\DRIVERS\TMEBC64.sys
15:43:49.0423 0x0c0c  TMEBC - ok
15:43:49.0470 0x0c0c  [ F21BD7A3E2002A88AB471BE42141C783, F18A07B06C5F3B3FECB17A93FA6BADAE01B53DE6D9304625765AA047D227FC23 ] tmeevw          C:\Windows\system32\DRIVERS\tmeevw.sys
15:43:49.0485 0x0c0c  tmeevw - ok
15:43:49.0501 0x0c0c  [ FBB30611F63A97C14C16CC087579DB25, 8BA9E1D1D3132DB9EDF64FF15BC6C5E24B5E6E2956993999A58C509407D21E8A ] tmevtmgr        C:\Windows\system32\DRIVERS\tmevtmgr.sys
15:43:49.0501 0x0c0c  tmevtmgr - ok
15:43:49.0579 0x0c0c  [ D8037AD74BD8E5C85514C78841DF72CA, 784AA2483746143B03FC62D3D8CEBA66262405FA607E373ACB6165510D3459B2 ] tmnciesc        C:\Windows\system32\DRIVERS\tmnciesc.sys
15:43:49.0610 0x0c0c  tmnciesc - ok
15:43:49.0657 0x0c0c  [ C0DE7021878A12EA937E1E81BBA61CE2, AAB4A5ECFA32A3CEF8379AB906F2E97CF16EF30DC23218ECDD469C51AC092C55 ] tmumh           C:\Windows\system32\DRIVERS\TMUMH.sys
15:43:49.0657 0x0c0c  tmumh - ok
15:43:49.0782 0x0c0c  [ FE351337CE2C7A50AECFB3871C8E7428, 5C6D709E40B1CD0B630D5AB7709BBDA6FDF88B22808826FE294D92C06ABF330C ] tmusa           C:\Windows\system32\DRIVERS\tmusa.sys
15:43:49.0797 0x0c0c  tmusa - ok
15:43:49.0906 0x0c0c  [ 572A16FBAD52AB1AC8E3D44BAAF99694, B504F44252F928D08881A99DF92B8D487992C335B48ADD87C95814315E57C2AD ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
15:43:49.0906 0x0c0c  TomTomHOMEService - ok
15:43:50.0016 0x0c0c  [ C676B0F52F2B6483AFB88F79CABB011E, 8F10C7C91B47F87C3E29785BDACA49831857849F688C34A1F097C9D6593003AA ] Tpkd            C:\Windows\system32\drivers\Tpkd.sys
15:43:50.0016 0x0c0c  Tpkd - ok
15:43:50.0078 0x0c0c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
15:43:50.0078 0x0c0c  TrkWks - ok
15:43:50.0234 0x0c0c  [ 0C997B061E3C66BD9E927C1288EB1CC7, 3807E9A1BC159B9E8FC0C7CAAD10D7213FF8ED8AD1CEA9EA552B093C81BF624B ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
15:43:50.0234 0x0c0c  TrueSight - ok
15:43:50.0343 0x0c0c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:43:50.0343 0x0c0c  TrustedInstaller - ok
15:43:50.0406 0x0c0c  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:43:50.0406 0x0c0c  tssecsrv - ok
15:43:50.0468 0x0c0c  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
15:43:50.0468 0x0c0c  TsUsbFlt - ok
15:43:50.0562 0x0c0c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:43:50.0562 0x0c0c  tunnel - ok
15:43:50.0593 0x0c0c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:43:50.0608 0x0c0c  uagp35 - ok
15:43:50.0655 0x0c0c  [ 2E22C1FD397A5A9FFEF55E9D1FC96C00, 4646712B3F3AF6188DBCE1A95D92261E8B15E9583FE5DD538EC884F48B51759D ] UBHelper        C:\Windows\system32\drivers\UBHelper.sys
15:43:50.0655 0x0c0c  UBHelper - ok
15:43:50.0749 0x0c0c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:43:50.0764 0x0c0c  udfs - ok
15:43:50.0827 0x0c0c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:43:50.0827 0x0c0c  UI0Detect - ok
15:43:50.0889 0x0c0c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:43:50.0889 0x0c0c  uliagpkx - ok
15:43:50.0967 0x0c0c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
15:43:50.0967 0x0c0c  umbus - ok
15:43:50.0983 0x0c0c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:43:50.0983 0x0c0c  UmPass - ok
15:43:51.0326 0x0c0c  [ 765F2DD351BA064F657751D8D75E58C0, 954834FF6F05E065C2BE6CEC22136A0399026BFF9D91BE859E8E047C3ED8267F ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:43:51.0373 0x0c0c  UNS - ok
15:43:51.0560 0x0c0c  [ 70DDE3A86DBEB1D6C3C30AD687B1877A, 2DAE797240DB8F521F1C9D1171524790052E186B060D58A1B102FBFFC80CE48E ] Updater Service C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
15:43:51.0591 0x0c0c  Updater Service - ok
15:43:51.0638 0x0c0c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
15:43:51.0654 0x0c0c  upnphost - ok
15:43:51.0700 0x0c0c  [ 54D4B48D443E7228BF64CF7CDC3118AC, 4C953166EAECFD217218E386B411A4BDDA86AE65DCF352D271DF8E3D7DECC85F ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
15:43:51.0700 0x0c0c  USBAAPL64 - ok
15:43:51.0747 0x0c0c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:43:51.0747 0x0c0c  usbccgp - ok
15:43:51.0825 0x0c0c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:43:51.0825 0x0c0c  usbcir - ok
15:43:51.0888 0x0c0c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
15:43:51.0888 0x0c0c  usbehci - ok
15:43:51.0950 0x0c0c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:43:51.0950 0x0c0c  usbhub - ok
15:43:52.0012 0x0c0c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
15:43:52.0012 0x0c0c  usbohci - ok
15:43:52.0075 0x0c0c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:43:52.0075 0x0c0c  usbprint - ok
15:43:52.0168 0x0c0c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
15:43:52.0168 0x0c0c  usbscan - ok
15:43:52.0231 0x0c0c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:43:52.0246 0x0c0c  USBSTOR - ok
15:43:52.0309 0x0c0c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
15:43:52.0309 0x0c0c  usbuhci - ok
15:43:52.0387 0x0c0c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
15:43:52.0387 0x0c0c  usbvideo - ok
15:43:52.0434 0x0c0c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
15:43:52.0434 0x0c0c  UxSms - ok
15:43:52.0465 0x0c0c  [ CB0E57424A776C51EF42469064ADBF08, 2E4EFE070560F4CCE6AF6D142C559EEF3672631C846E612968D57BE7F71C1C4F ] VaultSvc        C:\Windows\system32\lsass.exe
15:43:52.0465 0x0c0c  VaultSvc - ok
15:43:52.0558 0x0c0c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
15:43:52.0558 0x0c0c  vdrvroot - ok
15:43:52.0668 0x0c0c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
15:43:52.0683 0x0c0c  vds - ok
15:43:52.0730 0x0c0c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:43:52.0730 0x0c0c  vga - ok
15:43:52.0746 0x0c0c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:43:52.0761 0x0c0c  VgaSave - ok
15:43:52.0824 0x0c0c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
15:43:52.0824 0x0c0c  vhdmp - ok
15:43:52.0886 0x0c0c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
15:43:52.0886 0x0c0c  viaide - ok
15:43:52.0933 0x0c0c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:43:52.0933 0x0c0c  volmgr - ok
15:43:53.0011 0x0c0c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:43:53.0026 0x0c0c  volmgrx - ok
15:43:53.0120 0x0c0c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:43:53.0120 0x0c0c  volsnap - ok
15:43:53.0167 0x0c0c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
15:43:53.0167 0x0c0c  vsmraid - ok
15:43:53.0307 0x0c0c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
15:43:53.0401 0x0c0c  VSS - ok
15:43:53.0432 0x0c0c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:43:53.0432 0x0c0c  vwifibus - ok
15:43:53.0463 0x0c0c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:43:53.0463 0x0c0c  vwififlt - ok
15:43:53.0557 0x0c0c  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
15:43:53.0557 0x0c0c  vwifimp - ok
15:43:53.0619 0x0c0c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
15:43:53.0635 0x0c0c  W32Time - ok
15:43:53.0650 0x0c0c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:43:53.0650 0x0c0c  WacomPen - ok
15:43:53.0728 0x0c0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:43:53.0728 0x0c0c  WANARP - ok
15:43:53.0728 0x0c0c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:43:53.0744 0x0c0c  Wanarpv6 - ok
15:43:54.0040 0x0c0c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
15:43:54.0087 0x0c0c  WatAdminSvc - ok
15:43:54.0243 0x0c0c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
15:43:54.0290 0x0c0c  wbengine - ok
15:43:54.0368 0x0c0c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:43:54.0384 0x0c0c  WbioSrvc - ok
15:43:54.0446 0x0c0c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:43:54.0462 0x0c0c  wcncsvc - ok
15:43:54.0477 0x0c0c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:43:54.0493 0x0c0c  WcsPlugInService - ok
15:43:54.0524 0x0c0c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:43:54.0524 0x0c0c  Wd - ok
15:43:54.0633 0x0c0c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:43:54.0664 0x0c0c  Wdf01000 - ok
15:43:54.0696 0x0c0c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:43:54.0711 0x0c0c  WdiServiceHost - ok
15:43:54.0711 0x0c0c  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:43:54.0727 0x0c0c  WdiSystemHost - ok
15:43:54.0789 0x0c0c  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
15:43:54.0805 0x0c0c  WebClient - ok
15:43:54.0820 0x0c0c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:43:54.0836 0x0c0c  Wecsvc - ok
15:43:54.0852 0x0c0c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:43:54.0867 0x0c0c  wercplsupport - ok
15:43:54.0883 0x0c0c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:43:54.0883 0x0c0c  WerSvc - ok
15:43:54.0914 0x0c0c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:43:54.0914 0x0c0c  WfpLwf - ok
15:43:54.0945 0x0c0c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:43:54.0945 0x0c0c  WIMMount - ok
15:43:55.0023 0x0c0c  [ A6EA7A3FC4B00F48535B506DB1E86EFD, B2A28C0438BA679D760FB8B68289D625CF6204DFF8000A285B5CA68417314F65 ] winachsf        C:\Windows\system32\DRIVERS\CAX_CNXT.sys
15:43:55.0039 0x0c0c  winachsf - ok
15:43:55.0086 0x0c0c  WinDefend - ok
15:43:55.0101 0x0c0c  WinHttpAutoProxySvc - ok
15:43:55.0179 0x0c0c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:43:55.0179 0x0c0c  Winmgmt - ok
15:43:55.0351 0x0c0c  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
15:43:55.0460 0x0c0c  WinRM - ok
15:43:55.0585 0x0c0c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\drivers\WinUsb.sys
15:43:55.0585 0x0c0c  WinUSB - ok
15:43:55.0663 0x0c0c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:43:55.0694 0x0c0c  Wlansvc - ok
15:43:55.0912 0x0c0c  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:43:55.0975 0x0c0c  wlidsvc - ok
15:43:56.0037 0x0c0c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:43:56.0037 0x0c0c  WmiAcpi - ok
15:43:56.0068 0x0c0c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:43:56.0068 0x0c0c  wmiApSrv - ok
15:43:56.0115 0x0c0c  WMPNetworkSvc - ok
15:43:56.0318 0x0c0c  [ 45DE51DB0950A4B8595520EF0BAFCFF1, AB70F9DB7D23EE30B19474A2A6B1F5918CE775AE483E723F0914733C05DA7A9B ] WMZuneComm      c:\Program Files\Zune\WMZuneComm.exe
15:43:56.0318 0x0c0c  WMZuneComm - ok
15:43:56.0349 0x0c0c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:43:56.0365 0x0c0c  WPCSvc - ok
15:43:56.0412 0x0c0c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:43:56.0412 0x0c0c  WPDBusEnum - ok
15:43:56.0490 0x0c0c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:43:56.0490 0x0c0c  ws2ifsl - ok
15:43:56.0536 0x0c0c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
15:43:56.0536 0x0c0c  wscsvc - ok
15:43:56.0536 0x0c0c  WSearch - ok
15:43:56.0708 0x0c0c  [ 6075791ED85E47A2A2916B1F34582944, 25B5FAD161711875B38BDD014A26FA527C8EE4854D485989D19A72D5EBBA4054 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:43:56.0802 0x0c0c  wuauserv - ok
15:43:56.0848 0x0c0c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:43:56.0848 0x0c0c  WudfPf - ok
15:43:56.0942 0x0c0c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:43:56.0958 0x0c0c  WUDFRd - ok
15:43:57.0004 0x0c0c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:43:57.0004 0x0c0c  wudfsvc - ok
15:43:57.0051 0x0c0c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
15:43:57.0067 0x0c0c  WwanSvc - ok
15:43:57.0129 0x0c0c  [ E8F3FA126A06F8E7088F63757112A186, FC742ECA6DD823C5B17A514EC4473F65EE290FA6501370675B3628FD881A1C4B ] XAudio          C:\Windows\system32\DRIVERS\XAudio64.sys
15:43:57.0129 0x0c0c  XAudio - ok
15:43:58.0018 0x0c0c  [ B79C2CE5340A5ECA38CA1F74AA445D2B, 8A426A4A6CF85D875E2AFBC04864AE234398C0AC619D77370A006FEE443AC31F ] ZuneNetworkSvc  c:\Program Files\Zune\ZuneNss.exe
15:43:58.0299 0x0c0c  ZuneNetworkSvc - ok
15:43:58.0424 0x0c0c  [ E2859AEA054422FE40517179AE867C2D, 6978DC020324F7A5EDF529791B0AA6039AF2BAA54956C676B3817181BED57B8A ] ZuneWlanCfgSvc  c:\Windows\system32\ZuneWlanCfgSvc.exe
15:43:58.0440 0x0c0c  ZuneWlanCfgSvc - ok
15:43:58.0455 0x0c0c  ================ Scan global ===============================
15:43:58.0518 0x0c0c  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
15:43:58.0580 0x0c0c  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
15:43:58.0596 0x0c0c  [ CE14A4BBF890A7D4C898CF886D145EC9, AD4BE7CBB0C624EC00E8496AF33AC5AB8C5689C75C66C4C99F2FB7149E912D18 ] C:\Windows\system32\winsrv.dll
15:43:58.0642 0x0c0c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
15:43:58.0736 0x0c0c  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
15:43:58.0752 0x0c0c  [ Global ] - ok
15:43:58.0752 0x0c0c  ================ Scan MBR ==================================
15:43:58.0767 0x0c0c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:43:59.0157 0x0c0c  \Device\Harddisk0\DR0 - ok
15:43:59.0157 0x0c0c  ================ Scan VBR ==================================
15:43:59.0157 0x0c0c  [ 0A79355AED5289C4A71755324C06633E ] \Device\Harddisk0\DR0\Partition1
15:43:59.0220 0x0c0c  \Device\Harddisk0\DR0\Partition1 - ok
15:43:59.0235 0x0c0c  [ 92F9078FC2A0EF68764F2750AD04B401 ] \Device\Harddisk0\DR0\Partition2
15:43:59.0266 0x0c0c  \Device\Harddisk0\DR0\Partition2 - ok
15:43:59.0266 0x0c0c  ================ Scan generic autorun ======================
15:43:59.0344 0x0c0c  [ D1930CA970D4250D891F432419E3D6C9, C839ED92D5BCC293081E05F2B199848C37A478A361BA6C3255421A297211C915 ] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
15:43:59.0344 0x0c0c  IAAnotif - ok
15:43:59.0438 0x0c0c  [ 35DDD857F6A87CBB572E2C7A8A275F43, A1A548A4EA9A3BDEBED3B0124E3B821B79C652A402E56D74F0AE517EB026C1E6 ] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
15:43:59.0454 0x0c0c  Acer ePower Management - ok
15:43:59.0953 0x0c0c  [ 307C54B0DA2E3705943E62C754D305BA, C8CD54DF2BEAFCDF7ECB4B9BC9D64720156541009F23F7A1186C06691E261BA1 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
15:44:00.0202 0x0c0c  RtHDVCpl - ok
15:44:00.0218 0x0c0c  SynTPEnh - ok
15:44:00.0405 0x0c0c  [ 7D3CEE287CCD0A3B333A0F4B46520ECE, 7E27FD44CCA41C9E16145A74EBB7870E875F9A3C3EE6823D27F11CC0EB6B0F3B ] C:\Program Files (x86)\Lexmark X5400 Series\lxdvmon.exe
15:44:00.0421 0x0c0c  lxdvmon.exe - ok
15:44:00.0452 0x0c0c  [ 8A814AE59A39C44261B36126BDAB0AB6, 64475A554FB760D61F0A146928B732A57EA082F72FB6218DD5F3D49951768D51 ] C:\Program Files (x86)\Lexmark X5400 Series\lxdvamon.exe
15:44:00.0452 0x0c0c  lxdvamon - ok
15:44:00.0499 0x0c0c  [ 05CF0BFBB4596D8884A549AA9F0259B1, 70CDFB5A57A6AA9113C895DD9C0448872FC121461A9DFCC57D7478BE51B99A81 ] c:\Program Files\Zune\ZuneLauncher.exe
15:44:00.0499 0x0c0c  Zune Launcher - ok
15:44:00.0546 0x0c0c  [ 810A5F70CEB063CEC85360394BEC2C56, FCC289B23B2347AD7C34B48E6EFB1914B5ED8D9DD397B0816D94747B168DFD64 ] C:\Windows\system32\igfxtray.exe
15:44:00.0546 0x0c0c  IgfxTray - ok
15:44:00.0577 0x0c0c  [ 2FE8F6A30802B69A3F501607F346DEEA, CD603DB6055861E9EAD397234120FBE0D3CACEFADB0D6001099CF0DA9DF1CC34 ] C:\Windows\system32\hkcmd.exe
15:44:00.0592 0x0c0c  HotKeysCmds - ok
15:44:00.0608 0x0c0c  [ CA1941B93BA45B7EA4D7D9F451B25C84, B0648762862931CB12004C92CD7A7EF8E3B1C14DD33C980A490D8AA56F7AA723 ] C:\Windows\system32\igfxpers.exe
15:44:00.0624 0x0c0c  Persistence - ok
15:44:00.0811 0x0c0c  [ 166891E92C6E27E7921F12FB01E723BC, FFBBA1B58AF5CE97E59FAD0EDFB3D6DA1CEF18C3141CC9540661DD3ACDA94A0A ] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
15:44:00.0826 0x0c0c  Trend Micro Client Framework - ok
15:44:00.0904 0x0c0c  [ 3D266DE09E8BAA25640BBDF4A6E37C53, 60E5F59D53FC71FD49E3EA3AF5687B6CF50938E842805937F9D09850E6D72B4E ] C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
15:44:00.0936 0x0c0c  Platinum - ok
15:44:01.0045 0x0c0c  [ 028E8DC1652F659B699AB6B92603EBEC, CD6B8E9594AE4FDD4A1EBCB7D1109B4747ECB940B4010EC741A8BB493AA59350 ] C:\Program Files (x86)\Launch Manager\LManager.exe
15:44:01.0076 0x0c0c  LManager - ok
15:44:01.0170 0x0c0c  [ 8409B40B33C3BF52F11175B2A2EB135F, CE5CE877A20F826A902FA9C3BF570A8FF09DF37997D06C3403A6C7897710B6B4 ] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
15:44:01.0185 0x0c0c  Desktop Disc Tool - ok
15:44:01.0294 0x0c0c  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
15:44:01.0294 0x0c0c  Adobe Reader Speed Launcher - ok
15:44:01.0388 0x0c0c  [ 8AF25E4083ADE79D61D174A4F60CD972, 4FDB800374CB7E6C4509BFCABA9DA10C4A8C48AA45877CF2DD68237F310F71F1 ] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
15:44:01.0388 0x0c0c  BackupManagerTray - ok
15:44:01.0450 0x0c0c  [ 28FD28A29C637C9AFEFE0A26E27C6DFE, A490ADCD7BC9863B6E8773CADFDE6CA58A0743CD64C39D14AF380B18ABDEC003 ] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
15:44:01.0450 0x0c0c  RemoteControl8 - ok
15:44:01.0528 0x0c0c  [ F8270CFD51F9D6BF42140FA4071C83FE, B7AAF6B13C01CB6B94DEABBDD40249A6D298DD4BCBE2921D8E332F88ED3B754A ] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe
15:44:01.0528 0x0c0c  PDVD8LanguageShortcut - ok
15:44:01.0622 0x0c0c  [ A4860C14A23AACE1A7A7150D90B65E17, C1EFFD81FEF2F8052A707A708955952E17E2E7A781E53FAEB9C9EAFAAF090B8F ] C:\Program Files (x86)\Lexmark X5400 Series\fm3032.exe
15:44:01.0638 0x0c0c  Lexmark X5400 Series - ok
15:44:01.0794 0x0c0c  [ 8A7F55E5B5543C95D8AF191BCBF6D125, 6DE8F960AEF4D953804CF9FFE813392BF7A3AFF798829B5D325204883CBD49A8 ] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
15:44:01.0809 0x0c0c  Microsoft Default Manager - ok
15:44:02.0043 0x0c0c  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:44:02.0059 0x0c0c  Adobe ARM - ok
15:44:02.0215 0x0c0c  [ CB7CA3DC268CA9D3FC1349A60EA48211, 666FEBDE2F4FFDE141956795096027003B1F01028B2940C42D217C306F60B0AC ] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
15:44:02.0246 0x0c0c  DivXUpdate - ok
15:44:02.0418 0x0c0c  [ 310638EBDD87B49DF3D12EDB853D5166, 560A5A78738DCEC49475F2581BF62E9093078873658BEF50A98E31262AAB7F68 ] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
15:44:02.0418 0x0c0c  AppleSyncNotifier - ok
15:44:02.0667 0x0c0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:44:02.0698 0x0c0c  Sidebar - ok
15:44:02.0730 0x0c0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:44:02.0745 0x0c0c  mctadmin - ok
15:44:02.0776 0x0c0c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
15:44:02.0808 0x0c0c  Sidebar - ok
15:44:02.0808 0x0c0c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
15:44:02.0823 0x0c0c  mctadmin - ok
15:44:02.0854 0x0c0c  swg - ok
15:44:03.0042 0x0c0c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] C:\Users\Mitch Johnson\AppData\Local\Google\Update\GoogleUpdate.exe
15:44:03.0057 0x0c0c  Google Update - ok
15:44:03.0151 0x0c0c  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKA.EXE
15:44:03.0166 0x0c0c  EPSON Stylus Photo R280 Series - ok
15:44:03.0229 0x0c0c  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKL.EXE
15:44:03.0244 0x0c0c  EPSON Stylus Photo R290 Series (Copy 1) - ok
15:44:03.0478 0x0c0c  [ 3D266DE09E8BAA25640BBDF4A6E37C53, 60E5F59D53FC71FD49E3EA3AF5687B6CF50938E842805937F9D09850E6D72B4E ] C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
15:44:03.0494 0x0c0c  Application Restart #0 - ok
15:44:03.0510 0x0c0c  swg - ok
15:44:03.0525 0x0c0c  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKL.EXE
15:44:03.0572 0x0c0c  EPSON Stylus Photo R290 Series - ok
15:44:03.0744 0x0c0c  [ 32DC1799B7CEA4CCDD72D82ACA7F3A75, A122BB3ECFBF6274802804BB33E0DF3DE9A8961D45A795057A8BD589E51BF33A ] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
15:44:03.0775 0x0c0c  TomTomHOME.exe - ok
15:44:03.0775 0x0c0c  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKL.EXE
15:44:03.0790 0x0c0c  EPSON Stylus Photo R290 Series (Copy 1) - ok
15:44:03.0806 0x0c0c  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKL.EXE
15:44:03.0806 0x0c0c  EPSON Stylus Photo R290 Series (Copy 1) - ok
15:44:03.0806 0x0c0c  swg - ok
15:44:03.0822 0x0c0c  [ 193C41CAB9863DBA8B4D182C8E1B246A, FD3DB7B34BCCD7885B5F918F5B02C3C87C249A63929AF203BE5375AC357330FB ] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICKL.EXE
15:44:03.0822 0x0c0c  EPSON Stylus Photo R290 Series (Copy 1) - ok
15:44:03.0837 0x0c0c  Waiting for KSN requests completion. In queue: 325
15:44:04.0851 0x0c0c  Waiting for KSN requests completion. In queue: 18
15:44:05.0865 0x0c0c  Waiting for KSN requests completion. In queue: 18
15:44:06.0926 0x0c0c  AV detected via SS2: Trend Micro Internet Security, C:\Program Files\Trend Micro\Titanium\wschandler.exe ( 9.0.0.1150 ), 0x40000 ( disabled : updated )
15:44:06.0926 0x0c0c  Win FW state via NFP2: enabled ( trusted )
15:44:09.0469 0x0c0c  ============================================================
15:44:09.0469 0x0c0c  Scan finished
15:44:09.0469 0x0c0c  ============================================================
15:44:09.0469 0x12b4  Detected object count: 0
15:44:09.0469 0x12b4  Actual detected object count: 0
15:46:49.0151 0x11d8  Deinitialize success
 

  • aswMBR log

aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-06-07 15:54:03
-----------------------------
15:54:03.066    OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:03.066    Number of processors: 4 586 0x2502
15:54:03.067    ComputerName: JOHNSONFAMILYPC  UserName: Scott Johnson
15:54:17.872    Initialize success
15:54:17.872    VM: initialized successfully
15:54:17.872    VM: Intel CPU supported
15:54:21.024    VM: supported disk I/O iaStor.sys
15:55:55.609    AVAST engine defs: 16060701
15:56:08.354    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:56:08.354    Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
15:56:08.651    VM: Disk 0 MBR read successfully
15:56:08.666    Disk 0 MBR scan
15:56:08.666    Disk 0 Windows 7 default MBR code
15:56:08.666    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        12291 MB offset 63
15:56:08.682    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 25173855
15:56:08.713    Disk 0 Boot: NTFS     code=1
15:56:08.729    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       464545 MB offset 25382700
15:56:08.869    Disk 0 scanning C:\Windows\system32\drivers
15:56:33.408    Service scanning
15:57:20.068    Modules scanning
15:57:20.083    Disk 0 trace - called modules:
15:57:20.099    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
15:57:20.099    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e1e060]
15:57:20.114    3 CLASSPNP.SYS[fffff880019c743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b91050]
15:57:33.296    AVAST engine scan C:\Windows
15:57:42.173    AVAST engine scan C:\Windows\system32
16:06:14.088    AVAST engine scan C:\Windows\system32\drivers
16:06:50.108    AVAST engine scan C:\Users\Scott Johnson
16:29:43.176    AVAST engine scan C:\ProgramData
16:33:47.800    Disk 0 statistics 4078252/0/22 @ 1.07 MB/s
16:33:47.815    Scan finished successfully
16:53:39.330    Disk 0 MBR has been saved successfully to "C:\Users\Scott Johnson\Desktop\MBR.dat"
16:53:39.330    The log file has been saved successfully to "C:\Users\Scott Johnson\Desktop\aswMBR.txt"

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users