Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have ads showing up that shouldn't be there


  • This topic is locked This topic is locked
10 replies to this topic

#1 panda234

panda234

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 29 September 2016 - 10:55 AM

I was referred here by Codesee in the Security subforum. Here is a link to that thread.

 

http://www.bleepingcomputer.com/forums/t/627673/i-have-a-spyware-that-i-cant-seem-to-get-rid-of/

 

Attached is the FRST and Addition log files. Thanks in advance!

 

Bill

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2016
Ran by Billg (administrator) on BILL2700 (29-09-2016 12:40:26)
Running from C:\Users\Billg\Desktop
Loaded Profiles: Billg (Available Profiles: Billg)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DTS) C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
() C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
() D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Adobe Systems Inc.) D:\Adobe7\Acrobat\acrotray.exe
() C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
(razercfg MFC Application) C:\Program Files (x86)\Razer\Lachesis\OSD.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\Razer\Lachesis\razertra.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Lachesis\razerofa.exe
(Malwarebytes) D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
() D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Malwarebytes) D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbam.exe
(Flexera Software, Inc.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7573208 2014-04-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2014-04-15] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [ASUS ShellProcess Execute] => C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe [252544 2010-11-25] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [465536 2010-11-08] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => d:\Adobe7\Acrobat\Acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Lachesis] => C:\Program Files (x86)\Razer\Lachesis\razerhid.exe [248320 2009-11-10] ()
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Run: [Zoom] => 0
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-09-24]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 217.12.218.107 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{25380742-5402-4641-98DC-8764A0394C11}: [DhcpNameServer] 217.12.218.107 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{3B9C55B9-0E40-470F-AEAE-E1B20F098775}: [DhcpNameServer] 217.12.218.107 8.8.8.8 8.8.4.4
 
Internet Explorer:
==================
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-09] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> d:\Adobe7\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-09] (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - d:\Adobe7\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3966353269-29221856-4112531716-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3966353269-29221856-4112531716-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2016-08-29] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\mcsniepl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default
FF Homepage: www.cbc.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll [2014-05-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\npmcsnffpl64.dll [2016-07-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll [2014-05-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-09] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\npmcsnffpl.dll [2016-07-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-09-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: intercall.com plugins -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll [No File]
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Billg\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-09-26] (Citrix Online)
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: application/client-installer -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npMcInstall.dll [No File]
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: intercall.com plugins -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll [No File]
FF Extension: (Flash and Video Download) - C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-09-22]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-09-24]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-09-24] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.nationalpost.com/index.html
CHR Profile: C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default [2016-09-29]
CHR Extension: (Google Slides) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-24]
CHR Extension: (Google Docs) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-24]
CHR Extension: (Google Drive) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-24]
CHR Extension: (YouTube) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-24]
CHR Extension: (Meeting Center) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj [2016-09-24]
CHR Extension: (Google Sheets) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-24]
CHR Extension: (Google Docs Offline) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-09-24]
CHR Extension: (Dropdown List of Most Visited Links) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah [2016-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-24]
CHR Extension: (Gmail) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-24]
CHR Extension: (Chrome Media Router) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-24]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3966353269-29221856-4112531716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Billg\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-21]
CHR HKU\S-1-5-21-3966353269-29221856-4112531716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpfbonfpcpnmoonikfalnendonhkkfjj] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3966353269-29221856-4112531716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-09] (Adobe Systems) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
S3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S4 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 DTSAudioService; C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe [210024 2011-05-31] (DTS)
R2 D_Link_DWA-566_WPS; C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe [53248 2010-07-12] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe [732056 2016-07-18] ()
R2 MBAMScheduler; D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [161536 2016-08-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-19] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
R3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [987048 2016-09-15] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16248 2016-09-15] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-09-15] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S2 PSGenUn; d:\SMCLpav\SMCLpav.exe /LogC:\ProgramData\Panda Security\PSLogs\SMCLpav_exe.log  /RunService
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 AiChargerPlus; C:\Windows\System32\DRIVERS\AiChargerPlus.sys [14464 2010-11-08] (ASUSTek Computer Inc.)
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwfx.sys [15872 2010-05-29] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [51872 2011-03-13] (Windows ® Win 7 DDK provider) [File not signed]
R3 athr; C:\Windows\System32\DRIVERS\Dathrx.sys [2750464 2011-05-24] (Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2011-05-13] (Samsung Electronics Co., Ltd.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-02-14] (GFI Software)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
S3 IKStealthPlug; C:\Windows\System32\DRIVERS\IKStealthPlugLL.sys [54784 2009-10-09] (IK Multimedia)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-29] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [48912 2015-04-27] (Panda Security, S.L.)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 TASCAM_US122144; C:\Windows\System32\Drivers\tascusb2.sys [520880 2016-05-29] (TASCAM)
R3 TASCAM_US122L_MK2_MIDI; C:\Windows\System32\drivers\tscusb2m.sys [32432 2016-05-29] (TASCAM)
R3 TASCAM_US122L_MK2_WDM; C:\Windows\System32\drivers\tscusb2a.sys [55984 2016-05-29] (TASCAM)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [485512 2016-04-28] (BitDefender S.R.L.)
S3 UHSfiltv; C:\Windows\System32\drivers\UHSfiltv.sys [23552 2014-12-22] (Creative Technology Ltd.)
S3 uisp; C:\Windows\System32\Drivers\usbicp.sys [20480 2010-08-24] (Motorola)
R3 VaneFltr; C:\Windows\System32\drivers\Lachesis.sys [29952 2009-10-16] (Razer (Asia-Pacific) Pte Ltd)
S3 WinRing0_1_2_0; D:\Utilities\RealTemp_370\WinRing0x64.sys [14544 2012-02-11] (OpenLibSys.org)
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160809.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160809.007\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-29 12:40 - 2016-09-29 12:40 - 00030714 _____ C:\Users\Billg\Desktop\FRST.txt
2016-09-29 12:40 - 2016-09-29 12:40 - 00000000 ____D C:\FRST
2016-09-29 12:38 - 2016-09-29 12:38 - 02404352 _____ (Farbar) C:\Users\Billg\Desktop\FRST64.exe
2016-09-29 12:38 - 2016-09-29 12:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-09-29 12:33 - 2016-09-29 12:37 - 00002508 _____ C:\Users\Billg\Desktop\Rkill.txt
2016-09-28 18:42 - 2016-09-29 12:38 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-09-28 10:11 - 2016-09-28 10:37 - 00000000 ____D C:\Users\Billg\Desktop\Tem
2016-09-26 13:50 - 2016-09-26 13:50 - 00011912 _____ C:\Windows\system32\.crusader
2016-09-26 13:46 - 2016-09-26 13:47 - 00000000 ____D C:\Program Files\HitmanPro
2016-09-26 13:45 - 2016-09-26 13:51 - 00000000 ____D C:\ProgramData\HitmanPro
2016-09-25 11:30 - 2016-09-29 12:38 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-09-24 21:24 - 2016-09-24 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-09-24 21:24 - 2016-09-24 21:24 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-09-24 21:16 - 2016-09-24 21:18 - 00000000 ____D C:\ProgramData\Esellerate
2016-09-24 21:04 - 2016-09-24 21:04 - 00308888 ____N C:\Windows\Minidump\092416-15880-01.dmp
2016-09-24 21:04 - 2016-09-24 21:04 - 00000000 ____D C:\ProgramData\TrueKey
2016-09-24 21:02 - 2016-09-24 21:02 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-09-24 21:02 - 2016-09-24 21:02 - 00000000 ____D C:\Program Files\Intel Security
2016-09-24 20:57 - 2016-09-24 21:17 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-09-24 20:57 - 2016-09-24 21:16 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-09-24 20:53 - 2016-09-26 13:44 - 00000000 ____D C:\Program Files\TrueKey
2016-09-24 20:53 - 2016-09-24 21:04 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-09-24 20:53 - 2016-09-24 20:53 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-09-24 20:53 - 2016-09-24 20:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-09-24 20:52 - 2016-09-24 20:52 - 00349520 ____N C:\Windows\Minidump\092416-14710-01.dmp
2016-09-24 17:19 - 2016-09-24 17:19 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-09-24 16:38 - 2016-08-02 01:03 - 00216704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-09-24 16:37 - 2016-09-24 16:37 - 00000000 ____D C:\ProgramData\Intel Security
2016-09-24 16:36 - 2016-09-24 16:39 - 00000000 ____D C:\Program Files\McAfee
2016-09-24 16:36 - 2016-09-24 16:37 - 00003084 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-09-24 16:36 - 2016-09-24 16:36 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-09-24 16:36 - 2016-09-24 16:36 - 00000000 ____D C:\Program Files\McAfee.com
2016-09-24 16:36 - 2016-09-24 16:36 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-09-24 16:35 - 2016-09-24 21:01 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-09-24 16:35 - 2016-09-24 17:36 - 00003348 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-09-24 16:33 - 2016-04-26 17:56 - 00277744 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-09-24 15:40 - 2016-09-24 23:32 - 00000000 ____D C:\ProgramData\McAfee
2016-09-24 15:40 - 2016-09-24 16:37 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-09-24 14:42 - 2016-09-24 14:42 - 00002269 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-24 14:04 - 2016-09-24 14:04 - 00000000 ____D C:\Users\Billg\Desktop\Picasso
2016-09-24 13:56 - 2016-09-24 13:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Free Antivirus
2016-09-24 13:41 - 2016-09-24 13:41 - 00272936 ____N C:\Windows\Minidump\092416-13244-01.dmp
2016-09-24 11:26 - 2016-09-24 11:26 - 00348688 ____N C:\Windows\Minidump\092416-14492-01.dmp
2016-09-22 21:15 - 2016-09-24 13:30 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2016-09-22 21:15 - 2016-09-22 21:15 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-09-22 21:11 - 2016-09-29 12:17 - 00000000 ____D C:\AdwCleaner
2016-09-22 21:09 - 2016-09-22 21:09 - 00346640 ____N C:\Windows\Minidump\092216-17144-01.dmp
2016-09-22 12:04 - 2016-09-02 12:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-22 12:04 - 2016-09-02 12:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-22 12:04 - 2016-09-02 12:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-22 12:04 - 2016-09-02 12:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-22 12:04 - 2016-09-02 12:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-22 12:04 - 2016-09-02 12:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-22 12:04 - 2016-09-02 12:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-22 12:04 - 2016-09-02 12:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-22 12:04 - 2016-09-02 12:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 12:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-22 12:04 - 2016-09-02 12:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-22 12:04 - 2016-09-02 12:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-22 12:04 - 2016-09-02 12:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-22 12:04 - 2016-09-02 11:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-22 12:04 - 2016-09-02 11:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-22 12:04 - 2016-09-02 11:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-22 12:04 - 2016-09-02 11:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-22 12:04 - 2016-09-02 11:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-22 12:04 - 2016-09-02 11:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-22 12:04 - 2016-09-02 11:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-22 12:04 - 2016-09-02 11:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-22 12:04 - 2016-09-02 11:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-22 12:04 - 2016-09-02 11:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-22 12:04 - 2016-09-02 11:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-22 12:04 - 2016-09-02 11:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-22 12:04 - 2016-09-02 11:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-22 12:04 - 2016-09-02 11:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 11:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 11:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-22 12:04 - 2016-09-02 11:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-22 12:04 - 2016-08-16 14:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-22 12:04 - 2016-08-15 23:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-22 12:04 - 2016-08-15 23:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-22 12:04 - 2016-08-12 13:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-22 12:04 - 2016-08-12 13:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-22 12:04 - 2016-08-12 13:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-22 12:04 - 2016-08-05 12:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-22 12:04 - 2016-08-05 12:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-22 12:04 - 2016-06-25 21:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-22 12:04 - 2016-06-25 21:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-09-22 12:04 - 2016-06-25 21:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-09-22 12:04 - 2016-06-25 21:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-09-22 12:04 - 2016-06-25 21:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-09-22 12:04 - 2016-06-25 16:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-09-22 12:04 - 2016-06-25 16:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-09-22 12:04 - 2016-06-25 16:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-09-22 12:04 - 2016-06-25 16:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-09-22 12:04 - 2016-06-25 16:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-09-22 12:03 - 2016-08-06 12:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-22 12:03 - 2016-08-06 12:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-20 10:53 - 2016-09-20 12:40 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Zoom
2016-09-18 20:07 - 2016-09-24 16:35 - 00000000 ____D C:\Program Files\Common Files\AV
2016-09-18 20:07 - 2016-09-24 15:42 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-09-18 19:40 - 2016-09-18 19:40 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-09-18 19:39 - 2016-09-24 16:32 - 00000000 ____D C:\ProgramData\Norton
2016-09-18 19:39 - 2016-09-18 19:49 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-09-18 19:39 - 2016-09-18 19:39 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-09-17 10:59 - 2016-09-17 10:59 - 00000000 ____D C:\Users\Billg\Documents\OneNote Notebooks
2016-09-16 22:59 - 2016-09-24 13:50 - 00403586 _____ C:\Windows\ntbtlog.txt
2016-09-16 21:24 - 2016-09-29 12:30 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-09-16 21:24 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-09-16 21:24 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-09-16 21:24 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-09-16 13:16 - 2016-09-22 18:43 - 00000000 ____D C:\Users\Billg\Desktop\GCB
2016-09-16 13:08 - 2016-09-18 19:41 - 00000000 ___HD C:\$AVG
2016-09-16 13:08 - 2016-09-16 13:08 - 00000000 ____D C:\Users\Billg\AppData\Roaming\AVG
2016-09-16 13:05 - 2016-09-26 09:54 - 00000000 ____D C:\ProgramData\Avg
2016-09-11 12:24 - 2016-09-11 12:24 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Lavasoft
2016-09-11 12:24 - 2016-09-11 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-09-11 12:23 - 2016-09-11 12:23 - 00000000 ____D C:\Users\Billg\AppData\Roaming\LavasoftStatistics
2016-09-11 12:22 - 2016-09-11 12:22 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2016-09-11 12:21 - 2016-09-11 12:21 - 00000000 ____D C:\ProgramData\Lavasoft
2016-09-10 20:59 - 2016-09-10 20:59 - 00000000 ____D C:\Users\Billg\Documents\A2A
2016-09-10 20:48 - 2016-09-10 20:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A2A Simulations
2016-09-10 17:53 - 2016-09-10 17:53 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SceneryConfigEditor
2016-09-10 09:53 - 2016-09-10 09:53 - 00000000 ____D C:\ProgramData\Navigraph
2016-09-08 18:10 - 2016-09-08 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OryxSim Kelowna X 2012 Edition
2016-09-08 17:47 - 2016-09-08 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BluePrint Simulations
2016-09-08 16:18 - 2016-09-08 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaSceneryEarth
2016-09-08 14:20 - 2016-09-08 14:20 - 00000091 _____ C:\megaCity.ini
2016-09-08 14:13 - 2016-09-08 14:13 - 00000000 ____D C:\ProgramData\installer_fsx
2016-09-08 14:13 - 2016-09-08 14:13 - 00000000 ____D C:\ProgramData\fsx_files_update
2016-09-08 14:13 - 2016-09-08 14:13 - 00000000 ____D C:\ProgramData\FSX_files
2016-09-08 14:10 - 2016-09-08 14:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSAddon
2016-09-08 13:48 - 2016-09-11 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlyTampa
2016-09-08 13:48 - 2016-09-08 13:48 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa
2016-09-08 13:29 - 2016-09-08 13:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UK2000 Scenery
2016-09-08 13:00 - 2016-09-08 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX 4
2016-09-07 21:37 - 2016-09-07 21:37 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Orbx systems
2016-09-07 20:19 - 2016-09-08 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aerosoft
2016-09-07 20:15 - 2016-09-07 20:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orbx
2016-09-07 11:26 - 2016-09-07 11:57 - 00002048 _____ C:\Windows\f1utii.lic
2016-09-07 11:22 - 2016-09-07 11:22 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LatinVFR
2016-09-06 20:37 - 2016-09-06 20:37 - 00000000 ____D C:\Users\Billg\AppData\Roaming\PMDG
2016-09-06 20:32 - 2016-09-06 20:33 - 00000000 ____D C:\Users\Billg\Documents\Flight Simulator X - Steam Edition Files
2016-09-06 20:02 - 2016-09-06 20:59 - 00000000 ____D C:\Users\Billg\AppData\Roaming\CaptainSim
2016-09-06 20:02 - 2016-09-06 20:56 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim
2016-09-06 20:02 - 2016-09-06 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim
2016-09-06 20:00 - 2016-09-06 20:59 - 00000000 ____D C:\ProgramData\CaptainSim
2016-09-06 18:52 - 2016-09-08 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software
2016-09-06 16:59 - 2016-09-24 00:18 - 00000000 ____D C:\Program Files (x86)\FSForce 2
2016-09-06 16:59 - 2016-09-06 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FS Force 2
2016-09-06 16:59 - 2016-09-06 16:59 - 00000000 ____D C:\ProgramData\FS Force
2016-09-05 21:35 - 2016-09-05 21:35 - 00000472 _____ C:\Users\Billg\Documents\KPHXKLAX01.RTE
2016-09-05 20:16 - 2016-09-05 20:16 - 00002048 _____ C:\Windows\gexna20.lic
2016-09-05 19:49 - 2016-09-08 14:12 - 00000000 ____D C:\ProgramData\Virtuali
2016-09-05 19:48 - 2016-09-08 14:39 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Virtuali
2016-09-05 18:57 - 2016-09-08 14:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaSceneryX
2016-09-05 18:19 - 2016-09-08 12:50 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Flight One Software
2016-09-05 13:47 - 2016-09-05 13:47 - 00000000 ____D C:\ProgramData\Caphyon
2016-09-05 13:45 - 2016-09-05 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REX Essential Plus
2016-09-05 12:32 - 2016-09-28 22:43 - 00000000 ____D C:\OpusFSX
2016-09-05 12:14 - 2016-09-05 12:14 - 00000000 ____D C:\Opus Software
2016-09-05 02:33 - 2016-09-07 11:17 - 00000000 ____D C:\ProgramData\Delta Virtual
2016-09-05 02:21 - 2016-09-05 02:27 - 00000517 _____ C:\Users\Billg\Documents\KLAXYBBN01.RTE
2016-09-05 02:04 - 2016-09-29 12:14 - 00000000 ____D C:\Users\Billg\Documents\ACARS
2016-09-05 02:04 - 2016-09-07 11:17 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Delta Virtual
2016-09-05 02:04 - 2016-09-07 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta Virtual Airlines
2016-09-05 02:04 - 2016-09-07 11:17 - 00000000 ____D C:\Program Files (x86)\Delta Virtual
2016-09-05 02:04 - 2016-09-06 12:20 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Delta Virtual Airlines
2016-09-05 01:41 - 2016-09-10 11:01 - 00000000 ____D C:\Users\Billg\Documents\AivlaSoft
2016-09-05 01:41 - 2016-09-10 11:00 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AivlaSoft
2016-09-05 01:39 - 2016-09-06 22:45 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software
2016-09-05 01:39 - 2016-09-05 01:39 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Flight1
2016-09-05 01:37 - 2016-09-07 11:58 - 00000000 ____D C:\Flight One Software
2016-09-05 00:08 - 2016-09-29 12:14 - 00000000 ____D C:\Users\Billg\Documents\Flight Simulator X Files
2016-09-04 10:50 - 2016-09-04 10:50 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-09-04 10:50 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2016-09-01 14:00 - 2016-09-01 14:02 - 00000000 ____D C:\ProgramData\Binarysense
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-29 12:38 - 2009-07-14 01:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-09-29 12:38 - 2009-07-14 01:45 - 00022080 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-09-29 12:37 - 2016-05-10 19:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-29 12:35 - 2009-07-14 02:13 - 00887968 _____ C:\Windows\system32\PerfStringBackup.INI
2016-09-29 12:35 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-09-29 12:30 - 2016-05-10 19:26 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-29 12:30 - 2012-09-21 14:05 - 00000000 ____D C:\ProgramData\NVIDIA
2016-09-29 12:30 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-09-28 20:03 - 2015-04-28 12:38 - 00000000 ____D C:\Users\Billg\Documents\Outlook Files
2016-09-26 13:44 - 2016-05-29 15:43 - 00000000 ____D C:\Windows\usb-audio.deTascam
2016-09-26 09:53 - 2012-08-23 14:23 - 00000000 ____D C:\ProgramData\MFAData
2016-09-24 21:04 - 2012-02-24 01:13 - 00000000 ____D C:\Windows\Minidump
2016-09-24 21:02 - 2015-09-21 13:52 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-24 20:56 - 2012-02-07 21:47 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-09-24 20:53 - 2012-04-01 02:30 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-24 20:53 - 2012-04-01 02:30 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-24 20:53 - 2012-02-07 16:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-24 20:53 - 2012-02-07 14:22 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-24 20:14 - 2015-09-09 13:54 - 00000000 ____D C:\ProgramData\Panda Security
2016-09-24 15:41 - 2012-11-08 23:06 - 00001945 _____ C:\Windows\epplauncher.mif
2016-09-24 14:45 - 2009-07-14 01:45 - 00376840 _____ C:\Windows\system32\FNTCACHE.DAT
2016-09-24 14:42 - 2012-04-02 09:45 - 00000000 ____D C:\Program Files (x86)\Google
2016-09-24 13:57 - 2015-09-09 13:55 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Panda Security
2016-09-23 15:14 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-09-22 16:48 - 2012-09-21 18:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-22 12:11 - 2013-09-11 12:57 - 00000000 ____D C:\Windows\system32\MRT
2016-09-22 12:07 - 2012-02-07 15:57 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-22 12:06 - 2012-08-23 14:25 - 00000000 ____D C:\Program Files (x86)\AVG
2016-09-22 08:49 - 2015-09-09 10:16 - 00001385 _____ C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-09-22 08:49 - 2015-06-01 23:42 - 00002162 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-09-22 08:49 - 2014-10-19 21:29 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-22 08:49 - 2012-03-05 21:29 - 00000370 _____ C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSGenesis BugTracker.lnk
2016-09-22 08:49 - 2012-02-07 14:47 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-19 19:25 - 2015-09-09 10:31 - 00000000 ____D C:\Windows\pss
2016-09-16 21:30 - 2013-04-05 11:27 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-09-11 10:19 - 2012-02-07 13:51 - 00000000 ____D C:\Users\Billg
2016-09-10 20:59 - 2012-02-10 00:34 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-09-10 11:35 - 2014-11-17 11:13 - 00000000 ____D C:\Users\Billg\Desktop\Active
2016-09-09 19:51 - 2012-02-10 00:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
2016-09-09 19:51 - 2012-02-07 14:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-07 22:53 - 2012-02-08 02:04 - 00000000 ____D C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx
2016-09-06 20:36 - 2015-03-06 11:51 - 00000000 ____D C:\Program Files (x86)\PMDG Operations Center
2016-09-06 20:33 - 2012-09-21 14:05 - 00000000 ____D C:\temp
2016-09-06 18:51 - 2012-12-03 23:26 - 00002048 _____ C:\Windows\uadc9c.lic
2016-09-06 18:34 - 2014-01-15 01:16 - 00000000 ____D C:\Windows\Flight1 SoundStream
2016-09-06 18:32 - 2012-07-26 23:53 - 00002048 _____ C:\Windows\f1sndstr.lic
2016-09-05 20:30 - 2013-01-11 17:27 - 00002048 _____ C:\Windows\gexeurope.lic
2016-09-05 19:53 - 2013-02-28 12:06 - 00002048 _____ C:\Windows\gexapt.lic
2016-09-05 18:13 - 2012-11-05 11:23 - 00002048 _____ C:\Windows\gexusacan.lic
2016-09-05 12:14 - 2012-09-28 04:53 - 00002048 _____ C:\Windows\OpusFSX.lic
2016-09-04 23:47 - 2013-08-30 12:16 - 00000000 ____D C:\Program Files (x86)\VATSpy
2016-09-04 23:47 - 2012-04-09 07:58 - 00000000 ____D C:\Users\Billg\AppData\Roaming\VAT-Spy
2016-09-04 18:04 - 2014-08-10 12:15 - 00000000 ____D C:\Program Files (x86)\FS Real Time
2016-09-02 12:20 - 2014-05-02 17:31 - 00000000 ____D C:\Users\Billg\Documents\vPilot Files
2016-09-01 20:48 - 2012-05-26 05:06 - 00000000 ____D C:\Users\UpdatusUser
2016-09-01 20:48 - 2012-02-10 00:46 - 00000000 ____D C:\ProgramData\FLEXnet
2016-09-01 20:48 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\registration
 
==================== Files in the root of some directories =======
 
2012-02-07 20:21 - 2012-02-07 20:21 - 0000280 _____ () C:\Users\Billg\AppData\Roaming\ANICONFIG_{6CA210B4-8739-49D9-867F-46EDC3181FD9}.ini
2015-07-07 16:06 - 2015-12-19 17:34 - 0038476 _____ () C:\Users\Billg\AppData\Roaming\Comma Separated Values (DOS).ADR
2015-07-07 16:07 - 2015-07-07 16:07 - 0013016 _____ () C:\Users\Billg\AppData\Roaming\Comma Separated Values (DOS).CAL
2015-07-08 19:30 - 2015-07-08 19:30 - 0008304 _____ () C:\Users\Billg\AppData\Roaming\Comma Separated Values (DOS).JNL
2015-07-08 19:32 - 2015-07-08 19:32 - 0004410 _____ () C:\Users\Billg\AppData\Roaming\Comma Separated Values (DOS).NOT
2013-01-06 10:36 - 2014-02-13 12:54 - 0038421 _____ () C:\Users\Billg\AppData\Roaming\Microsoft Excel 97-2003.ADR
2016-05-29 16:03 - 2016-08-28 11:13 - 0000032 _____ () C:\Users\Billg\AppData\Roaming\msregsvv.dll
2016-09-18 15:45 - 2016-09-18 15:45 - 0000000 ____H () C:\Users\Billg\AppData\Local\BITE88A.tmp
2013-03-01 00:27 - 2013-03-01 00:27 - 0007593 _____ () C:\Users\Billg\AppData\Local\CleanupUninstall.txt
2015-11-10 14:40 - 2015-11-10 14:40 - 0004096 ____H () C:\Users\Billg\AppData\Local\keyfile3.drm
2012-04-27 12:20 - 2014-05-08 12:18 - 0007671 _____ () C:\Users\Billg\AppData\Local\Resmon.ResmonCfg
2016-09-18 15:45 - 2016-09-18 15:45 - 0000000 _____ () C:\Users\Billg\AppData\Local\{71BB5627-7818-4F27-8C45-5BB229FBC4D7}
2016-05-29 16:03 - 2016-08-28 11:13 - 0000032 _____ () C:\ProgramData\autobk.inc
2015-03-22 08:59 - 2015-03-22 08:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Users\Billg\FlightBeam_Phoenix Sky Harbor - HD.reg
C:\Users\Billg\FlightBeam_San Francisco X.reg
C:\Users\Billg\FSDreamTeam_Chicago Ohare.reg
C:\Users\Billg\FSDreamTeam_Dallas-Fort Worth.reg
C:\Users\Billg\FSDreamTeam_Geneva.reg
C:\Users\Billg\FSDreamTeam_GSX.reg
C:\Users\Billg\FSDreamTeam_Hawaiian Airports Volume 1.reg
C:\Users\Billg\FSDreamTeam_Hawaiian Airports Volume 2.reg
C:\Users\Billg\FSDreamTeam_Honolulu.reg
C:\Users\Billg\FSDreamTeam_JFK.reg
C:\Users\Billg\FSDreamTeam_KFLL.reg
C:\Users\Billg\FSDreamTeam_KLAS.reg
C:\Users\Billg\FSDreamTeam_Vancouver CYVR.reg
C:\Users\Billg\FSDreamTeam_ZurichX.reg
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-26 21:08
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2016
Ran by Billg (29-09-2016 12:40:46)
Running from C:\Users\Billg\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-02-07 16:51:21)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3966353269-29221856-4112531716-500 - Administrator - Disabled)
Billg (S-1-5-21-3966353269-29221856-4112531716-1000 - Administrator - Enabled) => C:\Users\Billg
Guest (S-1-5-21-3966353269-29221856-4112531716-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3966353269-29221856-4112531716-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
3DMark Vantage (HKLM-x32\...\{C40C3C3D-97CF-44B5-836C-766E374464B3}) (Version: 1.1.0 - Futuremark Corporation)
727 Captain (Freighter) Expansion Model [FSX/SE/P3D] 2.70 FSX (HKLM-x32\...\p723_fsx) (Version: 2.70 - © 1999-2016 Captain Sim)
737 Captain (737-200) Base Pack [FSX/SE] 1.70 FSX (HKLM-x32\...\p732_fsx) (Version: 1.70 - © 1999-2016 Captain Sim)
737 Captain (737-200C/F) Expansion Model [FSX/SE/P3D] 1.70 FSX (HKLM-x32\...\e733_fsx) (Version: 1.70 - © 1999-2016 Captain Sim)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Accu-Feel (HKLM-x32\...\Accu-Feel) (Version:  - )
Accu-Feel Air, Land, and Sea (HKLM-x32\...\Accu-Feel Air, Land, and Sea) (Version:  - )
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Ad-Aware Antivirus (HKLM\...\{36036827-FA38-4A74-8333-26BC4EEC9308}_AdAwareUpdater) (Version: 11.12.945.9202 - Lavasoft)
AdAwareInstaller (Version: 11.12.945.9202 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.12.945.9202 - Lavasoft) Hidden
Adobe Acrobat 8.1.0 Standard (HKLM-x32\...\Adobe Acrobat  8 Standard) (Version: 8.1.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 23 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (HKLM-x32\...\{EE11CFFC-898C-4875-8A63-8B732A9AD43B}) (Version: 1.2.0.3 - Aerosoft)
Aerosoft's - Manhattan X (HKLM-x32\...\{6ED3756D-BA23-4938-94F9-7C2BFC9B86FC}) (Version: 1.30 - Aerosoft)
aerosoft's - Mega Airport London Heathrow X (HKLM-x32\...\{2F4AF40B-433A-494E-BB41-816D113F32BA}) (Version: 1.10 - aerosoft)
aerosoft's - Mega Airport Paris CDG X (HKLM-x32\...\{0F5E7FC8-3D49-47DA-9A51-6A8B4BE393B0}) (Version: 1.00 - aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
aerosoft's - VFR London X (HKLM-x32\...\{C1002665-A1DD-4764-AEDC-0769E09FAA4D}) (Version: 1.20 - aerosoft)
AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 1.02.03 - ASUSTeK Computer Inc.)
AivlaSoft EFB (HKLM-x32\...\AivlaSoft EFB) (Version: 1.6.8 - AivlaSoft )
AivlaSoft SimpleCam (HKLM-x32\...\AivlaSoft SimpleCam) (Version: 1.0.11 - Apprimus Informatik GmbH)
Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version:  - )
AmpliTube 4 version 4.0.2 (HKLM\...\{21B0C8E0-7EB7-4832-B764-20A7DAE86E02}_is1) (Version: 4.0.2 - IK Multimedia)
AntimalwareEngine (Version: 3.0.129.0 - Lavasoft) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Aslain's WoT Modpack version 9.15.2.08 (HKLM-x32\...\Aslains_WoT_Modpack_Installer_is1) (Version: 9.15.2.08 - Aslain)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
ASUS PC Diagnostics (HKLM-x32\...\{D709005F-D8DC-42A8-8435-5AE880ECAF82}) (Version: 1.1.5 - ASUSTeK Computer Inc.)
AVS Audio Converter 7 (HKLM-x32\...\AVS Audio Converter_is1) (Version:  - Online Media Technologies Ltd.)
AVS Audio Editor 7.1 (HKLM-x32\...\AVS Audio Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Media Player 4.1.8.93 (HKLM-x32\...\AVS Media Player_is1) (Version:  - Online Media Technologies Ltd.)
AVS Photo Editor (HKLM-x32\...\AVS Photo Editor_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 8 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Editor 6 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.3.2.234 - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.16 - Piriform)
CPUID HWMonitor 1.21 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Custom Shop version 1.7.0 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.7.0 - IK Multimedia)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
Delta Virtual Airlines ACARS 3.2 (HKLM-x32\...\DVA ACARS 3) (Version: 3.20 - Delta Virtual Airlines)
Delta Virtual Airlines ACARS Dispatch 2.0 (HKLM-x32\...\DVA ACARS Dispatch) (Version: 2.02 - Delta Virtual Airlines)
Dropbox (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
EditVoicepack X (HKLM-x32\...\{493687F8-8D57-47C4-87B6-D46D7C5203BF}) (Version: 4.0.7 - Bevelstone Production)
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
FlightBeam Phoenix Sky Harbor FSX (HKLM-x32\...\FlightBeam Phoenix Sky Harbor FSX_is1) (Version: 1.3.0 - FlightBeam)
FlightBeam San Francisco International FSX 2.0.1 (HKLM-x32\...\FlightBeam San Francisco International FSX 2.0.1_is1) (Version:  - )
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
FS Force 2 (HKLM-x32\...\FSForce2_is1) (Version:  - Dirks Software)
FSDreamTeam Dallas/Fort Worth International FSX/P3D 2.0.4 (HKLM-x32\...\FSDreamTeam Dallas/Fort Worth International FSX/P3D_is1) (Version:  - )
FSDreamTeam Fort Lauderdale-Hollywood FSX (HKLM-x32\...\FSDreamTeam Fort Lauderdale-Hollywood FSX_is1) (Version: 1.5 - VIRTUALI s.a.s.)
FSDreamTeam Geneva FSX/P3D 1.4.2 (HKLM-x32\...\FSDreamTeam Geneva FSX/P3D_is1) (Version:  - )
FSDreamTeam Hawaiian Airports Volume 1 FSX/P3D 1.7.1 (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 1 FSX/P3D_is1) (Version:  - )
FSDreamTeam Hawaiian Airports Volume 2 FSX/P3D 1.4.1 (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX/P3D_is1) (Version:  - )
FSDreamTeam Honolulu International FSX/P3D 1.2 (HKLM-x32\...\FSDreamTeam Honolulu International FSX/P3D_is1) (Version:  - )
FSDreamTeam JFK FSX 1.2.4 (HKLM-x32\...\FSDreamTeam JFK FSX_is1) (Version:  - )
FSDreamTeam Las Vegas McCarran FSX (HKLM-x32\...\FSDreamTeam Las Vegas McCarran FSX_is1) (Version: 1.4.3 - VIRTUALI Sagl)
FSDreamTeam Los Angeles International FSX (HKLM-x32\...\FSDreamTeam Los Angeles International FSX_is1) (Version: 1.6.1 - VIRTUALI Sagl)
FSDreamTeam OHareX FSX (HKLM-x32\...\FSDreamTeam OHareX FSX_is1) (Version: 2.3 - VIRTUALI s.a.s.)
FSDreamTeam Vancouver International FSX/P3D 1.0 (HKLM-x32\...\FSDreamTeam Vancouver International FSX/P3D_is1) (Version:  - FSDreamTeam)
FSDreamTeam ZurichX FSX (HKLM-x32\...\FSDreamTeam ZurichX FSX_is1) (Version: 2.5.5 - VIRTUALI s.a.s.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Ground Environment X Atlantic and Pacific Tropics (HKLM-x32\...\Ground Environment X Atlantic and Pacific Tropics) (Version:  - Flight One Software)
Ground Environment X Europe (HKLM-x32\...\Ground Environment X Europe) (Version:  - Flight One Software)
Ground Environment X North America (HKLM-x32\...\Ground Environment X North America) (Version:  - Flight One Software)
Ground Environment X North America (HKLM-x32\...\Ground Environment X North America1.096) (Version: 1.096 - Flight One Software)
Gyazo 3.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Hawaii Oahu (HKLM-x32\...\MegaSceneryX_is1) (Version: 1 - PC Aviator Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.280 - SurfRight B.V.)
IK Multimedia Authorization Manager version 1.0.15 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.15 - IK Multimedia)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.7.122.1 - Intel Security)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Watchdog Timer Driver (Intel® WDT) (HKLM-x32\...\{3FD0C489-0F02-481a-A3E1-9754CD396761}) (Version:  - Intel Corporation)
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
KMEM v1.1.2 for FSX (HKLM\...\{03EFC5C9-E507-4A80-A7E4-A67AAE976446}) (Version: 1.1.2 - BluePrint Simulations)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1045 - Marvell)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.266 - McAfee, Inc.)
McPhat DC-9 DELTA v1.0b025 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\McPhat DC-9 DELTA v1.0b025) (Version:  - )
Meeting Center Installer Module  (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\UMClient) (Version: 5.16.2.72 - The Conferencing Center)
MegaSceneryEarth Detroit Ultra Res 001 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 001 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 002 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 002 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 003 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 003 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 004 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 004 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 005 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 005 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 006 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 006 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Detroit Ultra Res 007 2.0 (HKLM-x32\...\MegaSceneryEarth Detroit Ultra Res 007 2.0) (Version: 2.0 - MegaSceneryEarth)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM-x32\...\{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version:  - )
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project Standard 2007 (HKLM-x32\...\PRJSTDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Outlook 2010 (HKLM\...\Office14.OUTLOOKR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{E75776B2-EAE5-42F9-A800-0A10763DEDF0}) (Version: 11.0.2318.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
OpusFSX for FSX and Prepar3D Flight Simulators (HKLM-x32\...\{5E993002-2D95-4EE5-BBD7-9E02A3B60EB1}) (Version: 3.55.1 - Opus Software Limited)
OryxSim Kelowna X: 2012 Edition (HKLM-x32\...\OryxSim Kelowna X: 2012 Edition) (Version:  - )
PMDG 737 6700 NGX Expansion FSX (HKLM-x32\...\{C7EE862A-D83D-4A9F-B746-CBDE39BD7001}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 737 8900 NGX Base Package FSX (HKLM-x32\...\{20708FD5-E94D-4097-A21E-E28564CDBC06}) (Version: 1.10.6461 - PMDG Simulations, LLC.)
PMDG 747-400/400F for FSX (HKLM-x32\...\{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}) (Version: 2.10.0040 - Precision Manuals Development Group)
PMDG 747X World Airliners COMBI v1.0b000 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG 747X World Airliners COMBI v1.0b000) (Version:  - )
PMDG MD11 American Airlines v1.0b000 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG MD11 American Airlines v1.0b000) (Version:  - )
PMDG MD11 World Airliners 1 v1.0b011 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG MD11 World Airliners 1 v1.0b011) (Version:  - )
PMDG MD11 World Airliners 2 v1.0b005 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG MD11 World Airliners 2 v1.0b005) (Version:  - )
PMDG MD11 World Airliners 3 v1.0b003 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG MD11 World Airliners 3 v1.0b003) (Version:  - )
PMDG MD11 World Airliners 4 v1.1b002 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG MD11 World Airliners 4 v1.1b002) (Version:  - )
PMDG MD11 World Airliners 5 v1.0b002 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\PMDG MD11 World Airliners 5 v1.0b002) (Version:  - )
PMDG_MD11_FSX (HKLM-x32\...\{CED6EAB9-9FFD-44B2-939A-D77905AD35F3}) (Version: 1.20.0055 - Precision Manuals Development Group)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Lachesis (HKLM-x32\...\{CB4532F7-A1BD-46D2-9938-3E7D4656FB18}) (Version: 1.10.0000 - Razer USA Ltd.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
REX Essential Plus with SP3 (HKLM-x32\...\{92F61DE4-BBF0-4BAA-B542-896BCA57AE3E}) (Version: 3.4.2014.1126 - REX Game Studios, LLC.)
REX Soft Clouds SP3 - Hotfix 3 (HKLM-x32\...\REX Soft Clouds SP3 - Hotfix 3 4.3.2016.0622) (Version: 4.3.2016.0622 - REX Game Studios, LLC.)
REX Soft Clouds SP3 - Hotfix 3 (x32 Version: 4.3.2016.0622 - REX Game Studios, LLC.) Hidden
REX Soft Clouds with SP3 / Hotfix 2 (HKLM-x32\...\{759B4960-1A9A-4324-94E8-C21E23142C87}) (Version: 4.3.2016.03025 - REX Game Studios, LLC.)
SAEZ-SVMI v1.1.2 for FSX (HKLM\...\{39ECE2E2-E2A7-4E92-BF10-D060BBE257B2}) (Version: 1.1.2 - BluePrint Simulations)
Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.)
SceneryConfigEditor v1.1.7 (remove only) (HKLM-x32\...\SceneryConfigEditor) (Version:  - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-001A-0000-1000-0000000FF1CE}_Office14.OUTLOOKR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SIMADDONS CYOW 2011 (HKLM-x32\...\SIMADDONS CYOW 2011) (Version:  - )
Simaddons Halifax 2014 (HKLM-x32\...\Simaddons Halifax 2014) (Version:  - )
Simaddons SA 2015 (HKLM-x32\...\Simaddons SA 2015) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartAssembly 6 (HKLM\...\{EEA9DFEA-07F8-4086-A685-9962A74A425D}) (Version: 6.6.3.41 - Red Gate Software Ltd)
Sound Blaster Tactic(3D) (HKLM-x32\...\{92000C16-939B-44CA-802F-0D552019D7C8}) (Version: 1.0 - Creative Technology Limited)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StealthPlug (HKLM-x32\...\{66DD0212-C79E-4622-81C7-2D7658F3041A}) (Version: 1.1.0.8 - IK Multimedia)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TBPB v1.1.2 for FSX (HKLM\...\{4E9986BE-0B30-4E19-BC93-B8B308F533C8}) (Version: 1.1.2 - BluePrint Simulations)
TinEye Internet Explorer plugin 1.2 (HKLM-x32\...\{AD1C7ACE-30DC-4107-B6A7-9495D12DC846}) (Version: 1.2.0 - Idée Inc.)
TJSJv1.1.2 for FSX (HKLM\...\{C9F3C36E-EA14-4AEC-A6F2-B5B7DF91D461}) (Version: 1.1.2 - BluePrint Simulations)
UK2000 Common Library FSX  (HKLM-x32\...\UK2000 Common Library FSX) (Version: 3.35 - UK2000 Scenery)
UK2000 Manchester Xtreme FSX  (HKLM-x32\...\UK2000 Manchester Xtreme FSX) (Version: 1.6 - UK2000 Scenery)
Ultimate Airliners - The DC-9 Classic (HKLM-x32\...\Ultimate Airliners - The DC-9 Classic) (Version:  - )
Ultimate Terrain X - Canada (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Ultimate Terrain X - Canada) (Version:  - )
Ultimate Terrain X - Europe (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Ultimate Terrain X - Europe) (Version:  - )
Ultimate Terrain X - USA (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Ultimate Terrain X - USA) (Version:  - )
Ultimate Traffic (HKLM-x32\...\F1UT2) (Version: 2 - Flight One Software)
Undelete 360 (HKLM-x32\...\Undelete 360_is1) (Version:  - File Recovery Ltd.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-003A-0000-0000-0000000FF1CE}_PRJSTDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
Vancouver+ v3 (FSX) (HKLM-x32\...\VanPlusv3_is1) (Version: 3.0.0.7 - FSAddon)
VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 3.0.0.17 - VIRTUALI Sagl)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
vPilot (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\vPilot) (Version: 1.1.5901.24775 - Ross Carlson)
WinDirStat 1.1.2 (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\WinDirStat) (Version:  - )
World of Tanks (HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3966353269-29221856-4112531716-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Billg\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {451C5790-F257-4F72-9D83-F4BC6EE65E1D} - \SMWUpd -> No File <==== ATTENTION
Task: {4AD43D47-8E08-489E-826C-2424E5F73B2D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {57490256-4127-4252-9189-F052CAC594C1} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2010-11-26] (ASUSTeK Computer Inc.)
Task: {5B5F86B5-0DF1-4940-90C5-8D7BE526C325} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {69931C31-C7D7-4CCD-8BF7-03E2596C894A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6A7F5B90-25CC-4152-BD53-976B19112C28} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe [2016-09-24] (Adobe Systems Incorporated)
Task: {77186BC8-B8F6-408E-9717-18E19C81F194} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-08] (Adobe Systems Incorporated)
Task: {79B743B1-E416-4772-9A81-E71778D103F5} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {86A4744D-C824-4D12-91AA-96318A8AA9AB} - System32\Tasks\ASUS\ASUS DigiVRM Help => C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe [2011-04-13] (ASUSTeK Computer Inc.)
Task: {A4DB31CC-9830-4B48-BE9B-55B51C64FF33} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite II\USB 3.0 Boost\U3BoostSvr.exe [2011-09-10] ()
Task: {A61AC3D4-BDE2-432B-8151-CDDD4FF253B1} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {B80F8AE2-DC56-4FA6-8833-1A202310DE41} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {E903EA4E-E20D-4A04-9B40-E9B8C80E0367} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {E9D2D934-2147-4461-B03A-FD5078B6EB23} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: {F6967AD7-D7AA-4D77-824C-2301CA10927B} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {FDFEEAE1-7B1B-4B8A-8C5E-1E45B3E05996} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_162_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FSGenesis BugTracker.lnk -> hxxp://portal.fsgenesis.net/index.php?module=pnMantis(
Shortcut: C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx\BackupRestore.lnk -> F:\Microsoft Flight Simulator X\ORBX\Scripts\FTXCentral\Work\BackupRestore.bat ()
Shortcut: C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx\FTX_PFJ_B7002.lnk -> F:\Microsoft Flight Simulator X\ORBX\Scripts\FTX_PFJ_B7002.bat ()
Shortcut: C:\Users\Billg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Orbx\Restore.lnk -> F:\Microsoft Flight Simulator X\ORBX\Scripts\FTXCentral\InstallBackup\Restore.bat ()
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-09-21 14:05 - 2014-09-13 18:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-04-24 10:48 - 2011-04-11 02:26 - 00034304 _____ () C:\Windows\System32\spd__l.dll
2013-12-10 20:31 - 2011-04-11 02:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll
2006-12-04 02:26 - 2006-12-04 02:26 - 00022016 _____ () C:\Windows\System32\sugo3l6.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-12-01 23:15 - 2010-12-02 11:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
2016-04-24 19:03 - 2010-07-12 14:39 - 00053248 _____ () C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe
2016-07-18 20:22 - 2016-07-18 20:22 - 00732056 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
2016-07-18 20:27 - 2016-07-18 20:27 - 00030464 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_system-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00068872 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_date_time-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00146184 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_filesystem-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 11625208 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareServiceKernel.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03420880 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\RCF.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 01005824 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_regex-vc140-mt-1_61.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00124672 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_thread-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00040192 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_chrono-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00986864 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareActivation.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00623360 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareApplicationUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00837872 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareGamingMode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00111336 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareReset.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00134368 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareTime.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01049856 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdater.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00901392 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareDefinitionsUpdaterScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01104624 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareIgnoreList.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00268016 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareQuarantine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01630464 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiMalwareEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00226048 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiRootkitEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01179384 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01377512 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareScanner.dll
2016-07-18 20:27 - 2016-07-18 20:27 - 00039680 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_timer-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01025784 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareScannerScheduler.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01205504 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02663672 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareIncompatibles.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01520872 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiSpam.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01457904 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareAntiPhishing.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03464440 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareParentalControl.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03124472 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareWebProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01327864 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareEmailProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00073480 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_iostreams-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01905408 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareNetworkProtection.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01031912 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwarePromo.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00467688 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareFeedback.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 03159808 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareThreatWorkAlliance.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01313512 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwarePinCode.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01033960 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareNotice.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01597680 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareAvcEngine.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 01170704 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareRealTimeProtectionHistory.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00535280 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareStatistics.dll
2016-02-05 21:25 - 2009-11-10 19:05 - 00248320 _____ () C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
2016-02-05 21:25 - 2009-11-04 17:28 - 00143360 _____ () C:\Program Files (x86)\Razer\Lachesis\razertra.exe
2016-07-18 20:26 - 2016-07-18 20:26 - 09571552 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe
2016-07-18 20:26 - 2016-07-18 20:26 - 00539392 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\boost_locale-vc140-mt-1_61.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 02485992 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\HtmlFramework.dll
2016-07-18 20:26 - 2016-07-18 20:26 - 00871672 _____ () D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareTrayDefaultSkin.dll
2016-09-24 14:42 - 2016-09-13 23:52 - 02280264 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libglesv2.dll
2016-09-24 14:42 - 2016-09-13 23:52 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\53.0.2785.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:74603393 [124]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LavasoftAdAwareService11 => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\100sexlinks.com -> 100sexlinks.com
 
There are 4788 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2016-09-24 21:24 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 217.12.218.107 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\startupfolder: C:^Users^Billg^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: AdAwareTray => "D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe"
MSCONFIG\startupreg: D-Link D-Link DWA-566 => C:\Program Files (x86)\D-Link\DWA-566\AirNCFG.exe
MSCONFIG\startupreg: QuickTime Task => "D:\IK Multimedia\QTTask.exe" -atboottime
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{8ADF19EE-F8E2-427B-97E3-2ADDEF386305}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{B445E647-AD0E-4D50-B537-3E7726383D93}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
24-09-2016 20:47:46 JRT Pre-Junkware Removal
24-09-2016 21:02:02 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
24-09-2016 21:18:27 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
26-09-2016 13:49:52 Checkpoint by HitmanPro
26-09-2016 13:50:24 Checkpoint by HitmanPro
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/29/2016 12:37:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program McUICnt.exe version 7.0.8093.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 85c
 
Start Time: 01d21a672dcc32b3
 
Termination Time: 0
 
Application Path: C:\Program Files\McAfee Security Scan\3.11.376\McUICnt.exe
 
Report Id: b00f38cc-865a-11e6-819c-c8600005e32a
 
Error: (09/29/2016 12:32:00 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/29/2016 12:19:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/26/2016 01:53:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (09/26/2016 01:50:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000308,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,0000000002F4F160.72).  hr = 0x80070005, Access is denied.
.
 
Error: (09/26/2016 01:50:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000a58,(null),0,REG_BINARY,0000000002CDDF50.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
   Writer Name: WMI Writer
   Writer Instance ID: {58a2cf24-5562-4203-b5d6-84a5de3a7466}
 
Error: (09/26/2016 01:50:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000002f4,(null),0,REG_BINARY,000000000232DF50.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {eb65fd5f-7686-472b-bb6e-d512a7624828}
 
Error: (09/26/2016 01:50:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0000000002D4EDE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {d842f48c-2bc5-4810-b7e3-49f3c195d35d}
 
Error: (09/26/2016 01:50:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000f8c,(null),0,REG_BINARY,000000000F37DFE0.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
   Writer Name: MSSearch Service Writer
   Writer Instance ID: {12d9e2e9-6024-443e-9537-f1c7ec35cf88}
 
Error: (09/26/2016 01:50:50 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,0000000001DFE950.72).  hr = 0x80070005, Access is denied.
.
 
 
Operation:
   BackupShutdown Event
 
Context:
   Execution Context: Writer
   Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
   Writer Name: Registry Writer
   Writer Instance ID: {2c14d0cb-c971-4395-b226-faa560be7e4c}
 
 
System errors:
=============
Error: (09/29/2016 12:30:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/29/2016 12:30:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (09/29/2016 12:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (09/29/2016 12:18:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
The system cannot find the device specified.
 
Error: (09/29/2016 12:17:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 3000 milliseconds: Restart the service.
 
Error: (09/29/2016 12:17:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (09/29/2016 12:17:18 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Office Software Protection Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/29/2016 12:17:18 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/29/2016 12:17:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (09/29/2016 12:17:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The FLEXnet Licensing Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2016-09-24 20:22:24.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zSC0C7ACDE\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:22:24.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zSC0C7ACDE\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:22:24.231
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zSC0C7ACDE\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:22:24.199
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zSC0C7ACDE\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:14:54.395
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:14:54.379
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:14:54.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\SMCLpav\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:14:26.844
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zS8D6FDA27\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:14:26.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zS8D6FDA27\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-24 20:14:26.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Utilities\Windows 7\Temp\7zS8D6FDA27\Pav2WSC.exe because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2700K CPU @ 3.50GHz
Percentage of memory in use: 23%
Total physical RAM: 16351.13 MB
Available physical RAM: 12462.56 MB
Total Virtual: 32700.45 MB
Available Virtual: 29352.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:59.53 GB) (Free:2.16 GB) NTFS
Drive d: (Main Drive) (Fixed) (Total:1397.26 GB) (Free:692.62 GB) NTFS
Drive f: (FSX) (Fixed) (Total:238.47 GB) (Free:119.23 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 59.6 GB) (Disk ID: 3C0FE806)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=59.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 250D39DC)
Partition 1: (Not Active) - (Size=238.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 250D39DB)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by panda234, 29 September 2016 - 10:58 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 30 September 2016 - 10:51 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3966353269-29221856-4112531716-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3966353269-29221856-4112531716-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: intercall.com plugins -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll [No File]
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: application/client-installer -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npMcInstall.dll [No File]
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: intercall.com plugins -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll [No File]
CHR Extension: (Meeting Center) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj [2016-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-24]
CHR HKU\S-1-5-21-3966353269-29221856-4112531716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpfbonfpcpnmoonikfalnendonhkkfjj] - hxxps://clients2.google.com/service/update2/crx
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160809.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160809.007\EX64.SYS [X]
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj
Task: {451C5790-F257-4F72-9D83-F4BC6EE65E1D} - \SMWUpd -> No File <==== ATTENTION
Task: {B80F8AE2-DC56-4FA6-8833-1A202310DE41} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FDFEEAE1-7B1B-4B8A-8C5E-1E45B3E05996} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:74603393 [124]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

Restart Chrome.
===

Your version(s) of Adobe Flash are out-or-date and vulnerable.
Go to Start > Control Panel > Programs and Features and uninstall the following programs:
Adobe Flash Player 11 ActiveX
Adobe Flash Player 13 Plugin


Go to this page with Firefox to download the current version for your browser:
https://get.adobe.com/flashplayer/

Note:
Flash Player is pre-installed in Google Chrome and updates automatically!
Flash Player is pre-installed in IE/Hedge and updates automatically!
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after the update you can remove the old version(s) of Java via the Control Panel > Programs and Features.
Java 7 Update 7 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217007FF}) (Version: 7.0.70 - Oracle)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)

Please post the Fixlog.txt and let me know what problem persists.

#3 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 30 September 2016 - 01:58 PM

Here is the fixlog.txt. The problem is "false" ads showing up on some websites, particularly CNN. The problem was solved by following the instructions above but within minutes the ads appeared again. Here is what some of the hijacked ads look like. 

 

281fc9b5f1832507156915f794077e9c.png
https://gyazo.com/281fc9b5f1832507156915f794077e9c

 

 

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-09-2016
Ran by Billg (30-09-2016 15:10:57) Run:1
Running from C:\Users\Billg\Desktop
Loaded Profiles: Billg (Available Profiles: Billg)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll <==== ATTENTION
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
Toolbar: HKU\.DEFAULT -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3966353269-29221856-4112531716-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3966353269-29221856-4112531716-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: intercall.com plugins -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll [No File]
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: application/client-installer -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npMcInstall.dll [No File]
FF Plugin HKU\S-1-5-21-3966353269-29221856-4112531716-1000: intercall.com plugins -> d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll [No File]
CHR Extension: (Meeting Center) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj [2016-09-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-24]
CHR HKU\S-1-5-21-3966353269-29221856-4112531716-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cpfbonfpcpnmoonikfalnendonhkkfjj] - hxxps://clients2.google.com/service/update2/crx
S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0 [X]
S3 AthBTPort; system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; system32\drivers\btath_a2dp.sys [X]
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [X]
S3 BTATH_HCRP; system32\DRIVERS\btath_hcrp.sys [X]
S3 BTATH_LWFLT; system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; system32\DRIVERS\btath_rcp.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160809.007\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.1.32\Definitions\SDSDefs\20160809.007\EX64.SYS [X]
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj
Task: {451C5790-F257-4F72-9D83-F4BC6EE65E1D} - \SMWUpd -> No File <==== ATTENTION
Task: {B80F8AE2-DC56-4FA6-8833-1A202310DE41} - \globalUpdateUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {FDFEEAE1-7B1B-4B8A-8C5E-1E45B3E05996} - \globalUpdateUpdateTaskMachineUA -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:74603393 [124]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => value restored successfully
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found. 
HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\intercall.com plugins" => key removed successfully
"HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\MozillaPlugins\application/client-installer" => key removed successfully
d:\UTILIT~1\WINDOW~1\temp\UMClient\npMcInstall.dll => not found.
"HKU\S-1-5-21-3966353269-29221856-4112531716-1000\Software\MozillaPlugins\intercall.com plugins" => key removed successfully
d:\UTILIT~1\WINDOW~1\temp\UMClient\npComponentStub.dll => not found.
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj => moved successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
"HKU\S-1-5-21-3966353269-29221856-4112531716-1000\SOFTWARE\Google\Chrome\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj" => key removed successfully
InstallerService => service removed successfully
AthBTPort => service removed successfully
BTATH_A2DP => service removed successfully
BTATH_BUS => service removed successfully
BTATH_HCRP => service removed successfully
BTATH_LWFLT => service removed successfully
BTATH_RCP => service removed successfully
dgderdrv => service removed successfully
NAVENG => service removed successfully
NAVEX15 => service removed successfully
"C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{451C5790-F257-4F72-9D83-F4BC6EE65E1D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{451C5790-F257-4F72-9D83-F4BC6EE65E1D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMWUpd => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B80F8AE2-DC56-4FA6-8833-1A202310DE41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B80F8AE2-DC56-4FA6-8833-1A202310DE41}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDFEEAE1-7B1B-4B8A-8C5E-1E45B3E05996}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDFEEAE1-7B1B-4B8A-8C5E-1E45B3E05996}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => key not found. 
C:\ProgramData\TEMP => ":74603393" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36664614 B
Java, Flash, Steam htmlcache => 29906171 B
Windows/system/drivers => 190242676 B
Edge => 0 B
Chrome => 628156196 B
Firefox => 2250815 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 4 B
systemprofile => 2425882 B
systemprofile32 => 14897958 B
LocalService => 66228 B
NetworkService => 66228 B
Billg => 9726214 B
UpdatusUser => 0 B
UpdatusUser => 0 B
UpdatusUser.BILL2700 => 0 B
 
RecycleBin => 274137088 B
EmptyTemp: => 1.1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:11:16 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 01 October 2016 - 08:33 AM

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#5 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 01 October 2016 - 10:30 AM

Hi nasdq, here is the zoek-results.log file. Running zoek made no difference that I could see. The ads were still there as soon as I booted up. 

 

 
Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by Billg on 01/10/2016 at 11:56:01.21.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Billg\Desktop\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
01/10/2016 11:56:36 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\AVG deleted successfully
C:\PROGRA~2\BitZipper deleted successfully
C:\PROGRA~2\Citrix deleted successfully
C:\PROGRA~2\hpmonitor deleted successfully
C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~2\OMC ModPack Client deleted successfully
C:\PROGRA~2\SamsungPrinterLiveUpdate deleted successfully
C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully
C:\PROGRA~3\Binarysense deleted successfully
C:\PROGRA~3\ProgramData_update deleted successfully
C:\Users\Billg\AppData\Roaming\Leso deleted successfully
C:\Users\Billg\AppData\Roaming\Notepad++ deleted successfully
C:\Users\Billg\AppData\Roaming\Opera deleted successfully
C:\Users\Billg\AppData\Roaming\Qiatgo deleted successfully
C:\Users\Billg\AppData\Roaming\webex deleted successfully
C:\Users\Billg\AppData\Local\MVAMS deleted successfully
C:\Users\Billg\AppData\Local\PhotoChannel deleted successfully
C:\Users\Billg\AppData\Local\Samsung deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_USERS\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_USERS\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
HKEY_USERS\S-1-5-21-3966353269-29221856-4112531716-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Approved Extensions\{18DF081C-E8AD-4283-A596-FA578C2EBDC3} deleted successfully
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSGenUn deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\PSGenUn deleted successfully
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default\prefs.js:
user_pref("browser.startup.homepage", "www.cbc.ca/");
user_pref("browser.search.useDBForOrder", true);
 
Added to C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\AVG not found
C:\PROGRA~2\BitZipper not found
C:\PROGRA~2\Citrix not found
C:\PROGRA~2\hpmonitor not found
C:\PROGRA~2\OMC ModPack Client not found
C:\PROGRA~2\SamsungPrinterLiveUpdate not found
C:\Users\Billg\AppData\Local\AVG deleted
C:\Users\Billg\AppData\Local\Citrix deleted
C:\Users\Billg\.android deleted
C:\PROGRA~2\Mozilla Firefox\user.js deleted
C:\PROGRA~2\Delta Virtual deleted
C:\PROGRA~2\PMDG Operations Center deleted
C:\Users\Billg\AppData\Roaming\ANICONFIG_{6CA210B4-8739-49D9-867F-46EDC3181FD9}.ini deleted
C:\Users\Billg\AppData\Roaming\msregsvv.dll deleted
C:\Users\Billg\AppData\Roaming\Yahoo! deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\{32364CEA-7855-4A3C-B674-53D8E9B97936} deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Billg\AppData\Local\BITE88A.tmp deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted
C:\Users\Billg\AppData\LocalLow\Unity deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
C:\Users\Billg\Documents\Updater deleted
C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default\jetpack deleted
"C:\Windows\Installer\4f8c4e9.msi" deleted
"C:\Users\Billg\AppData\Local\{71BB5627-7818-4F27-8C45-5BB229FBC4D7}" deleted
"C:\Users\Billg\AppData\Roaming\Lokud\uwna.leo" deleted
"C:\Users\Billg\AppData\Roaming\Lokud\uwna.tmp" deleted
"C:\Users\Billg\AppData\Roaming\Ypmuo\aquvil.xou" deleted
"C:\Users\Billg\AppData\Roaming\Agafec\duacg.xaw" deleted
"C:\Users\Billg\AppData\Roaming\Sun Mod\setup.exe" deleted
"C:\Users\Billg\AppData\Roaming\Lokud" deleted
"C:\Users\Billg\AppData\Roaming\Ypmuo" deleted
"C:\Users\Billg\AppData\Roaming\Agafec" deleted
"C:\Users\Billg\AppData\Roaming\Sun Mod" deleted
 
==== Orphaned Tasks deleted from Registry ======================
 
GetLocalTime deleted
Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse deleted
OTL-6c8f76f3-6ede-4150-a6e4-a75007d451af deleted
OTL-c80302ea-33d9-493c-acf3-a6e023e3ecc6 deleted
OTL-eeb6cac7-ed08-4fa1-bade-81d999dc292a deleted
OtlUninstall-75786d80-26c6-41b5-88e7-8722d836f38d deleted
OtlUninstall-94af7c16-de40-437d-b82c-d447a2b57f43 deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [24/09/2016 04:39 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [24/09/2016 04:39 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default
- Flash and Video Download - %ProfilePath%\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Billg\AppData\Roaming\Mozilla\Firefox\Profiles\8p34zv98.default
D937A4645EFF8CB4F123E3C899C052B2 - d:\IK Multimedia\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
049BD7AD3B94F24FA274ED1F7FC5871B - d:\IK Multimedia\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
F9DE379CE8A782530A4FA0B731F3A49B - d:\IK Multimedia\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
5D4279248A0E506CF007BD51EBF74CEA - d:\IK Multimedia\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
559E8D42BE485208F1C4BB294D6840A4 - d:\IK Multimedia\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
 
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Administrator\AppData\Local\Torch deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrator\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Billg\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Billg\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Guest\AppData\Local\Torch deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Guest\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Guest\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Torch deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon deleted
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\Billg\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[21/02/2014 11:32 AM]
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
Unified Meeting 5 - Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj
Google Drive App Launcher - Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Dropdown List of Most Visited Links - Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\logbmehmiacemkimbpcbjgaikobdndah
Chrome Media Router - Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Chromium Fix ======================
 
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.themediastreet.com_8081.localstorage deleted successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ads2.themediastreet.com_8081.localstorage-journal deleted successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://www.google.com/ie"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{1432D29E-E8C9-45B0-A09D-B8AE291239B3}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7286306383AF47A4383362CBE4CE3980 deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\a758f84e-2ae2-45ed-a04f-56d0bca9430b deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{36036827-FA38-4A74-8333-26BC4EEC9308} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\7286306383AF47A4383362CBE4CE3980 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Cache found
 
==== Empty Chrome Cache ======================
 
C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
Java Cache cleared successfully
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=127 folders=53 180448633 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Billg\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Users\Billg\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
 
==== EOF on 01/10/2016 at 12:24:11.34 ======================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 02 October 2016 - 08:36 AM


We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.

    TDSSKillerSuspicious-1.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
    TDSSKillerMal-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    TDSSKillerCompleted.png
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
===

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
aswMBRScan.gif

#7 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 02 October 2016 - 12:02 PM

I ran both and nothing was found. I have disconnected my router and am now hooked up directly to the cable box. The adds were gone for a few minutes but have returned. I have attached the logs, including a ASW report form both C: and D: drives. 

 

 

12:45:53.0373 0x1688  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
12:45:58.0100 0x1688  ============================================================
12:45:58.0100 0x1688  Current date / time: 2016/10/02 12:45:58.0100
12:45:58.0100 0x1688  SystemInfo:
12:45:58.0100 0x1688  
12:45:58.0100 0x1688  OS Version: 6.1.7601 ServicePack: 1.0
12:45:58.0100 0x1688  Product type: Workstation
12:45:58.0100 0x1688  ComputerName: BILL2700
12:45:58.0100 0x1688  UserName: Billg
12:45:58.0100 0x1688  Windows directory: C:\Windows
12:45:58.0100 0x1688  System windows directory: C:\Windows
12:45:58.0100 0x1688  Running under WOW64
12:45:58.0100 0x1688  Processor architecture: Intel x64
12:45:58.0100 0x1688  Number of processors: 4
12:45:58.0100 0x1688  Page size: 0x1000
12:45:58.0100 0x1688  Boot type: Normal boot
12:45:58.0100 0x1688  CodeIntegrityOptions = 0x00000001
12:45:58.0100 0x1688  ============================================================
12:45:58.0459 0x1688  KLMD registered as C:\Windows\system32\drivers\57018656.sys
12:45:58.0459 0x1688  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23539, osProperties = 0x1
12:45:58.0584 0x1688  System UUID: {2B00DD2B-E07F-C10D-644D-90B6F60D4E6C}
12:45:59.0145 0x1688  Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 ( 1397.27 Gb ), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
12:45:59.0145 0x1688  Drive \Device\Harddisk0\DR0 - Size: 0xEE8156000 ( 59.63 Gb ), SectorSize: 0x200, Cylinders: 0x1E67, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:59.0145 0x1688  Drive \Device\Harddisk1\DR1 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:45:59.0145 0x1688  ============================================================
12:45:59.0145 0x1688  \Device\Harddisk2\DR2:
12:45:59.0145 0x1688  MBR partitions:
12:45:59.0145 0x1688  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800
12:45:59.0145 0x1688  \Device\Harddisk0\DR0:
12:45:59.0145 0x1688  MBR partitions:
12:45:59.0145 0x1688  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:45:59.0145 0x1688  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x770D800
12:45:59.0145 0x1688  \Device\Harddisk1\DR1:
12:45:59.0145 0x1688  MBR partitions:
12:45:59.0145 0x1688  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1DCF2000
12:45:59.0145 0x1688  ============================================================
12:45:59.0145 0x1688  C: <-> \Device\Harddisk0\DR0\Partition2
12:45:59.0161 0x1688  F: <-> \Device\Harddisk1\DR1\Partition1
12:45:59.0176 0x1688  D: <-> \Device\Harddisk2\DR2\Partition1
12:45:59.0176 0x1688  ============================================================
12:45:59.0176 0x1688  Initialize success
12:45:59.0176 0x1688  ============================================================
12:46:04.0730 0x11e4  ============================================================
12:46:04.0730 0x11e4  Scan started
12:46:04.0730 0x11e4  Mode: Manual; 
12:46:04.0730 0x11e4  ============================================================
12:46:04.0730 0x11e4  KSN ping started
12:46:05.0214 0x11e4  KSN ping finished: true
12:46:05.0463 0x11e4  ================ Scan system memory ========================
12:46:05.0463 0x11e4  System memory - ok
12:46:05.0463 0x11e4  ================ Scan services =============================
12:46:05.0510 0x11e4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
12:46:05.0510 0x11e4  1394ohci - ok
12:46:05.0526 0x11e4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
12:46:05.0526 0x11e4  ACPI - ok
12:46:05.0526 0x11e4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
12:46:05.0526 0x11e4  AcpiPmi - ok
12:46:05.0541 0x11e4  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
12:46:05.0541 0x11e4  Adobe LM Service - ok
12:46:05.0541 0x11e4  [ DC00FD73505DAEDD99CAF4533B0C05BD, 2863D1F0587B79254FBE093C191C73892768CF2AC59BEF97745EE66CEE3473AF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:46:05.0541 0x11e4  AdobeARMservice - ok
12:46:05.0557 0x11e4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:46:05.0557 0x11e4  adp94xx - ok
12:46:05.0572 0x11e4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:46:05.0572 0x11e4  adpahci - ok
12:46:05.0572 0x11e4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:46:05.0588 0x11e4  adpu320 - ok
12:46:05.0588 0x11e4  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:46:05.0588 0x11e4  AeLookupSvc - ok
12:46:05.0604 0x11e4  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
12:46:05.0604 0x11e4  AFD - ok
12:46:05.0604 0x11e4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
12:46:05.0604 0x11e4  agp440 - ok
12:46:05.0604 0x11e4  [ 8B6625D53C18774F0102F690E285B5E8, C088C5A6584E95B52CB28D5D31A70A684C01C85248DF1AC39F14EDFE0DB54432 ] AiChargerPlus   C:\Windows\system32\DRIVERS\AiChargerPlus.sys
12:46:05.0619 0x11e4  AiChargerPlus - ok
12:46:05.0619 0x11e4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
12:46:05.0619 0x11e4  ALG - ok
12:46:05.0619 0x11e4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:46:05.0619 0x11e4  aliide - ok
12:46:05.0619 0x11e4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
12:46:05.0619 0x11e4  amdide - ok
12:46:05.0619 0x11e4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
12:46:05.0635 0x11e4  AmdK8 - ok
12:46:05.0635 0x11e4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
12:46:05.0635 0x11e4  AmdPPM - ok
12:46:05.0635 0x11e4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
12:46:05.0635 0x11e4  amdsata - ok
12:46:05.0650 0x11e4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
12:46:05.0650 0x11e4  amdsbs - ok
12:46:05.0650 0x11e4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
12:46:05.0650 0x11e4  amdxata - ok
12:46:05.0650 0x11e4  [ 4CCF421E6C4B2A4CBCE000715911F7CC, DD544BDAA4D948495D690B0AE031AA8A25563F0E0A64B467E5081F5C207A3596 ] anodlwf         C:\Windows\system32\DRIVERS\anodlwfx.sys
12:46:05.0650 0x11e4  anodlwf - ok
12:46:05.0650 0x11e4  [ 52F8C264D3BF90D2726FDE6642A381D4, 3780CCB0E4B89CAD818C887D65677EAB30F5ACC91FC1E6D0818F792A8D731137 ] AppID           C:\Windows\system32\drivers\appid.sys
12:46:05.0666 0x11e4  AppID - ok
12:46:05.0666 0x11e4  [ 2C49C5C911D1BE2A815BC183C0B2FED1, DDF299E05626E40417C135571F7ED78FB8BC4DD78907980316A6A277D0096074 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
12:46:05.0666 0x11e4  AppIDSvc - ok
12:46:05.0666 0x11e4  [ B46099A534B7989D80330EA82D9092D6, 0CAC09732FAFAE805E55428B6BE001DCC39EBC599539FADE7AA68571A8A554E5 ] Appinfo         C:\Windows\System32\appinfo.dll
12:46:05.0666 0x11e4  Appinfo - ok
12:46:05.0682 0x11e4  [ 885888F8AAD89108A5EE2D0174690220, 9B148C117EBE400F40BF7F32B66B20AA4628BA9E233D707DFA2EB4A8A65E7C52 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:46:05.0682 0x11e4  Apple Mobile Device Service - ok
12:46:05.0682 0x11e4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
12:46:05.0682 0x11e4  arc - ok
12:46:05.0682 0x11e4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:46:05.0682 0x11e4  arcsas - ok
12:46:05.0697 0x11e4  [ 6E3F4538B33BC19259E99BE1826286A3, 90B85FB8CD90451F4B09082EDEC835652A46030CC33C587F502C27342FEE7454 ] asComSvc        C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
12:46:05.0713 0x11e4  asComSvc - ok
12:46:05.0728 0x11e4  [ A63173897EA1A73A75D0E65036DE5B15, 07A83172B525DFC895056612F542420F4DF3C6192624C5B3141C726501163912 ] asHmComSvc      C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
12:46:05.0744 0x11e4  asHmComSvc - ok
12:46:05.0760 0x11e4  [ FEF9DD9EA587F8886ADE43C1BEFBDAFE, DDE6F28B3F7F2ABBEE59D4864435108791631E9CB4CDFB1F178E5AA9859956D8 ] AsIO            C:\Windows\syswow64\drivers\AsIO.sys
12:46:05.0760 0x11e4  AsIO - ok
12:46:05.0775 0x11e4  [ 6D9C024AA8F24065A6DBEAB1F431D854, 1A3CA36F7321130924171967228F304E8B5FCAD624B6078877A44616BE186E9A ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
12:46:05.0775 0x11e4  asmthub3 - ok
12:46:05.0775 0x11e4  [ ECAD22F15D8F17CC04F24E9A6FB00F2F, DAE3042C7C0DC96D3EEF6AC763B57C729CE3557D740A3D2952B6EB7964F4AA45 ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
12:46:05.0791 0x11e4  asmtxhci - ok
12:46:05.0791 0x11e4  [ 660D597B7A78256734D7F3230B21B355, CAA19E8EFAD63B8975A4CD8EFD5CE5F21E056856D36BC5A9E48517F1E574ABBA ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
12:46:05.0791 0x11e4  aspnet_state - ok
12:46:05.0806 0x11e4  [ 5C31DFB196CB3A488A041881634D86D2, 419ABEED7FB7CEBBA264802D2F727D18F999CEDA566A0830C38A69AC1680F3EA ] AsSysCtrlService C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
12:46:05.0822 0x11e4  AsSysCtrlService - ok
12:46:05.0822 0x11e4  [ 1392B92179B07B672720763D9B1028A5, B4D47EA790920A4531E3DF5A4B4B0721B7FEA6B49A35679F0652F1E590422602 ] AsUpIO          C:\Windows\syswow64\drivers\AsUpIO.sys
12:46:05.0822 0x11e4  AsUpIO - ok
12:46:05.0822 0x11e4  [ A5E4CDB420540095D1293C874B5F89AA, EBC082FF94872537649F00D91AF22E0AFB4D538ACDB4731C9A95D209C7B144FD ] ASUSFILTER      C:\Windows\syswow64\drivers\ASUSFILTER.sys
12:46:05.0822 0x11e4  ASUSFILTER - ok
12:46:05.0822 0x11e4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:46:05.0822 0x11e4  AsyncMac - ok
12:46:05.0838 0x11e4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:46:05.0838 0x11e4  atapi - ok
12:46:05.0838 0x11e4  [ 4119870B90E1B5E7797D6433D21F9216, 5CDA3748A6C89B1046173F20D857D164F4170A5028370B5BB9843212CEA86C8F ] ATHDFU          C:\Windows\system32\Drivers\AthDfu.sys
12:46:05.0838 0x11e4  ATHDFU - ok
12:46:05.0884 0x11e4  [ DE9FB3DADE8FD39AE2C587DF22D36B8E, 5315448D41661E625D51330E689139E914E7173DF1F8593C9F81ABC959F5F85D ] athr            C:\Windows\system32\DRIVERS\Dathrx.sys
12:46:05.0916 0x11e4  athr - ok
12:46:05.0931 0x11e4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:46:05.0947 0x11e4  AudioEndpointBuilder - ok
12:46:05.0947 0x11e4  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
12:46:05.0962 0x11e4  AudioSrv - ok
12:46:05.0962 0x11e4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
12:46:05.0962 0x11e4  AxInstSV - ok
12:46:05.0978 0x11e4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
12:46:05.0978 0x11e4  b06bdrv - ok
12:46:05.0994 0x11e4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
12:46:05.0994 0x11e4  b57nd60a - ok
12:46:06.0009 0x11e4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
12:46:06.0009 0x11e4  BDESVC - ok
12:46:06.0009 0x11e4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:46:06.0009 0x11e4  Beep - ok
12:46:06.0025 0x11e4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
12:46:06.0025 0x11e4  BFE - ok
12:46:06.0040 0x11e4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
12:46:06.0056 0x11e4  BITS - ok
12:46:06.0072 0x11e4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
12:46:06.0072 0x11e4  blbdrive - ok
12:46:06.0072 0x11e4  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:46:06.0087 0x11e4  Bonjour Service - ok
12:46:06.0087 0x11e4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:46:06.0087 0x11e4  bowser - ok
12:46:06.0087 0x11e4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
12:46:06.0087 0x11e4  BrFiltLo - ok
12:46:06.0087 0x11e4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
12:46:06.0103 0x11e4  BrFiltUp - ok
12:46:06.0103 0x11e4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
12:46:06.0103 0x11e4  Browser - ok
12:46:06.0103 0x11e4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
12:46:06.0118 0x11e4  Brserid - ok
12:46:06.0118 0x11e4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
12:46:06.0118 0x11e4  BrSerWdm - ok
12:46:06.0118 0x11e4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
12:46:06.0118 0x11e4  BrUsbMdm - ok
12:46:06.0134 0x11e4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
12:46:06.0134 0x11e4  BrUsbSer - ok
12:46:06.0134 0x11e4  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
12:46:06.0134 0x11e4  BthEnum - ok
12:46:06.0134 0x11e4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
12:46:06.0134 0x11e4  BTHMODEM - ok
12:46:06.0150 0x11e4  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
12:46:06.0150 0x11e4  BthPan - ok
12:46:06.0165 0x11e4  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
12:46:06.0165 0x11e4  BTHPORT - ok
12:46:06.0165 0x11e4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
12:46:06.0181 0x11e4  bthserv - ok
12:46:06.0181 0x11e4  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
12:46:06.0181 0x11e4  BTHUSB - ok
12:46:06.0181 0x11e4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:46:06.0181 0x11e4  cdfs - ok
12:46:06.0196 0x11e4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:46:06.0196 0x11e4  cdrom - ok
12:46:06.0196 0x11e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:46:06.0196 0x11e4  CertPropSvc - ok
12:46:06.0212 0x11e4  [ 3CA560EE2846FCC7A212ECC0A30AA24B, AF23987DA4F9EC2BC524C787F30BE49C34A3F9716E32046F510766E1F3A08A9A ] cfwids          C:\Windows\system32\drivers\cfwids.sys
12:46:06.0212 0x11e4  cfwids - ok
12:46:06.0212 0x11e4  [ 147247ABE3B2F6708CD1812BD220B0B4, 202B438FF80A0A5C8CB68A2FFA90C5A78F1022F2DF0C30AEA4E2ABCAEE71711E ] chdrvr01        C:\Windows\system32\DRIVERS\chdrvr01.sys
12:46:06.0212 0x11e4  chdrvr01 - ok
12:46:06.0228 0x11e4  [ 5DC552DCED49F5A8E93C82CB6B037162, 84AB67F28156D58F3E8F6163BC16E9B4838C2B95A93802D9ED52B520B9398E4A ] chdrvr02        C:\Windows\system32\DRIVERS\chdrvr02.sys
12:46:06.0228 0x11e4  chdrvr02 - ok
12:46:06.0228 0x11e4  [ FB46D9751B8F4E4508098976102ED777, 5CD1E2DABD4C5A5012744E04DE44AE020EB83CF808270A7355247780B4D69D4C ] chdrvr03        C:\Windows\system32\DRIVERS\chdrvr03.sys
12:46:06.0228 0x11e4  chdrvr03 - ok
12:46:06.0228 0x11e4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
12:46:06.0228 0x11e4  circlass - ok
12:46:06.0243 0x11e4  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
12:46:06.0243 0x11e4  CLFS - ok
12:46:06.0259 0x11e4  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:46:06.0259 0x11e4  clr_optimization_v2.0.50727_32 - ok
12:46:06.0259 0x11e4  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:46:06.0274 0x11e4  clr_optimization_v2.0.50727_64 - ok
12:46:06.0274 0x11e4  [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:46:06.0274 0x11e4  clr_optimization_v4.0.30319_32 - ok
12:46:06.0290 0x11e4  [ 1400C75FF021D6CFACE46AC41B60770E, 3FCB8D7714A79522F2738037D559F1FFFB2F05C5406D2A038EF5DDB4629CA1CE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:46:06.0290 0x11e4  clr_optimization_v4.0.30319_64 - ok
12:46:06.0290 0x11e4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
12:46:06.0290 0x11e4  CmBatt - ok
12:46:06.0306 0x11e4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:46:06.0306 0x11e4  cmdide - ok
12:46:06.0306 0x11e4  [ 3323F76352B0AF14B2CDC4DFBF3E980A, F8E3C3508C37E647497B6889F26819B1DB30275F48A994D1BBFBAA9454E5FD70 ] CNG             C:\Windows\system32\Drivers\cng.sys
12:46:06.0321 0x11e4  CNG - ok
12:46:06.0321 0x11e4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
12:46:06.0321 0x11e4  Compbatt - ok
12:46:06.0321 0x11e4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
12:46:06.0321 0x11e4  CompositeBus - ok
12:46:06.0337 0x11e4  COMSysApp - ok
12:46:06.0337 0x11e4  [ C08063F052308B6F5882482615387F30, 523D1D43E896077F32CD9ACAA8E85B513BFB7B013A625E56F0D4E9675D9822BA ] cpuz135         C:\Windows\system32\drivers\cpuz135_x64.sys
12:46:06.0337 0x11e4  cpuz135 - ok
12:46:06.0337 0x11e4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:46:06.0337 0x11e4  crcdisk - ok
12:46:06.0352 0x11e4  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:46:06.0352 0x11e4  CryptSvc - ok
12:46:06.0368 0x11e4  [ EDBA1382E5D7D1E71442B43E170CF8D4, 10E7A90FDC8498EBB8043A4B8BAD14104E68EBAE91149C5D1C1660E0D73995C9 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
12:46:06.0368 0x11e4  CTAudSvcService - ok
12:46:06.0384 0x11e4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:46:06.0399 0x11e4  DcomLaunch - ok
12:46:06.0399 0x11e4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
12:46:06.0399 0x11e4  defragsvc - ok
12:46:06.0415 0x11e4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:46:06.0415 0x11e4  DfsC - ok
12:46:06.0415 0x11e4  [ 2D589A2C024B2FB238535DB9F7B3597D, 1EB47F73BC890D67A50C72E30BFE139AA1747C88E2FA8029A7382B203C37B512 ] DgiVecp         C:\Windows\system32\Drivers\DgiVecp.sys
12:46:06.0415 0x11e4  DgiVecp - ok
12:46:06.0430 0x11e4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
12:46:06.0430 0x11e4  Dhcp - ok
12:46:06.0462 0x11e4  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
12:46:06.0477 0x11e4  DiagTrack - ok
12:46:06.0477 0x11e4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
12:46:06.0477 0x11e4  discache - ok
12:46:06.0477 0x11e4  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
12:46:06.0493 0x11e4  Disk - ok
12:46:06.0493 0x11e4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:46:06.0493 0x11e4  Dnscache - ok
12:46:06.0508 0x11e4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:46:06.0508 0x11e4  dot3svc - ok
12:46:06.0508 0x11e4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
12:46:06.0524 0x11e4  DPS - ok
12:46:06.0524 0x11e4  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:46:06.0524 0x11e4  drmkaud - ok
12:46:06.0524 0x11e4  [ 44BB65B1D3827043978FC8E11CA7C0B4, 9198D43F853DE25CB704CC208F41E649727356E122C7451C411DD49542A5A582 ] DTSAudioService C:\Program Files\Realtek\Audio\HDA\DTSAudioService64.exe
12:46:06.0540 0x11e4  DTSAudioService - ok
12:46:06.0555 0x11e4  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:46:06.0555 0x11e4  DXGKrnl - ok
12:46:06.0571 0x11e4  [ C062A2B158ED9C643D24F8E33A607C9F, 6AA6AC638DAFF4033811C39D4E56016759C648C89C9EC41C72E1EAE5DB81B005 ] D_Link_DWA-566_WPS C:\Program Files (x86)\D-Link\DWA-566\ANIWConnService.exe
12:46:06.0571 0x11e4  D_Link_DWA-566_WPS - ok
12:46:06.0586 0x11e4  [ 3C1C5ABA3CF134C5378E7F1A0704C17C, F8D13025E360BD376A107C1386F6DD5F0C6012622D0A75111C2DF930748243A2 ] e1cexpress      C:\Windows\system32\DRIVERS\e1c62x64.sys
12:46:06.0586 0x11e4  e1cexpress - ok
12:46:06.0586 0x11e4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
12:46:06.0586 0x11e4  EapHost - ok
12:46:06.0649 0x11e4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
12:46:06.0696 0x11e4  ebdrv - ok
12:46:06.0696 0x11e4  [ 07932D7BA536B0BB58306A156A9AFC31, 315AA4503A9C69E476D796C8DC6D4800A623B942C8707A15A94A892E94D123D9 ] EFS             C:\Windows\System32\lsass.exe
12:46:06.0696 0x11e4  EFS - ok
12:46:06.0711 0x11e4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:46:06.0727 0x11e4  ehRecvr - ok
12:46:06.0727 0x11e4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
12:46:06.0727 0x11e4  ehSched - ok
12:46:06.0742 0x11e4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:46:06.0758 0x11e4  elxstor - ok
12:46:06.0758 0x11e4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:46:06.0758 0x11e4  ErrDev - ok
12:46:06.0774 0x11e4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
12:46:06.0774 0x11e4  EventSystem - ok
12:46:06.0789 0x11e4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
12:46:06.0789 0x11e4  exfat - ok
12:46:06.0805 0x11e4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:46:06.0805 0x11e4  fastfat - ok
12:46:06.0820 0x11e4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
12:46:06.0820 0x11e4  Fax - ok
12:46:06.0836 0x11e4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
12:46:06.0836 0x11e4  fdc - ok
12:46:06.0836 0x11e4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
12:46:06.0836 0x11e4  fdPHost - ok
12:46:06.0836 0x11e4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:46:06.0852 0x11e4  FDResPub - ok
12:46:06.0852 0x11e4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:46:06.0852 0x11e4  FileInfo - ok
12:46:06.0852 0x11e4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:46:06.0852 0x11e4  Filetrace - ok
12:46:06.0883 0x11e4  [ 73081CF28F0AE20A52CA4F67CEE6E6B0, 806C769F3638D25FF1892C7223E7250AA3B9F627DF3AD83BC5AE1FEF7016F86A ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:46:06.0883 0x11e4  FLEXnet Licensing Service - ok
12:46:06.0898 0x11e4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
12:46:06.0898 0x11e4  flpydisk - ok
12:46:06.0898 0x11e4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:46:06.0914 0x11e4  FltMgr - ok
12:46:06.0930 0x11e4  [ BCB16AE33AA58E0042F3EF34CFB6396A, E8ADA10DE60A94E4BABE9FCA6D0AA83B11520C092D49057E17F6C6059D35A323 ] FontCache       C:\Windows\system32\FntCache.dll
12:46:06.0945 0x11e4  FontCache - ok
12:46:06.0945 0x11e4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:46:06.0945 0x11e4  FontCache3.0.0.0 - ok
12:46:06.0961 0x11e4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
12:46:06.0961 0x11e4  FsDepends - ok
12:46:06.0961 0x11e4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:46:06.0961 0x11e4  Fs_Rec - ok
12:46:06.0976 0x11e4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
12:46:06.0976 0x11e4  fvevol - ok
12:46:06.0976 0x11e4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:46:06.0976 0x11e4  gagp30kx - ok
12:46:06.0992 0x11e4  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
12:46:06.0992 0x11e4  gfibto - ok
12:46:07.0008 0x11e4  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
12:46:07.0008 0x11e4  gpsvc - ok
12:46:07.0023 0x11e4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:46:07.0023 0x11e4  gupdate - ok
12:46:07.0023 0x11e4  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:46:07.0023 0x11e4  gupdatem - ok
12:46:07.0039 0x11e4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
12:46:07.0039 0x11e4  hcw85cir - ok
12:46:07.0039 0x11e4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:46:07.0054 0x11e4  HdAudAddService - ok
12:46:07.0054 0x11e4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:46:07.0054 0x11e4  HDAudBus - ok
12:46:07.0070 0x11e4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
12:46:07.0070 0x11e4  HidBatt - ok
12:46:07.0070 0x11e4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:46:07.0070 0x11e4  HidBth - ok
12:46:07.0086 0x11e4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:46:07.0086 0x11e4  HidIr - ok
12:46:07.0086 0x11e4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
12:46:07.0086 0x11e4  hidserv - ok
12:46:07.0086 0x11e4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:46:07.0086 0x11e4  HidUsb - ok
12:46:07.0101 0x11e4  [ F60E629BADC03B5BCCF8AAE022651A64, 08D3BA75F3A43843F8F13D7EEA263E46A9452FAB3B30BFD389E4B0477675CB3B ] HipShieldK      C:\Windows\system32\drivers\HipShieldK.sys
12:46:07.0101 0x11e4  HipShieldK - ok
12:46:07.0117 0x11e4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:46:07.0117 0x11e4  hkmsvc - ok
12:46:07.0117 0x11e4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:46:07.0132 0x11e4  HomeGroupListener - ok
12:46:07.0132 0x11e4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:46:07.0132 0x11e4  HomeGroupProvider - ok
12:46:07.0148 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:07.0164 0x11e4  HomeNetSvc - ok
12:46:07.0164 0x11e4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
12:46:07.0164 0x11e4  HpSAMD - ok
12:46:07.0179 0x11e4  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:46:07.0195 0x11e4  HTTP - ok
12:46:07.0195 0x11e4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
12:46:07.0195 0x11e4  hwpolicy - ok
12:46:07.0210 0x11e4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
12:46:07.0210 0x11e4  i8042prt - ok
12:46:07.0210 0x11e4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
12:46:07.0226 0x11e4  iaStorV - ok
12:46:07.0226 0x11e4  [ C1010ADD3DDAE1196ED21057AF7B2AAE, 68196851855AD395008D7F29FCEB28BA4BEB1F062B1844A60813E7DD102ACB1C ] ICCWDT          C:\Windows\system32\DRIVERS\ICCWDT.sys
12:46:07.0226 0x11e4  ICCWDT - ok
12:46:07.0242 0x11e4  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:46:07.0242 0x11e4  IDriverT - ok
12:46:07.0257 0x11e4  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:46:07.0273 0x11e4  idsvc - ok
12:46:07.0273 0x11e4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:46:07.0273 0x11e4  iirsp - ok
12:46:07.0288 0x11e4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
12:46:07.0304 0x11e4  IKEEXT - ok
12:46:07.0304 0x11e4  [ 1B8F8AA107D92DB6C3CD7BA5931797D5, EC99D1951DCFB39710B8CB537943F18136F05FA8614FADAB3F590D24F4C9A217 ] IKStealthPlug   C:\Windows\system32\DRIVERS\IKStealthPlugLL.sys
12:46:07.0320 0x11e4  IKStealthPlug - ok
12:46:07.0382 0x11e4  [ 44ED7064A8CFF33E6D2BCC81412145F7, FFC2D581044D7E43D0287D13F33AA97CDF1F03D4B167ACD6BE551E92C9551C0E ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:46:07.0429 0x11e4  IntcAzAudAddService - ok
12:46:07.0429 0x11e4  [ E42505363945956ECB5D38A4EB21CB39, C6A46A7621721EB1EA46E5F7D2E560D8022A97241F0792814015F803D96A2C92 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
12:46:07.0444 0x11e4  Intel® PROSet Monitoring Service - ok
12:46:07.0444 0x11e4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:46:07.0444 0x11e4  intelide - ok
12:46:07.0444 0x11e4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:46:07.0444 0x11e4  intelppm - ok
12:46:07.0460 0x11e4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:46:07.0460 0x11e4  IPBusEnum - ok
12:46:07.0476 0x11e4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:46:07.0476 0x11e4  IpFilterDriver - ok
12:46:07.0491 0x11e4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:46:07.0491 0x11e4  iphlpsvc - ok
12:46:07.0491 0x11e4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
12:46:07.0507 0x11e4  IPMIDRV - ok
12:46:07.0507 0x11e4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
12:46:07.0507 0x11e4  IPNAT - ok
12:46:07.0522 0x11e4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:46:07.0522 0x11e4  IRENUM - ok
12:46:07.0522 0x11e4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:46:07.0522 0x11e4  isapnp - ok
12:46:07.0538 0x11e4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
12:46:07.0538 0x11e4  iScsiPrt - ok
12:46:07.0538 0x11e4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:46:07.0538 0x11e4  kbdclass - ok
12:46:07.0554 0x11e4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:46:07.0554 0x11e4  kbdhid - ok
12:46:07.0554 0x11e4  [ 07932D7BA536B0BB58306A156A9AFC31, 315AA4503A9C69E476D796C8DC6D4800A623B942C8707A15A94A892E94D123D9 ] KeyIso          C:\Windows\system32\lsass.exe
12:46:07.0554 0x11e4  KeyIso - ok
12:46:07.0569 0x11e4  [ EB7BB4F58971F4FE099B3CE127346563, 6CE7BF43B5775ABF954508B4B02E441C169990FDFDF35FFE3137C85C1231695B ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:46:07.0569 0x11e4  KSecDD - ok
12:46:07.0569 0x11e4  [ 6EBBA531A455E8F1092FD530A8682A97, 658F9ACADD422A2F1D48120FB4FCBB2E8F0CF245C07D439A2611878E82C61A01 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
12:46:07.0585 0x11e4  KSecPkg - ok
12:46:07.0585 0x11e4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
12:46:07.0585 0x11e4  ksthunk - ok
12:46:07.0600 0x11e4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:46:07.0600 0x11e4  KtmRm - ok
12:46:07.0616 0x11e4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
12:46:07.0616 0x11e4  LanmanServer - ok
12:46:07.0616 0x11e4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:46:07.0632 0x11e4  LanmanWorkstation - ok
12:46:07.0756 0x11e4  [ 4C782AEB84E8343C84C8943B5506EF87, EA0CC0231C47EA2917896E7F154FDEF60349A9DDAB7BA70B246DA84DEB0201EE ] LavasoftAdAwareService11 D:\Utilities\Adaware\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe
12:46:07.0772 0x11e4  LavasoftAdAwareService11 - ok
12:46:07.0788 0x11e4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:46:07.0788 0x11e4  lltdio - ok
12:46:07.0788 0x11e4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:46:07.0803 0x11e4  lltdsvc - ok
12:46:07.0803 0x11e4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:46:07.0803 0x11e4  lmhosts - ok
12:46:07.0819 0x11e4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:46:07.0819 0x11e4  LSI_FC - ok
12:46:07.0834 0x11e4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:46:07.0834 0x11e4  LSI_SAS - ok
12:46:07.0850 0x11e4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
12:46:07.0850 0x11e4  LSI_SAS2 - ok
12:46:07.0850 0x11e4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:46:07.0866 0x11e4  LSI_SCSI - ok
12:46:07.0866 0x11e4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
12:46:07.0866 0x11e4  luafv - ok
12:46:07.0881 0x11e4  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
12:46:07.0881 0x11e4  MBAMProtector - ok
12:46:08.0053 0x11e4  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbamscheduler.exe
12:46:08.0084 0x11e4  MBAMScheduler - ok
12:46:08.0131 0x11e4  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     D:\Utilities\Malwarebytes\Malwarebytes Anti-Malware\mbamservice.exe
12:46:08.0131 0x11e4  MBAMService - ok
12:46:08.0146 0x11e4  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
12:46:08.0146 0x11e4  MBAMSwissArmy - ok
12:46:08.0162 0x11e4  [ 452ACB7A9914398D9E18CCCFFCF92208, 754AF45C19731C356E7E84497B04E0333759AC86DC553BA275EFC09845E43E4D ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
12:46:08.0162 0x11e4  MBAMWebAccessControl - ok
12:46:08.0178 0x11e4  [ 7529D634480011D05DF932B0013C75D9, A3377FA0B0A3CBE99969979757E9C30C1A93ECC110FB029180DCBC439239D25D ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
12:46:08.0178 0x11e4  McAfee SiteAdvisor Service - ok
12:46:08.0193 0x11e4  [ BDBCF7ED4238E511443B596CC8277119, 90635EFCD443AF2042AED00950BC456499D866F67C036FAC95865F45E1A3D4B9 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
12:46:08.0209 0x11e4  McAPExe - ok
12:46:08.0224 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McBootDelayStartSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:08.0224 0x11e4  McBootDelayStartSvc - ok
12:46:08.0240 0x11e4  [ 6EF327DBB5DC9D6310ADE48CAB14959D, AFDC81E83E9EC9424C14431E531E976C419715754952D92BE2691186C55F0E9B ] McComponentHostService C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe
12:46:08.0240 0x11e4  McComponentHostService - ok
12:46:08.0287 0x11e4  [ 40B02F6D4B331443CC7E879BCD87100F, ACF976DC9565A905F71EFE9A25516A0F1B128E70B961B8D8256F51474B1F78D7 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe
12:46:08.0318 0x11e4  mccspsvc - ok
12:46:08.0334 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:08.0334 0x11e4  McMPFSvc - ok
12:46:08.0349 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McNaiAnn        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:08.0349 0x11e4  McNaiAnn - ok
12:46:08.0380 0x11e4  [ 9151C5CDF8489F9FFE9854601FDA9A0F, 6E080E216EE1F16A7B72B3F42434F34C75A8082A3CBAAF7265116CCD22AFE582 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
12:46:08.0380 0x11e4  McODS - ok
12:46:08.0396 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] mcpltsvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:08.0412 0x11e4  mcpltsvc - ok
12:46:08.0427 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McProxy         C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:08.0427 0x11e4  McProxy - ok
12:46:08.0443 0x11e4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:46:08.0443 0x11e4  Mcx2Svc - ok
12:46:08.0443 0x11e4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:46:08.0443 0x11e4  megasas - ok
12:46:08.0458 0x11e4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
12:46:08.0458 0x11e4  MegaSR - ok
12:46:08.0474 0x11e4  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
12:46:08.0474 0x11e4  MEIx64 - ok
12:46:08.0490 0x11e4  [ FAF196A8E1905DB9248790583B3745E2, C8E6A3E74636E4D04816D0B35C2691F81E766B03726E05993429A0BF15528354 ] mfeaack         C:\Windows\system32\drivers\mfeaack.sys
12:46:08.0490 0x11e4  mfeaack - ok
12:46:08.0505 0x11e4  [ A1A2DEA7E180BFC8284062DBCC67A18D, 77041A9D7429E615CE64E45A14BD53FAFF22284B0F3211399F4D6BA681B2A9DF ] mfeavfk         C:\Windows\system32\drivers\mfeavfk.sys
12:46:08.0505 0x11e4  mfeavfk - ok
12:46:08.0521 0x11e4  [ 95A4DC60385F57418BD3361262D5F7C8, 5FAAE03B306710509E36A7B77DE9D36E4A1A38832403C29247E1A8B8C1D918B3 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
12:46:08.0521 0x11e4  mfefire - ok
12:46:08.0536 0x11e4  [ A2163D325F01DA86E140C91D3560C95E, 49D94BA855746591E545A6C82690E5F0B228E43FDD5AE3940F2D62835BFD7A96 ] mfefirek        C:\Windows\system32\drivers\mfefirek.sys
12:46:08.0536 0x11e4  mfefirek - ok
12:46:08.0552 0x11e4  [ FAF5C37877D57B16D7E2DAFA29969F96, DA83A140B8727A4FE0DC7B845651BCA31988B0779DA6B3909BB03A4DF9470709 ] mfehidk         C:\Windows\system32\drivers\mfehidk.sys
12:46:08.0568 0x11e4  mfehidk - ok
12:46:08.0583 0x11e4  [ BDC13F3B0CED47103C1F2BE94F4EEA58, EA5DCA8AC3AB9FBC3448C3252B394099274906CC4EC3943454740AE68E1978EC ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
12:46:08.0583 0x11e4  mfemms - ok
12:46:08.0599 0x11e4  [ 34812CE00FAE95A6275D6B58072457F5, 23118A5E58F88AF5B8C5D4C15AEFA99C47D37A8E8C8FBF840DEEECC3C483AD8B ] mfencbdc        C:\Windows\system32\DRIVERS\mfencbdc.sys
12:46:08.0614 0x11e4  mfencbdc - ok
12:46:08.0614 0x11e4  [ CF9D4FCA3A5C737DCF72B9F94BB0AC62, 8534DADB74EF745F50A1A148DE5CBAD573B890C604CDA08276CDE3D5C2E8788F ] mfencrk         C:\Windows\system32\DRIVERS\mfencrk.sys
12:46:08.0614 0x11e4  mfencrk - ok
12:46:08.0630 0x11e4  [ DA49A90A69B3284FD11B6F02D0209A99, 759380964E6450FF21FB9A2BD23BA0394B005EC332E714D40D47262FCDC6CFE9 ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
12:46:08.0630 0x11e4  mfesapsn - ok
12:46:08.0646 0x11e4  [ 8DFE9C58B1509E3BBC6FD92B954204D9, 72D519AB2F5E3A335C61C1B632BB846FCD6406194EC36E965D52C1028E68FB33 ] mfevtp          C:\Windows\system32\mfevtps.exe
12:46:08.0646 0x11e4  mfevtp - ok
12:46:08.0646 0x11e4  [ ECDFB70AB9C0DC93E0A7AE4B0893E39F, 5021C95E01870C35A3B6A5423E8BA432B4CC2014B8C6B5FD766393A963C59C35 ] mfewfpk         C:\Windows\system32\drivers\mfewfpk.sys
12:46:08.0661 0x11e4  mfewfpk - ok
12:46:08.0661 0x11e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
12:46:08.0661 0x11e4  MMCSS - ok
12:46:08.0677 0x11e4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
12:46:08.0677 0x11e4  Modem - ok
12:46:08.0708 0x11e4  [ DFB4BC8B5CD8C85D0BD9E608898901FB, AB3BB7FA2D23A5B7815E85F7A73E3F36E95D8FD895F76FA9936AD4C1DA1849EF ] ModuleCoreService C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
12:46:08.0724 0x11e4  ModuleCoreService - ok
12:46:08.0739 0x11e4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:46:08.0739 0x11e4  monitor - ok
12:46:08.0739 0x11e4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:46:08.0739 0x11e4  mouclass - ok
12:46:08.0755 0x11e4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:46:08.0755 0x11e4  mouhid - ok
12:46:08.0755 0x11e4  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
12:46:08.0755 0x11e4  mountmgr - ok
12:46:08.0770 0x11e4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:46:08.0770 0x11e4  mpio - ok
12:46:08.0770 0x11e4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:46:08.0786 0x11e4  mpsdrv - ok
12:46:08.0802 0x11e4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:46:08.0802 0x11e4  MpsSvc - ok
12:46:08.0817 0x11e4  [ D7ADC2B83CA0B0381F75A98351F72CEE, 05476B7CA0486DF770AE492B5A90C85E3D3E7485152EB2FA30A19EC9BE44ED81 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:46:08.0817 0x11e4  MRxDAV - ok
12:46:08.0833 0x11e4  [ 341C65D6D4E9AB705258AC83511F7ADD, EE3F0874DA79C95DE5E5CEC94B1545C049DE21D8F05F63184F9F5DE9553C96A0 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:46:08.0833 0x11e4  mrxsmb - ok
12:46:08.0848 0x11e4  [ F93EDDF0B69760456C6E0D73405AC078, 9EE64BAA6449A053C152783AD102DE88C3DBC79F8BEF25E5914DC736D495E9F3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:46:08.0848 0x11e4  mrxsmb10 - ok
12:46:08.0848 0x11e4  [ A558D659B722FE5FB8C6E1BF288F7316, 3E57FF595E9EA9D53881955E7652793888A4E55743190D653A9239FF07653D7B ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:46:08.0864 0x11e4  mrxsmb20 - ok
12:46:08.0864 0x11e4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
12:46:08.0864 0x11e4  msahci - ok
12:46:08.0880 0x11e4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:46:08.0880 0x11e4  msdsm - ok
12:46:08.0880 0x11e4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
12:46:08.0895 0x11e4  MSDTC - ok
12:46:08.0911 0x11e4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:46:08.0911 0x11e4  Msfs - ok
12:46:08.0911 0x11e4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
12:46:08.0911 0x11e4  mshidkmdf - ok
12:46:08.0926 0x11e4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:46:08.0926 0x11e4  msisadrv - ok
12:46:08.0926 0x11e4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:46:08.0926 0x11e4  MSiSCSI - ok
12:46:08.0942 0x11e4  msiserver - ok
12:46:08.0958 0x11e4  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
12:46:08.0958 0x11e4  MSK80Service - ok
12:46:08.0973 0x11e4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:46:08.0973 0x11e4  MSKSSRV - ok
12:46:08.0973 0x11e4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:46:08.0973 0x11e4  MSPCLOCK - ok
12:46:08.0989 0x11e4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:46:08.0989 0x11e4  MSPQM - ok
12:46:08.0989 0x11e4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:46:09.0004 0x11e4  MsRPC - ok
12:46:09.0020 0x11e4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:46:09.0020 0x11e4  mssmbios - ok
12:46:09.0020 0x11e4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:46:09.0020 0x11e4  MSTEE - ok
12:46:09.0036 0x11e4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
12:46:09.0036 0x11e4  MTConfig - ok
12:46:09.0036 0x11e4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
12:46:09.0036 0x11e4  Mup - ok
12:46:09.0051 0x11e4  [ 34D08C9C64F657D194961E96C47E9C69, FB56083CDF23E1601EC7EC5A74ADFFF1BE304BF4F4B485DE2E9609C5C14FACC4 ] mv91xx          C:\Windows\system32\DRIVERS\mv91xx.sys
12:46:09.0051 0x11e4  mv91xx - ok
12:46:09.0067 0x11e4  [ 1898CEDA3247213C084F43637EF163B3, 4429F32DB1CC70567919D7D47B844A91CF1329A6CD116F582305F3B7B60CD60B ] NAL             C:\Windows\system32\Drivers\iqvw64e.sys
12:46:09.0067 0x11e4  NAL - ok
12:46:09.0082 0x11e4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
12:46:09.0082 0x11e4  napagent - ok
12:46:09.0098 0x11e4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:46:09.0098 0x11e4  NativeWifiP - ok
12:46:09.0114 0x11e4  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:46:09.0129 0x11e4  NDIS - ok
12:46:09.0145 0x11e4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
12:46:09.0145 0x11e4  NdisCap - ok
12:46:09.0145 0x11e4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:46:09.0145 0x11e4  NdisTapi - ok
12:46:09.0160 0x11e4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:46:09.0160 0x11e4  Ndisuio - ok
12:46:09.0160 0x11e4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:46:09.0176 0x11e4  NdisWan - ok
12:46:09.0176 0x11e4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:46:09.0176 0x11e4  NDProxy - ok
12:46:09.0192 0x11e4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:46:09.0192 0x11e4  NetBIOS - ok
12:46:09.0192 0x11e4  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
12:46:09.0207 0x11e4  NetBT - ok
12:46:09.0207 0x11e4  [ 07932D7BA536B0BB58306A156A9AFC31, 315AA4503A9C69E476D796C8DC6D4800A623B942C8707A15A94A892E94D123D9 ] Netlogon        C:\Windows\system32\lsass.exe
12:46:09.0207 0x11e4  Netlogon - ok
12:46:09.0223 0x11e4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
12:46:09.0223 0x11e4  Netman - ok
12:46:09.0238 0x11e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:09.0238 0x11e4  NetMsmqActivator - ok
12:46:09.0254 0x11e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:09.0254 0x11e4  NetPipeActivator - ok
12:46:09.0270 0x11e4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
12:46:09.0270 0x11e4  netprofm - ok
12:46:09.0285 0x11e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:09.0285 0x11e4  NetTcpActivator - ok
12:46:09.0285 0x11e4  [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
12:46:09.0301 0x11e4  NetTcpPortSharing - ok
12:46:09.0301 0x11e4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:46:09.0301 0x11e4  nfrd960 - ok
12:46:09.0316 0x11e4  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:46:09.0316 0x11e4  NlaSvc - ok
12:46:09.0332 0x11e4  [ D6C6BE2BBD8ECC91BD48E6504BD19B96, 782819400A1099B0275FE09ACB26179E66878C9D5234F3E61F0C1FE8FB9165E0 ] NNSNAHSL        C:\Windows\system32\DRIVERS\NNSNAHSL.sys
12:46:09.0332 0x11e4  NNSNAHSL - ok
12:46:09.0332 0x11e4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:46:09.0332 0x11e4  Npfs - ok
12:46:09.0348 0x11e4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
12:46:09.0348 0x11e4  nsi - ok
12:46:09.0348 0x11e4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:46:09.0348 0x11e4  nsiproxy - ok
12:46:09.0394 0x11e4  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:46:09.0410 0x11e4  Ntfs - ok
12:46:09.0426 0x11e4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
12:46:09.0426 0x11e4  Null - ok
12:46:09.0441 0x11e4  [ E366A5681C50785D4ED04FCFD65C3415, 7FF7B4B8F09E773401AE879897E60BF494B57B9ACEE990204A4C98A3FB183A33 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
12:46:09.0441 0x11e4  NVHDA - ok
12:46:09.0628 0x11e4  [ A6975E0E4BE34667933846DE2F28AEFC, DFCF194C457A80C8222821001626D089FB1D97A37CA4D50D92144CE324911A78 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:46:09.0784 0x11e4  nvlddmkm - ok
12:46:09.0800 0x11e4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:46:09.0800 0x11e4  nvraid - ok
12:46:09.0816 0x11e4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:46:09.0816 0x11e4  nvstor - ok
12:46:09.0831 0x11e4  [ 9AEDEFFFE581D775E70C1C228CCD495E, F31C6DED1292A9392B83F9F557070543984AAB73718785B1C189752B34D4805B ] nvsvc           C:\Windows\system32\nvvsvc.exe
12:46:09.0847 0x11e4  nvsvc - ok
12:46:09.0847 0x11e4  [ 1AF619620613869C07F9C147BC37520F, 0AD4E100354E201D5E72BA236C1464F5083A7E3B58C4AC6BA712489D258955F5 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
12:46:09.0862 0x11e4  nvvad_WaveExtensible - ok
12:46:09.0862 0x11e4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:46:09.0862 0x11e4  nv_agp - ok
12:46:09.0878 0x11e4  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
12:46:09.0894 0x11e4  odserv - ok
12:46:09.0894 0x11e4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
12:46:09.0894 0x11e4  ohci1394 - ok
12:46:09.0909 0x11e4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:46:09.0909 0x11e4  ose - ok
12:46:09.0925 0x11e4  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:46:09.0925 0x11e4  ose64 - ok
12:46:10.0003 0x11e4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:46:10.0081 0x11e4  osppsvc - ok
12:46:10.0096 0x11e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
12:46:10.0096 0x11e4  p2pimsvc - ok
12:46:10.0112 0x11e4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
12:46:10.0128 0x11e4  p2psvc - ok
12:46:10.0128 0x11e4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
12:46:10.0143 0x11e4  Parport - ok
12:46:10.0143 0x11e4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:46:10.0143 0x11e4  partmgr - ok
12:46:10.0159 0x11e4  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:46:10.0159 0x11e4  PcaSvc - ok
12:46:10.0174 0x11e4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
12:46:10.0174 0x11e4  pci - ok
12:46:10.0174 0x11e4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
12:46:10.0174 0x11e4  pciide - ok
12:46:10.0190 0x11e4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:46:10.0190 0x11e4  pcmcia - ok
12:46:10.0206 0x11e4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
12:46:10.0206 0x11e4  pcw - ok
12:46:10.0221 0x11e4  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:46:10.0237 0x11e4  PEAUTH - ok
12:46:10.0268 0x11e4  [ EDD4C63050ED1821B4C92D06FFD7180B, 33C6B54147771C813CD78CEF66C0A76CA50D9F1D13D41E6764310BF8C0D8D89D ] PEFService      C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
12:46:10.0268 0x11e4  PEFService - ok
12:46:10.0315 0x11e4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
12:46:10.0315 0x11e4  PerfHost - ok
12:46:10.0362 0x11e4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
12:46:10.0377 0x11e4  pla - ok
12:46:10.0393 0x11e4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:46:10.0393 0x11e4  PlugPlay - ok
12:46:10.0408 0x11e4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
12:46:10.0408 0x11e4  PNRPAutoReg - ok
12:46:10.0424 0x11e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
12:46:10.0424 0x11e4  PNRPsvc - ok
12:46:10.0440 0x11e4  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:46:10.0440 0x11e4  PolicyAgent - ok
12:46:10.0455 0x11e4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
12:46:10.0471 0x11e4  Power - ok
12:46:10.0471 0x11e4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:46:10.0471 0x11e4  PptpMiniport - ok
12:46:10.0486 0x11e4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
12:46:10.0486 0x11e4  Processor - ok
12:46:10.0502 0x11e4  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:46:10.0502 0x11e4  ProfSvc - ok
12:46:10.0502 0x11e4  [ 07932D7BA536B0BB58306A156A9AFC31, 315AA4503A9C69E476D796C8DC6D4800A623B942C8707A15A94A892E94D123D9 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:46:10.0518 0x11e4  ProtectedStorage - ok
12:46:10.0518 0x11e4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
12:46:10.0518 0x11e4  Psched - ok
12:46:10.0549 0x11e4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:46:10.0580 0x11e4  ql2300 - ok
12:46:10.0580 0x11e4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:46:10.0596 0x11e4  ql40xx - ok
12:46:10.0596 0x11e4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
12:46:10.0611 0x11e4  QWAVE - ok
12:46:10.0611 0x11e4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:46:10.0611 0x11e4  QWAVEdrv - ok
12:46:10.0627 0x11e4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:46:10.0627 0x11e4  RasAcd - ok
12:46:10.0627 0x11e4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
12:46:10.0627 0x11e4  RasAgileVpn - ok
12:46:10.0642 0x11e4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
12:46:10.0642 0x11e4  RasAuto - ok
12:46:10.0658 0x11e4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:46:10.0658 0x11e4  Rasl2tp - ok
12:46:10.0674 0x11e4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
12:46:10.0674 0x11e4  RasMan - ok
12:46:10.0689 0x11e4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:46:10.0689 0x11e4  RasPppoe - ok
12:46:10.0705 0x11e4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:46:10.0705 0x11e4  RasSstp - ok
12:46:10.0705 0x11e4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:46:10.0720 0x11e4  rdbss - ok
12:46:10.0720 0x11e4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
12:46:10.0720 0x11e4  rdpbus - ok
12:46:10.0736 0x11e4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:46:10.0736 0x11e4  RDPCDD - ok
12:46:10.0752 0x11e4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:46:10.0752 0x11e4  RDPENCDD - ok
12:46:10.0767 0x11e4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
12:46:10.0767 0x11e4  RDPREFMP - ok
12:46:10.0783 0x11e4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
12:46:10.0783 0x11e4  RdpVideoMiniport - ok
12:46:10.0798 0x11e4  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:46:10.0798 0x11e4  RDPWD - ok
12:46:10.0814 0x11e4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
12:46:10.0814 0x11e4  rdyboost - ok
12:46:10.0830 0x11e4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:46:10.0830 0x11e4  RemoteAccess - ok
12:46:10.0845 0x11e4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:46:10.0845 0x11e4  RemoteRegistry - ok
12:46:10.0861 0x11e4  [ 9C3AC71A9934B884FAC567A8807E9C4D, 0B6B2970098E3C21E1E54A25785544903E8CD415B527FCEF86ABC7B33BEC83E7 ] Revoflt         C:\Windows\system32\DRIVERS\revoflt.sys
12:46:10.0861 0x11e4  Revoflt - ok
12:46:10.0861 0x11e4  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
12:46:10.0876 0x11e4  RFCOMM - ok
12:46:10.0876 0x11e4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
12:46:10.0876 0x11e4  RpcEptMapper - ok
12:46:10.0892 0x11e4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
12:46:10.0892 0x11e4  RpcLocator - ok
12:46:10.0908 0x11e4  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
12:46:10.0908 0x11e4  RpcSs - ok
12:46:10.0923 0x11e4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:46:10.0923 0x11e4  rspndr - ok
12:46:10.0939 0x11e4  [ 07932D7BA536B0BB58306A156A9AFC31, 315AA4503A9C69E476D796C8DC6D4800A623B942C8707A15A94A892E94D123D9 ] SamSs           C:\Windows\system32\lsass.exe
12:46:10.0939 0x11e4  SamSs - ok
12:46:10.0939 0x11e4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:46:10.0939 0x11e4  sbp2port - ok
12:46:10.0954 0x11e4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:46:10.0954 0x11e4  SCardSvr - ok
12:46:10.0970 0x11e4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
12:46:10.0970 0x11e4  scfilter - ok
12:46:11.0001 0x11e4  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
12:46:11.0017 0x11e4  Schedule - ok
12:46:11.0017 0x11e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:46:11.0017 0x11e4  SCPolicySvc - ok
12:46:11.0032 0x11e4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:46:11.0032 0x11e4  SDRSVC - ok
12:46:11.0048 0x11e4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:46:11.0048 0x11e4  secdrv - ok
12:46:11.0064 0x11e4  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
12:46:11.0064 0x11e4  seclogon - ok
12:46:11.0064 0x11e4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
12:46:11.0064 0x11e4  SENS - ok
12:46:11.0079 0x11e4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
12:46:11.0079 0x11e4  SensrSvc - ok
12:46:11.0095 0x11e4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:46:11.0095 0x11e4  Serenum - ok
12:46:11.0095 0x11e4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
12:46:11.0110 0x11e4  Serial - ok
12:46:11.0110 0x11e4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:46:11.0110 0x11e4  sermouse - ok
12:46:11.0142 0x11e4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
12:46:11.0157 0x11e4  SessionEnv - ok
12:46:11.0157 0x11e4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
12:46:11.0157 0x11e4  sffdisk - ok
12:46:11.0173 0x11e4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:46:11.0173 0x11e4  sffp_mmc - ok
12:46:11.0173 0x11e4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
12:46:11.0173 0x11e4  sffp_sd - ok
12:46:11.0188 0x11e4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:46:11.0188 0x11e4  sfloppy - ok
12:46:11.0204 0x11e4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:46:11.0204 0x11e4  SharedAccess - ok
12:46:11.0220 0x11e4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:46:11.0235 0x11e4  ShellHWDetection - ok
12:46:11.0235 0x11e4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
12:46:11.0251 0x11e4  SiSRaid2 - ok
12:46:11.0251 0x11e4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:46:11.0251 0x11e4  SiSRaid4 - ok
12:46:11.0266 0x11e4  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
12:46:11.0266 0x11e4  SkypeUpdate - ok
12:46:11.0282 0x11e4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:46:11.0282 0x11e4  Smb - ok
12:46:11.0313 0x11e4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:46:11.0313 0x11e4  SNMPTRAP - ok
12:46:11.0329 0x11e4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
12:46:11.0329 0x11e4  spldr - ok
12:46:11.0344 0x11e4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
12:46:11.0344 0x11e4  Spooler - ok
12:46:11.0407 0x11e4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
12:46:11.0454 0x11e4  sppsvc - ok
12:46:11.0469 0x11e4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
12:46:11.0469 0x11e4  sppuinotify - ok
12:46:11.0485 0x11e4  [ 3F1292E8ABF33070BF5A3838D85DF121, 96D3CEF6DE210463C0909499CBCD25599B76E8FC486A1CF8004807CD15986767 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
12:46:11.0485 0x11e4  SQLWriter - ok
12:46:11.0500 0x11e4  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:46:11.0516 0x11e4  srv - ok
12:46:11.0532 0x11e4  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:46:11.0532 0x11e4  srv2 - ok
12:46:11.0547 0x11e4  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:46:11.0547 0x11e4  srvnet - ok
12:46:11.0563 0x11e4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:46:11.0563 0x11e4  SSDPSRV - ok
12:46:11.0578 0x11e4  [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT          C:\Windows\system32\Drivers\SSPORT.sys
12:46:11.0578 0x11e4  SSPORT - ok
12:46:11.0578 0x11e4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:46:11.0578 0x11e4  SstpSvc - ok
12:46:11.0610 0x11e4  [ 0A3544D7E9AF7D8C991C904339157EDC, 1E1DE4D808AE1174B0CB37E93EBADFC98FEBCD70D612CFE393DDA513581CD123 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
12:46:11.0625 0x11e4  Steam Client Service - ok
12:46:11.0641 0x11e4  [ AD5CE4DBBBAFB82B728BA0548876C5B6, 09022AE357FFBD9F3DF7807BF57704AA8E71767E043E92DA06DB5FE828B3F26F ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:46:11.0641 0x11e4  Stereo Service - ok
12:46:11.0656 0x11e4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
12:46:11.0656 0x11e4  stexstor - ok
12:46:11.0672 0x11e4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
12:46:11.0672 0x11e4  stisvc - ok
12:46:11.0688 0x11e4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:46:11.0688 0x11e4  swenum - ok
12:46:11.0703 0x11e4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
12:46:11.0719 0x11e4  swprv - ok
12:46:11.0750 0x11e4  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
12:46:11.0781 0x11e4  SysMain - ok
12:46:11.0781 0x11e4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:46:11.0781 0x11e4  TabletInputService - ok
12:46:11.0797 0x11e4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:46:11.0812 0x11e4  TapiSrv - ok
12:46:11.0828 0x11e4  [ 89F89A1F70C061BAD2D2A152655F7E9F, FA6755A1668FAEE7F03672D2F711C5547E86269B09D69F9279BCA91F6406CDC0 ] TASCAM_US122144 C:\Windows\system32\Drivers\tascusb2.sys
12:46:11.0828 0x11e4  TASCAM_US122144 - ok
12:46:11.0844 0x11e4  [ FEF5A027D4B534B729442DEC3BB15F1C, 35F8904DFE17D2F5B5F0AFA4B5B42ECA3B8C37880115E1E3234C94BFBDE830DA ] TASCAM_US122L_MK2_MIDI C:\Windows\system32\drivers\tscusb2m.sys
12:46:11.0844 0x11e4  TASCAM_US122L_MK2_MIDI - ok
12:46:11.0859 0x11e4  [ F3BA37A50EF22E7B5DDCE2CF5F61917F, 57935AD2ADCC7067CEDDD9785F23C47B5BCC90C03F3264773A6FC5F66AAABAA3 ] TASCAM_US122L_MK2_WDM C:\Windows\system32\drivers\tscusb2a.sys
12:46:11.0859 0x11e4  TASCAM_US122L_MK2_WDM - ok
12:46:11.0890 0x11e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:46:12.0904 0x11e4  Tcpip - ok
12:46:12.0936 0x11e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
12:46:12.0967 0x11e4  TCPIP6 - ok
12:46:12.0982 0x11e4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:46:12.0982 0x11e4  tcpipreg - ok
12:46:12.0998 0x11e4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:46:12.0998 0x11e4  TDPIPE - ok
12:46:13.0014 0x11e4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:46:13.0014 0x11e4  TDTCP - ok
12:46:13.0029 0x11e4  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:46:13.0029 0x11e4  tdx - ok
12:46:13.0029 0x11e4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:46:13.0029 0x11e4  TermDD - ok
12:46:13.0060 0x11e4  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
12:46:13.0060 0x11e4  TermService - ok
12:46:13.0076 0x11e4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
12:46:13.0076 0x11e4  Themes - ok
12:46:13.0092 0x11e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
12:46:13.0092 0x11e4  THREADORDER - ok
12:46:13.0107 0x11e4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
12:46:13.0107 0x11e4  TrkWks - ok
12:46:13.0138 0x11e4  [ 8A68991D5ABDA25C5A4183AF48E94628, 8B1DC5BAC6D1ADF14D83C99326D2237E4F9AF645773A128489ACE6947386BB6D ] TrueKey         C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
12:46:13.0154 0x11e4  TrueKey - ok
12:46:13.0170 0x11e4  [ 4A742FD58852BAE0167B77FB0CE556E7, 63E7F059C392388DFDA229EC2115E8ADA8D9503A38AD3D9099983CE5CAC16D9D ] TrueKeyScheduler C:\Program Files\TrueKey\McTkSchedulerService.exe
12:46:13.0170 0x11e4  TrueKeyScheduler - ok
12:46:13.0170 0x11e4  [ 8BD2D5320CE7EFB8511246C466940091, A6364B1286352D651718AB0B9D746BECBACA98A9EC51B78EE0F4754B40A56E7D ] TrueKeyServiceHelper C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
12:46:13.0185 0x11e4  TrueKeyServiceHelper - ok
12:46:13.0201 0x11e4  [ 40A8AB90F3CB342F037B493A8EADE4B9, 9AE1C70E1317F68E075FB106F95877F83E002CBD018F36ED140FFE4151F68A4E ] Trufos          C:\Windows\system32\DRIVERS\Trufos.sys
12:46:13.0201 0x11e4  Trufos - ok
12:46:13.0216 0x11e4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:46:13.0216 0x11e4  TrustedInstaller - ok
12:46:13.0248 0x11e4  [ 19BEDA57F3E0A06B8D5EB6D619BD5624, 952D5FAFD662C93628C12A6F7EB8E240A44216C0A15CBD2F5016BC357CBFE821 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:46:13.0248 0x11e4  tssecsrv - ok
12:46:13.0248 0x11e4  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
12:46:13.0248 0x11e4  TsUsbFlt - ok
12:46:13.0263 0x11e4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
12:46:13.0263 0x11e4  TsUsbGD - ok
12:46:13.0279 0x11e4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:46:13.0279 0x11e4  tunnel - ok
12:46:13.0294 0x11e4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:46:13.0294 0x11e4  uagp35 - ok
12:46:13.0310 0x11e4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:46:13.0310 0x11e4  udfs - ok
12:46:13.0341 0x11e4  [ 88A68DA9B38708A511CEAFEAB0383849, 27F1FD389E9C5FE202D888F89137FA30146CAF9439F0D101F9D7F1D3BA106F56 ] UHSfiltv        C:\Windows\system32\drivers\UHSfiltv.sys
12:46:13.0341 0x11e4  UHSfiltv - ok
12:46:13.0357 0x11e4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:46:13.0357 0x11e4  UI0Detect - ok
12:46:13.0372 0x11e4  [ B1D1FE35303E3AEE6D5AF69F09F12E87, 3F7C5F93077E056995F73E906FA86F8CE9EB4435DBBD763648FB9D1265DF11FA ] uisp            C:\Windows\system32\Drivers\usbicp.sys
12:46:13.0372 0x11e4  uisp - ok
12:46:13.0372 0x11e4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:46:13.0372 0x11e4  uliagpkx - ok
12:46:13.0388 0x11e4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:46:13.0388 0x11e4  umbus - ok
12:46:13.0404 0x11e4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
12:46:13.0404 0x11e4  UmPass - ok
12:46:13.0419 0x11e4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
12:46:13.0419 0x11e4  upnphost - ok
12:46:13.0435 0x11e4  [ F957092C63CD71D85903CA0D8370F473, 4DEC2FC20329F248135DA24CB6694FD972DCCE8B1BBEA8D872FDE41939E96AAF ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
12:46:13.0435 0x11e4  USBAAPL64 - ok
12:46:13.0450 0x11e4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
12:46:13.0450 0x11e4  usbaudio - ok
12:46:13.0466 0x11e4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:46:13.0466 0x11e4  usbccgp - ok
12:46:13.0482 0x11e4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:46:13.0482 0x11e4  usbcir - ok
12:46:13.0482 0x11e4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
12:46:13.0497 0x11e4  usbehci - ok
12:46:13.0513 0x11e4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:46:13.0513 0x11e4  usbhub - ok
12:46:13.0528 0x11e4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
12:46:13.0528 0x11e4  usbohci - ok
12:46:13.0528 0x11e4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:46:13.0528 0x11e4  usbprint - ok
12:46:13.0544 0x11e4  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:46:13.0544 0x11e4  usbscan - ok
12:46:13.0560 0x11e4  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\drivers\USBSTOR.SYS
12:46:13.0560 0x11e4  USBSTOR - ok
12:46:13.0575 0x11e4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
12:46:13.0575 0x11e4  usbuhci - ok
12:46:13.0591 0x11e4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
12:46:13.0591 0x11e4  UxSms - ok
12:46:13.0591 0x11e4  [ 18436F7006443FB76145B3D35162A810, 1670A711D808AEA66A63443CE752EB771D4BF34CA838B0040849A436FFF77E69 ] VaneFltr        C:\Windows\system32\drivers\Lachesis.sys
12:46:13.0591 0x11e4  VaneFltr - ok
12:46:13.0606 0x11e4  [ 07932D7BA536B0BB58306A156A9AFC31, 315AA4503A9C69E476D796C8DC6D4800A623B942C8707A15A94A892E94D123D9 ] VaultSvc        C:\Windows\system32\lsass.exe
12:46:13.0606 0x11e4  VaultSvc - ok
12:46:13.0622 0x11e4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
12:46:13.0622 0x11e4  vdrvroot - ok
12:46:13.0638 0x11e4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
12:46:13.0653 0x11e4  vds - ok
12:46:13.0653 0x11e4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:46:13.0653 0x11e4  vga - ok
12:46:13.0669 0x11e4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:46:13.0669 0x11e4  VgaSave - ok
12:46:13.0684 0x11e4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
12:46:13.0684 0x11e4  vhdmp - ok
12:46:13.0700 0x11e4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
12:46:13.0700 0x11e4  viaide - ok
12:46:13.0716 0x11e4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:46:13.0716 0x11e4  volmgr - ok
12:46:13.0731 0x11e4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:46:13.0731 0x11e4  volmgrx - ok
12:46:13.0747 0x11e4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:46:13.0762 0x11e4  volsnap - ok
12:46:13.0778 0x11e4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:46:13.0778 0x11e4  vsmraid - ok
12:46:13.0809 0x11e4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
12:46:13.0825 0x11e4  VSS - ok
12:46:13.0840 0x11e4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
12:46:13.0840 0x11e4  vwifibus - ok
12:46:13.0856 0x11e4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
12:46:13.0856 0x11e4  vwififlt - ok
12:46:13.0872 0x11e4  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
12:46:13.0872 0x11e4  vwifimp - ok
12:46:13.0887 0x11e4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
12:46:13.0887 0x11e4  W32Time - ok
12:46:13.0918 0x11e4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:46:13.0918 0x11e4  WacomPen - ok
12:46:13.0918 0x11e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
12:46:13.0918 0x11e4  WANARP - ok
12:46:13.0934 0x11e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:46:13.0934 0x11e4  Wanarpv6 - ok
12:46:13.0965 0x11e4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
12:46:13.0981 0x11e4  WatAdminSvc - ok
12:46:14.0012 0x11e4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
12:46:14.0043 0x11e4  wbengine - ok
12:46:14.0059 0x11e4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
12:46:14.0059 0x11e4  WbioSrvc - ok
12:46:14.0074 0x11e4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:46:14.0090 0x11e4  wcncsvc - ok
12:46:14.0106 0x11e4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:46:14.0106 0x11e4  WcsPlugInService - ok
12:46:14.0106 0x11e4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
12:46:14.0106 0x11e4  Wd - ok
12:46:14.0137 0x11e4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:46:14.0152 0x11e4  Wdf01000 - ok
12:46:14.0152 0x11e4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:46:14.0168 0x11e4  WdiServiceHost - ok
12:46:14.0168 0x11e4  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:46:14.0168 0x11e4  WdiSystemHost - ok
12:46:14.0184 0x11e4  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
12:46:14.0199 0x11e4  WebClient - ok
12:46:14.0215 0x11e4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:46:14.0215 0x11e4  Wecsvc - ok
12:46:14.0230 0x11e4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:46:14.0230 0x11e4  wercplsupport - ok
12:46:14.0246 0x11e4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:46:14.0246 0x11e4  WerSvc - ok
12:46:14.0262 0x11e4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
12:46:14.0262 0x11e4  WfpLwf - ok
12:46:14.0262 0x11e4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
12:46:14.0262 0x11e4  WIMMount - ok
12:46:14.0277 0x11e4  WinDefend - ok
12:46:14.0308 0x11e4  WinHttpAutoProxySvc - ok
12:46:14.0324 0x11e4  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:46:14.0340 0x11e4  Winmgmt - ok
12:46:14.0371 0x11e4  [ 0C0195C48B6B8582FA6F6373032118DA, 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5 ] WinRing0_1_2_0  D:\Utilities\RealTemp_370\WinRing0x64.sys
12:46:14.0371 0x11e4  WinRing0_1_2_0 - ok
12:46:14.0402 0x11e4  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
12:46:14.0433 0x11e4  WinRM - ok
12:46:14.0464 0x11e4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\drivers\WinUsb.sys
12:46:14.0464 0x11e4  WinUsb - ok
12:46:14.0496 0x11e4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:46:14.0511 0x11e4  Wlansvc - ok
12:46:14.0511 0x11e4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:46:14.0511 0x11e4  WmiAcpi - ok
12:46:14.0542 0x11e4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:46:14.0542 0x11e4  wmiApSrv - ok
12:46:14.0558 0x11e4  WMPNetworkSvc - ok
12:46:14.0574 0x11e4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:46:14.0574 0x11e4  WPCSvc - ok
12:46:14.0589 0x11e4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:46:14.0589 0x11e4  WPDBusEnum - ok
12:46:14.0605 0x11e4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:46:14.0605 0x11e4  ws2ifsl - ok
12:46:14.0620 0x11e4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
12:46:14.0620 0x11e4  wscsvc - ok
12:46:14.0620 0x11e4  WSearch - ok
12:46:14.0683 0x11e4  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
12:46:14.0730 0x11e4  wuauserv - ok
12:46:14.0745 0x11e4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:46:14.0745 0x11e4  WudfPf - ok
12:46:14.0761 0x11e4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\drivers\WUDFRd.sys
12:46:14.0761 0x11e4  WUDFRd - ok
12:46:14.0776 0x11e4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:46:14.0776 0x11e4  wudfsvc - ok
12:46:14.0792 0x11e4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
12:46:14.0792 0x11e4  WwanSvc - ok
12:46:14.0854 0x11e4  ================ Scan global ===============================
12:46:14.0854 0x11e4  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
12:46:14.0870 0x11e4  [ B96D67F1BF78F1005B9D77EA7889F2B8, CD4A75C306E5B2A0898849DC8700548AE2771F6D3618ACB2E8A1A1DB04224B49 ] C:\Windows\system32\winsrv.dll
12:46:14.0870 0x11e4  [ B96D67F1BF78F1005B9D77EA7889F2B8, CD4A75C306E5B2A0898849DC8700548AE2771F6D3618ACB2E8A1A1DB04224B49 ] C:\Windows\system32\winsrv.dll
12:46:14.0886 0x11e4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
12:46:14.0886 0x11e4  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
12:46:14.0886 0x11e4  [ Global ] - ok
12:46:14.0886 0x11e4  ================ Scan MBR ==================================
12:46:14.0886 0x11e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
12:46:14.0901 0x11e4  \Device\Harddisk2\DR2 - ok
12:46:14.0901 0x11e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
12:46:14.0964 0x11e4  \Device\Harddisk0\DR0 - ok
12:46:14.0964 0x11e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
12:46:14.0979 0x11e4  \Device\Harddisk1\DR1 - ok
12:46:14.0979 0x11e4  ================ Scan VBR ==================================
12:46:14.0979 0x11e4  [ A10C0D5C0095173CE45F1CF70949F9BC ] \Device\Harddisk2\DR2\Partition1
12:46:14.0979 0x11e4  \Device\Harddisk2\DR2\Partition1 - ok
12:46:14.0979 0x11e4  [ 85A099B3D1A67D12BB7DE6F63088229A ] \Device\Harddisk0\DR0\Partition1
12:46:14.0979 0x11e4  \Device\Harddisk0\DR0\Partition1 - ok
12:46:14.0979 0x11e4  [ F1D4D0D6A4394A4480BB58D2EBFC207D ] \Device\Harddisk0\DR0\Partition2
12:46:14.0979 0x11e4  \Device\Harddisk0\DR0\Partition2 - ok
12:46:14.0979 0x11e4  [ E44F14B6492D901D2AC9CD9FEDBF436A ] \Device\Harddisk1\DR1\Partition1
12:46:14.0979 0x11e4  \Device\Harddisk1\DR1\Partition1 - ok
12:46:14.0979 0x11e4  ================ Scan generic autorun ======================
12:46:15.0088 0x11e4  [ EE0170917D3E6BC75D668C1D39815CAD, 138297BFC2B37FA694D5CFC126AF08516F9CD3372B4CCEC3B950BBC8250C428F ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
12:46:15.0166 0x11e4  RTHDVCPL - ok
12:46:15.0198 0x11e4  [ 0932D22D72FBFC2391D2647F2206CEC5, 11D7B51E1E7F573223A8C107CBB68DCA036EE0C7DD4545E36B5AD78584AB6770 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
12:46:15.0213 0x11e4  RtHDVBg_DTS - ok
12:46:15.0213 0x11e4  [ 39CF316EB5842AE27CC0D3CC4E2840DE, BC4D4ED926F988B7B70CC87B7EC92D148DA6BC39C5C514751F1B0CA69D0F9081 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
12:46:15.0229 0x11e4  BCSSync - ok
12:46:15.0229 0x11e4  [ 90C6C359293757A161A3FCA0793B1293, 1820C2A9608E7D470A0938FDC407BF4B6D0077C78D5A2B6AD34C84B8F4DA55AE ] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
12:46:15.0229 0x11e4  ASUS ShellProcess Execute - ok
12:46:15.0244 0x11e4  [ 6BA433E1E4C815CFB819DD99447F847A, FB0C53ACE0A28AC59D2E2DA47ED780BABABFA0BB61585C12E82F8F973D3A9EC5 ] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
12:46:15.0244 0x11e4  ASUS AiChargerPlus Execute - ok
12:46:15.0322 0x11e4  [ 4D042B1F1375CF371AFBE0E0276BA627, FA64290562115F567C8CFB1B701E28CEBA772052CB6A02C036897C2C7BD5BA08 ] d:\Adobe7\Acrobat\Acrotray.exe
12:46:15.0322 0x11e4  Acrobat Assistant 8.0 - ok
12:46:15.0322 0x11e4  [ 11B04297452A96941CA4C50F323CD671, 6D3496F9E59A8FABE1FD588872B14373261752AEFB6A7DBFDB2C26922CDD498A ] C:\Program Files (x86)\Razer\Lachesis\razerhid.exe
12:46:15.0338 0x11e4  Lachesis - ok
12:46:15.0354 0x11e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:15.0369 0x11e4  Sidebar - ok
12:46:15.0369 0x11e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:15.0369 0x11e4  mctadmin - ok
12:46:15.0385 0x11e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:15.0400 0x11e4  Sidebar - ok
12:46:15.0400 0x11e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:15.0416 0x11e4  mctadmin - ok
12:46:15.0432 0x11e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:15.0447 0x11e4  Sidebar - ok
12:46:15.0447 0x11e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:15.0447 0x11e4  mctadmin - ok
12:46:15.0463 0x11e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
12:46:15.0478 0x11e4  Sidebar - ok
12:46:15.0478 0x11e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
12:46:15.0478 0x11e4  mctadmin - ok
12:46:15.0478 0x11e4  Waiting for KSN requests completion. In queue: 91
12:46:16.0586 0x11e4  AV detected via SS2: McAfee Anti-Virus and Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 15.0.0.0 ), 0x51000 ( enabled : updated )
12:46:16.0586 0x11e4  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 15.0.0.0 ), 0x52010 ( disabled )
12:46:16.0617 0x11e4  Win FW state via NFP2: enabled ( trusted )
12:46:17.0163 0x11e4  ============================================================
12:46:17.0163 0x11e4  Scan finished
12:46:17.0163 0x11e4  ============================================================
12:46:17.0163 0x1414  Detected object count: 0
12:46:17.0163 0x1414  Actual detected object count: 0
12:46:27.0646 0x1684  Deinitialize success
 
******************************
ASW Drive C:
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-02 12:46:32
-----------------------------
12:46:32.311    OS Version: Windows x64 6.1.7601 Service Pack 1
12:46:32.311    Number of processors: 4 586 0x2A07
12:46:32.311    ComputerName: BILL2700  UserName: Billg
12:46:32.685    Initialize success
12:46:32.716    VM: initialized successfully
12:46:32.716    VM: Intel CPU BiosDisabled 
12:48:36.135    AVAST engine defs: 16100200
12:49:01.266    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:49:01.266    Disk 0 Vendor: M4-CT064M4SSD2 010G Size: 61057MB BusType: 11
12:49:01.266    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
12:49:01.266    Disk 1 Vendor: C300-MTFDDAC256MAG 0006 Size: 244198MB BusType: 11
12:49:01.266    Disk 2  \Device\Harddisk2\DR2 -> \Device\Scsi\mv91xx1Port5Path0Target1Lun0
12:49:01.266    Disk 2 Vendor: WDC_WD15 05.0 Size: 1430799MB BusType: 11
12:49:01.282    Disk 0 MBR read successfully
12:49:01.282    Disk 0 MBR scan
12:49:01.282    Disk 0 Windows 7 default MBR code
12:49:01.282    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:49:01.297    Disk 0 default boot code
12:49:01.297    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
12:49:01.313    Disk 0 scanning C:\Windows\system32\drivers
12:49:03.513    Service scanning
12:49:09.441    Modules scanning
12:49:09.441    Disk 0 trace - called modules:
12:49:09.441    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:49:09.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d0c2060]
12:49:09.441    3 CLASSPNP.SYS[fffff88001b2943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800ce3e1f0]
12:49:09.628    AVAST engine scan C:\Windows
12:49:10.143    AVAST engine scan C:\Windows\system32
12:49:59.782    AVAST engine scan C:\Windows\system32\drivers
12:50:02.590    AVAST engine scan C:\Users\Billg
12:51:03.212    AVAST engine scan C:\ProgramData
12:51:19.545    Disk 0 statistics 4259521/0/0 @ 31.49 MB/s
12:51:19.545    Scan finished successfully
12:51:29.061    Disk 0 MBR has been saved successfully to "C:\Users\Billg\Desktop\MBR.dat"
12:51:29.061    The log file has been saved successfully to "C:\Users\Billg\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-02 12:46:32
-----------------------------
12:46:32.311    OS Version: Windows x64 6.1.7601 Service Pack 1
12:46:32.311    Number of processors: 4 586 0x2A07
12:46:32.311    ComputerName: BILL2700  UserName: Billg
12:46:32.685    Initialize success
12:46:32.716    VM: initialized successfully
12:46:32.716    VM: Intel CPU BiosDisabled 
12:48:36.135    AVAST engine defs: 16100200
12:49:01.266    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:49:01.266    Disk 0 Vendor: M4-CT064M4SSD2 010G Size: 61057MB BusType: 11
12:49:01.266    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
12:49:01.266    Disk 1 Vendor: C300-MTFDDAC256MAG 0006 Size: 244198MB BusType: 11
12:49:01.266    Disk 2  \Device\Harddisk2\DR2 -> \Device\Scsi\mv91xx1Port5Path0Target1Lun0
12:49:01.266    Disk 2 Vendor: WDC_WD15 05.0 Size: 1430799MB BusType: 11
12:49:01.282    Disk 0 MBR read successfully
12:49:01.282    Disk 0 MBR scan
12:49:01.282    Disk 0 Windows 7 default MBR code
12:49:01.282    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:49:01.297    Disk 0 default boot code
12:49:01.297    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
12:49:01.313    Disk 0 scanning C:\Windows\system32\drivers
12:49:03.513    Service scanning
12:49:09.441    Modules scanning
12:49:09.441    Disk 0 trace - called modules:
12:49:09.441    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:49:09.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d0c2060]
12:49:09.441    3 CLASSPNP.SYS[fffff88001b2943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800ce3e1f0]
12:49:09.628    AVAST engine scan C:\Windows
12:49:10.143    AVAST engine scan C:\Windows\system32
12:49:59.782    AVAST engine scan C:\Windows\system32\drivers
12:50:02.590    AVAST engine scan C:\Users\Billg
12:51:03.212    AVAST engine scan C:\ProgramData
12:51:19.545    Disk 0 statistics 4259521/0/0 @ 31.49 MB/s
12:51:19.545    Scan finished successfully
12:51:29.061    Disk 0 MBR has been saved successfully to "C:\Users\Billg\Desktop\MBR.dat"
12:51:29.061    The log file has been saved successfully to "C:\Users\Billg\Desktop\aswMBR.txt"
12:52:24.924    Disk 0 MBR has been saved successfully to "C:\Users\Billg\Desktop\MBR.dat"
12:52:24.924    The log file has been saved successfully to "C:\Users\Billg\Desktop\aswMBR.txt"
 
************************************''
ASW Drive D:
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-02 12:46:32
-----------------------------
12:46:32.311    OS Version: Windows x64 6.1.7601 Service Pack 1
12:46:32.311    Number of processors: 4 586 0x2A07
12:46:32.311    ComputerName: BILL2700  UserName: Billg
12:46:32.685    Initialize success
12:46:32.716    VM: initialized successfully
12:46:32.716    VM: Intel CPU BiosDisabled 
12:48:36.135    AVAST engine defs: 16100200
12:49:01.266    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:49:01.266    Disk 0 Vendor: M4-CT064M4SSD2 010G Size: 61057MB BusType: 11
12:49:01.266    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
12:49:01.266    Disk 1 Vendor: C300-MTFDDAC256MAG 0006 Size: 244198MB BusType: 11
12:49:01.266    Disk 2  \Device\Harddisk2\DR2 -> \Device\Scsi\mv91xx1Port5Path0Target1Lun0
12:49:01.266    Disk 2 Vendor: WDC_WD15 05.0 Size: 1430799MB BusType: 11
12:49:01.282    Disk 0 MBR read successfully
12:49:01.282    Disk 0 MBR scan
12:49:01.282    Disk 0 Windows 7 default MBR code
12:49:01.282    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:49:01.297    Disk 0 default boot code
12:49:01.297    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
12:49:01.313    Disk 0 scanning C:\Windows\system32\drivers
12:49:03.513    Service scanning
12:49:09.441    Modules scanning
12:49:09.441    Disk 0 trace - called modules:
12:49:09.441    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:49:09.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d0c2060]
12:49:09.441    3 CLASSPNP.SYS[fffff88001b2943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800ce3e1f0]
12:49:09.628    AVAST engine scan C:\Windows
12:49:10.143    AVAST engine scan C:\Windows\system32
12:49:59.782    AVAST engine scan C:\Windows\system32\drivers
12:50:02.590    AVAST engine scan C:\Users\Billg
12:51:03.212    AVAST engine scan C:\ProgramData
12:51:19.545    Disk 0 statistics 4259521/0/0 @ 31.49 MB/s
12:51:19.545    Scan finished successfully
12:51:29.061    Disk 0 MBR has been saved successfully to "C:\Users\Billg\Desktop\MBR.dat"
12:51:29.061    The log file has been saved successfully to "C:\Users\Billg\Desktop\aswMBR.txt"
 
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-10-02 12:46:32
-----------------------------
12:46:32.311    OS Version: Windows x64 6.1.7601 Service Pack 1
12:46:32.311    Number of processors: 4 586 0x2A07
12:46:32.311    ComputerName: BILL2700  UserName: Billg
12:46:32.685    Initialize success
12:46:32.716    VM: initialized successfully
12:46:32.716    VM: Intel CPU BiosDisabled 
12:48:36.135    AVAST engine defs: 16100200
12:49:01.266    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
12:49:01.266    Disk 0 Vendor: M4-CT064M4SSD2 010G Size: 61057MB BusType: 11
12:49:01.266    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-5
12:49:01.266    Disk 1 Vendor: C300-MTFDDAC256MAG 0006 Size: 244198MB BusType: 11
12:49:01.266    Disk 2  \Device\Harddisk2\DR2 -> \Device\Scsi\mv91xx1Port5Path0Target1Lun0
12:49:01.266    Disk 2 Vendor: WDC_WD15 05.0 Size: 1430799MB BusType: 11
12:49:01.282    Disk 0 MBR read successfully
12:49:01.282    Disk 0 MBR scan
12:49:01.282    Disk 0 Windows 7 default MBR code
12:49:01.282    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:49:01.297    Disk 0 default boot code
12:49:01.297    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        60955 MB offset 206848
12:49:01.313    Disk 0 scanning C:\Windows\system32\drivers
12:49:03.513    Service scanning
12:49:09.441    Modules scanning
12:49:09.441    Disk 0 trace - called modules:
12:49:09.441    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
12:49:09.441    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d0c2060]
12:49:09.441    3 CLASSPNP.SYS[fffff88001b2943f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0xfffffa800ce3e1f0]
12:49:09.628    AVAST engine scan C:\Windows
12:49:10.143    AVAST engine scan C:\Windows\system32
12:49:59.782    AVAST engine scan C:\Windows\system32\drivers
12:50:02.590    AVAST engine scan C:\Users\Billg
12:51:03.212    AVAST engine scan C:\ProgramData
12:51:19.545    Disk 0 statistics 4259521/0/0 @ 31.49 MB/s
12:51:19.545    Scan finished successfully
12:51:29.061    Disk 0 MBR has been saved successfully to "C:\Users\Billg\Desktop\MBR.dat"
12:51:29.061    The log file has been saved successfully to "C:\Users\Billg\Desktop\aswMBR.txt"
12:52:24.924    Disk 0 MBR has been saved successfully to "C:\Users\Billg\Desktop\MBR.dat"
12:52:24.924    The log file has been saved successfully to "C:\Users\Billg\Desktop\aswMBR.txt"
 
 


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 02 October 2016 - 01:32 PM


Did you install this Chrome Extension.
CHR Extension: (Meeting Center) - C:\Users\Billg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfbonfpcpnmoonikfalnendonhkkfjj [2016-09-24]

The folder \cpfbonfpcpnmoonikfalnendonhkkfjj your topic is the only one with this name?

If not installed by you remove the extension.

Disable it and see if the problem peresists.

===

Check all your Chrome extension and see if any are protected by an Enterprise-policy.

Refer this to this topic.

https://malwaretips.com/blogs/installed-enterprise-policy-removal/
Remove Installed by enterprise policy extension from Chrome

If you see one let me know the name.

#9 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 02 October 2016 - 05:10 PM

Hi Nasdaq, although neither TDSkiller or ASW logs show anything found the ads haven't returned. Let me see if this continues and I'll report back. 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:52 PM

Posted 03 October 2016 - 08:45 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


I will keep this topic open for 5 days.
Return if needed.

#11 panda234

panda234
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 03 October 2016 - 11:20 AM

The ads still haven't returned so I think we can call it a success! Thank you and The_Codesee for all the help and taking the time to work this out. 

 

Thanks again!!

 

Bill






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users