Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think someone I know is using my computer remotely and stealing my files.


  • Please log in to reply
14 replies to this topic

#1 bigfanta

bigfanta

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 05 December 2016 - 08:42 PM

I've had suspisions that someone has been stealing my files and/or monitoring my computer. Possibly even someone I know because I've never had issues (been using PCs since I was 8, am 33 now) until about a year ago when I met him. Now, I constantly have issues and it's caused me a great deal of stress and paranoia. WHat finally tipped the hat was this Thanks giving, I left for to visit family for a couple of days. Before I left,  I distinctly remember signing out of windows because it was taking forever and I was in a hurry, but wanted to make sure it completely signed out before turning off my monitor.

 

Here's where things get weird. When I came home, I turned on my monitor and my computer was not in sleep mode or even at the windows login screen. There were several windows opened like someone had been snooping around. I did a search for modified files and sure enough, there was activity while wasn't even home. I also found a folder labled dropbox, but not to sure if it was mine from the past. I did also find it strange that One Drive came up in my recent since I had uninstalled it. When I went to uninstall again, it doesnt show on the list, so it may have been a bad uninstall, but regardless, it appears that someone had tried to access. Additionally, All of my power-saving setting had been set so that my computer would never go to sleep and that my hard disk would not turn off.  My Users folder had security multiple user level priviledges set and sharing was enabled. On device manager, just saw this now , it looks like my windows folder is being shared with a remote admin (and I don;t have or have ever had remote access enabled). and my C drive is also shared. I aways keep my network discovery off, it was enabled and so were file and print sharing.

 

 My big mistake was not coming here first as I just started going through the computer a few days ago and uninstaling stuff and disabling anything wierd that I found. In device managers, I found hidden devices under Network devices that may be needed, but not sure, so I just disabled them. I finally just thought that maybe you can help me find out how to stop this. I looked at my router logs (which have been cleared out by someone since the last time I looked), I kept seeing things about IPv6, but it's not even enabled. I also came across a  mac address. i did a mac address lookup and found that the mac was from a  Thomson Telecom Belgium. I didn;t know what that was so I googled it and the first result read, 

insidetrust.com: Attacking secured clients via a insecure wireless router ....so I'm not sure what to make of all this. Can you please help me get to the bottom of all of this??

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 14 December 2016 - 10:56 AM

Hello, lets do these and see what it gets.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
SXvL3ZF.pngTDSSKiller
  • Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 03:09 AM

Thank you so much for your help. I really appreciate it...here's the MiniToolBox results...

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by danny_fantastico (administrator) on 15-12-2016 at 00:06:27
Running from "C:\Users\danny_fantastico\Desktop"
Microsoft Windows 10 Home  (X64)
Model: GA-78LMT-USB3 6.0 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.ftp", "fe80::74e9:5f0d:3fd8:7923"
"network.proxy.ftp_port", 8080
"network.proxy.http", "fe80::74e9:5f0d:3fd8:7923"
"network.proxy.http_port", 8080
"network.proxy.share_proxy_settings", true
"network.proxy.socks", "fe80::74e9:5f0d:3fd8:7923"
"network.proxy.socks_port", 8080
"network.proxy.socks_version", 4
"network.proxy.ssl", "fe80::74e9:5f0d:3fd8:7923"
"network.proxy.ssl_port", 8080
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Ethernet (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = Ethernet 3 (Hardware not present)
VMware Virtual Ethernet Adapter for VMnet8 = Ethernet 4 (Hardware not present)
Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter = Wi-Fi (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 6" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 14" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 16" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : TimeWarnerCable-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Wireless LAN adapter Wi-Fi:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter
   Physical Address. . . . . . . . . : EC-08-6B-14-90-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : EC-08-6B-14-90-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : EC-08-6B-14-90-1A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 40-8D-5C-0E-05-6D
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 14, 2016 5:47:19 PM
   Lease Expires . . . . . . . . . . : Thursday, December 15, 2016 5:47:19 PM
   Default Gateway . . . . . . . . . : 192.168.1.253
   DHCP Server . . . . . . . . . . . : 192.168.1.253
   DNS Servers . . . . . . . . . . . : 192.168.1.253
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter isatap.attlocal.net:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Local Area Connection* 15:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:38e2:3cc2:3f57:febd(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::38e2:3cc2:3f57:febd%9(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 754974720
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-D4-3A-36-40-8D-5C-0E-05-6D
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dsldevice.attlocal.net
Address:  192.168.1.253
 
Name:    google.com
Addresses:  2607:f8b0:4005:805::200e
 216.58.194.206
 
 
Pinging google.com [216.58.194.206] with 32 bytes of data:
Reply from 216.58.194.206: bytes=32 time=29ms TTL=53
Reply from 216.58.194.206: bytes=32 time=29ms TTL=53
 
Ping statistics for 216.58.194.206:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 29ms, Average = 29ms
Server:  dsldevice.attlocal.net
Address:  192.168.1.253
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 2001:4998:58:c02::a9
 206.190.36.45
 98.138.253.109
 98.139.183.24
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=46
Reply from 98.139.183.24: bytes=32 time=108ms TTL=46
 
Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 108ms, Average = 107ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...ec 08 6b 14 90 1a ......Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter
 25...ec 08 6b 14 90 1a ......Microsoft Hosted Network Virtual Adapter
 20...ec 08 6b 14 90 1a ......Microsoft Wi-Fi Direct Virtual Adapter
 12...40 8d 5c 0e 05 6d ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  9...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.253     192.168.1.66     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.66    291
     192.168.1.66  255.255.255.255         On-link      192.168.1.66    291
    192.168.1.255  255.255.255.255         On-link      192.168.1.66    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.66    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.66    291
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  9    331 2001::/32                On-link
  9    331 2001:0:4137:9e76:38e2:3cc2:3f57:febd/128
                                    On-link
  9    331 fe80::/64                On-link
  9    331 fe80::38e2:3cc2:3f57:febd/128
                                    On-link
  1    331 ff00::/8                 On-link
  9    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWoW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWoW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWoW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWoW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWoW64\mswsock.dll [306016] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67584] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (12/15/2016 12:06:38 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/15/2016 12:06:27 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (12/15/2016 12:06:27 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/15/2016 12:06:17 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/15/2016 12:06:06 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (12/15/2016 12:06:06 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/15/2016 12:05:56 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/15/2016 12:05:45 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (12/15/2016 12:05:45 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log" for read only access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (12/15/2016 12:05:35 AM) (Source: ESENT) (User: )
Description: svchost (2368) TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: An attempt to open the file "C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk" for read / write access failed with system error 5 (0x00000005): "Access is denied. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
 
System errors:
=============
Error: (12/14/2016 11:55:28 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}{F72671A9-012C-4725-9D2F-2A4D32D65169}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (12/14/2016 05:47:52 PM) (Source: Service Control Manager) (User: )
Description: The hmevpnsvc service depends on the RasMan service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (12/14/2016 05:47:52 PM) (Source: Service Control Manager) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error: 
%%0 = The operation completed successfully.
 
 
Error: (12/14/2016 05:47:51 PM) (Source: Service Control Manager) (User: )
Description: The WsAppService service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (12/14/2016 05:47:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WsAppService service to connect.
 
Error: (12/14/2016 05:47:51 PM) (Source: Service Control Manager) (User: )
Description: The ClickToRunSvc service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (12/14/2016 05:47:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc service to connect.
 
Error: (12/14/2016 05:47:51 PM) (Source: Service Control Manager) (User: )
Description: The MediaMall Server service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (12/14/2016 05:47:51 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MediaMall Server service to connect.
 
Error: (12/14/2016 05:47:50 PM) (Source: Service Control Manager) (User: )
Description: The PlaysService service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
 
Microsoft Office Sessions:
=========================
Error: (12/15/2016 12:06:38 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (12/15/2016 12:06:27 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log-1032 (0xfffffbf8)
 
Error: (12/15/2016 12:06:27 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (12/15/2016 12:06:17 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (12/15/2016 12:06:06 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log-1032 (0xfffffbf8)
 
Error: (12/15/2016 12:06:06 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (12/15/2016 12:05:56 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (12/15/2016 12:05:45 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log-1032 (0xfffffbf8)
 
Error: (12/15/2016 12:05:45 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
Error: (12/15/2016 12:05:35 AM) (Source: ESENT)(User: )
Description: svchost2368TILEREPOSITORYS-1-5-21-3653159639-3780992185-529759721-1004: C:\Users\danny_fantastico\AppData\Local\TileDataLayer\Database\EDB.chk-1032 (0xfffffbf8)5 (0x00000005)Access is denied.
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-11-24 18:37:17.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-24 18:37:17.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-24 18:37:17.682
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-11-24 18:37:17.677
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.13 - Adobe Systems)
Adobe After Effects CS6 (HKLM-x32\...\{4817D846-700B-474E-A31B-80892B3E92E3}) (Version: 11 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Illustrator CS6 (HKLM-x32\...\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.)
AMP Font Viewer (HKLM-x32\...\AMP Font Viewer) (Version:  - )
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.8.42450 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{118C2119-84B6-E32C-63E2-B56DBCF41CE5}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{51F85784-6799-5CA3-97B2-2E5904FC3E58}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5A083A57-10D6-D4E5-292C-F274870E73A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{AD28960A-6190-C991-C964-308B86EAA2E2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{DF0D7C1C-72B6-9FFB-DF66-B3720237BB80}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{238F6F6F-2544-86CF-3AB6-2CDADAB58CF0}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{C3EE628C-7394-FE2C-0C90-C05284EB528D}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{2F544F46-5F6E-97BB-3550-A0242A3C5754}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{EC688BD0-240D-AE40-55F3-234E54919AE6}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{E27224E3-7913-DA1E-5B08-9BEEC8FEE3D1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{FC4086D6-E345-5F43-08BB-280FB57DAF49}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{95A52FC1-C728-841D-1BFC-CC793B77B0A4}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5FEACE78-C338-9AED-FF05-7DE7E273C774}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{A22CDEBA-6DB5-12CD-F6CE-6238C2D78363}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{AC85CF50-9A55-0103-ADBF-365C37603AA4}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{C0BFC67D-E447-02C8-6046-C078DFE9EC97}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{94C72EBE-2908-F0AC-62DA-D61951830F8F}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{B349892D-B015-033C-4CA8-3635E6B655D7}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{5B987681-3652-492B-6A11-E02AC0FE5959}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{26567561-DFB2-2B63-9BA8-6A490ED37016}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{86BFE5B4-1FCE-3C02-6373-92B1AE6431E8}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0742432E-42D9-2240-4CA1-8595CCCBAA77}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5FD706FF-6AD8-E372-A35A-879409982655}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DAB44116-0266-C65B-B643-AC11217C3041}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{EAEAA839-44F4-22DF-D1CC-88C3B2A3D4B1}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3AF70346-52C7-0334-606F-118D1C1CB7A2}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A3973655-E448-4A1B-477C-988A79D132D9}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{53AE8AC7-5213-67AF-0DC0-CED696B77643}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{59D2664C-949B-7FA7-9880-ECB993B6616A}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{6DC92550-D065-4B36-C4D3-D8D7A702A7A7}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{970A40CA-46AB-986C-1798-976ED0EA00FA}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{B2A83706-3F14-1532-20CD-B4EE715A8945}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{44ED2CDA-4197-E9E9-B328-26E1FB749116}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{3450566C-4561-0EE8-B1AB-D5C79CCE8D2C}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{C14A3A5B-8A86-C239-37D7-158211778C54}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{A50C89BC-8D8E-8828-824A-7171F6D583D5}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{FCE8438C-3272-D63F-479F-670F082B294B}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}) (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{25D1751E-7CA2-5F6D-0125-0A16E47AF9FE}) (Version: 2016.0624.1251.21301 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.17 - Piriform)
Cisco Network Assistant (HKLM-x32\...\{397FF711-8BD9-4388-ADFC-2A878B83F018}) (Version: 6.3 - Cisco Systems, Inc)
Cricut Design Space Client (HKCU\...\Cricut Design Space Client) (Version: 3.2.1.0 - Provo Craft)
EaseUS Data Recovery Wizard 8.5 (HKLM\...\EaseUS Data Recovery Wizard 8.5_is1) (Version:  - EaseUS)
EaseUS MobiSaver for Android version 4.1 (HKLM-x32\...\{82D2239C-0F46-4446-B3CA-810A07BF7A6E}_is1) (Version: 4.1 - CHENGDU YIWO Tech Development Co., Ltd.)
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.17.0 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Earth (HKLM-x32\...\{A0C18B96-AB79-46BD-8321-6FA83E6D25B9}) (Version: 7.1.7.2606 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
hide.me VPN 1.2.6 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.2.6 - eVenture Limited)
HP ENVY 120 series Basic Device Software (HKLM\...\{0E96CEFA-F256-4E54-BB46-34FA4A8847D7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ENVY 4500 series Basic Device Software (HKLM\...\{6915424E-704F-4F5D-9057-9C7B406B36DB}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Kingo ROOT version 1.4.6.2750 (HKLM-x32\...\{AE7675D6-0B31-494F-ABFA-822E1A0FDF17}_is1) (Version: 1.4.6.2750 - Kingosoft Technology Ltd.)
Logi Firmware Update Tool for C930e (HKLM-x32\...\FWUpdateC930e) (Version: 1.1.248.0 - Logitech Europe S.A.)
Logitech Alert Commander (HKLM-x32\...\{9C815CCE-8A56-4C1E-A3CA-D1BA519882BC}) (Version: 3.5.97 - Logitech)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
LogoDesignStudio (HKLM-x32\...\{7543145B-8139-474F-94E7-0A3FF524F509}) (Version: 4.0 - Summitsoft Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mindjet MindManager 15 (HKLM\...\{0D54C615-A3F1-4BF2-BC79-7CA61F8ADB34}) (Version: 15.1.173 - Mindjet)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
Mozilla Thunderbird 45.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.1.0 (x86 en-US)) (Version: 45.1.0 - Mozilla)
Nmap 7.00 (HKLM-x32\...\Nmap) (Version:  - )
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PlayOn (HKLM-x32\...\{b5ec7255-9bea-4573-9194-68113c314287}) (Version: 4.0.36.13673 - MediaMall Technologies, Inc.)
PlayOn (HKLM-x32\...\{C5BDC274-D61B-425D-8030-EB2DC893EC87}) (Version: 4.0.36 - MediaMall Technologies, Inc.) Hidden
PlayOn Dependencies (HKLM-x32\...\{0E100B2E-D56C-4BFB-9FD6-894FDEDC10E6}) (Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.13.1-r115223-release - Plays.tv, LLC)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7457 - Realtek Semiconductor Corp.)
SafeZone Stable 1.48.2066.98 (HKLM-x32\...\SafeZone 1.48.2066.98) (Version: 1.48.2066.98 - Avast Software) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
SMPlayer 16.4.0 (HKLM-x32\...\SMPlayer) (Version: 16.4.0 - Ricardo Villalba)
Snagit 12 (HKLM-x32\...\{5813f11a-0c26-4d32-880a-463abb90a6a6}) (Version: 12.3.2.2909 - TechSmith Corporation)
Snagit 12 (HKLM-x32\...\{588591F5-74D7-4646-87C5-6A07E526F303}) (Version: 12.3.2 - TechSmith Corporation) Hidden
Sublime Text Build 3083 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VMware Player (HKLM\...\{E452E727-86B8-4233-8CC3-41FD817AFAFF}) (Version: 6.0.7 - VMware, Inc.) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - Provo Craft & Novelty, Inc. (usbser) Ports  (08/01/2016 1.3.0.0) (HKLM\...\17736CDD02DF8CFDD0CC1097668A82C013C969F3) (Version: 08/01/2016 1.3.0.0 - Provo Craft & Novelty, Inc.)
Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32\...\{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
WinHTTrack Website Copier 3.48-21 (x64) (HKLM\...\WinHTTrack Website Copier_is1) (Version: 3.48.21 - HTTrack)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wireshark 2.0.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.0 - The Wireshark developer community, https://www.wireshark.org)
Wondershare MirrorGo(Version 1.5.0) (HKLM-x32\...\{EE843B49-D9BC-4A9E-A8A7-B9F14C0381C7}_is1) (Version: 1.5.0 - Wondershare)
Wondershare MobileGo ( Version 8.0.0 ) (HKLM-x32\...\{1E04C795-7359-4E05-8A0E-5644F777AA09}_is1) (Version: 8.0.0 - Wondershare)
Wondershare Video Converter Ultimate(Build 8.5.7.1) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 8.5.7.1 - Wondershare Software)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 14%
Total physical RAM: 24557.55 MB
Available physical RAM: 21051.61 MB
Total Virtual: 28141.55 MB
Available Virtual: 24145.59 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:931.02 GB) (Free:55.79 GB) NTFS
2 Drive d: (KNOPPIX) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
 
========================= Users: ========================================
 
User accounts for \\TIMEWARNERCABLE
 
Administrator            danny_fantastico         DefaultAccount           
Guest                    Speedy                   
 
 
**** End of log ****


#4 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 03:27 AM

00:24:19.0043 0x08f8  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
00:24:24.0385 0x08f8  ============================================================
00:24:24.0385 0x08f8  Current date / time: 2016/12/15 00:24:24.0385
00:24:24.0385 0x08f8  SystemInfo:
00:24:24.0385 0x08f8  
00:24:24.0385 0x08f8  OS Version: 10.0.14393 ServicePack: 0.0
00:24:24.0385 0x08f8  Product type: Workstation
00:24:24.0385 0x08f8  ComputerName: TIMEWARNERCABLE
00:24:24.0385 0x08f8  UserName: danny_fantastico
00:24:24.0385 0x08f8  Windows directory: C:\WINDOWS
00:24:24.0385 0x08f8  System windows directory: C:\WINDOWS
00:24:24.0385 0x08f8  Running under WOW64
00:24:24.0385 0x08f8  Processor architecture: Intel x64
00:24:24.0385 0x08f8  Number of processors: 8
00:24:24.0385 0x08f8  Page size: 0x1000
00:24:24.0385 0x08f8  Boot type: Normal boot
00:24:24.0385 0x08f8  CodeIntegrityOptions = 0x00000001
00:24:24.0385 0x08f8  ============================================================
00:24:25.0243 0x08f8  KLMD registered as C:\WINDOWS\system32\drivers\37727366.sys
00:24:25.0243 0x08f8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.576, osProperties = 0x19
00:24:25.0579 0x08f8  System UUID: {9F60FC9C-8688-FAAD-9F49-1E1546C80EEB}
00:24:26.0172 0x08f8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
00:24:26.0191 0x08f8  ============================================================
00:24:26.0191 0x08f8  \Device\Harddisk0\DR0:
00:24:26.0197 0x08f8  MBR partitions:
00:24:26.0197 0x08f8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
00:24:26.0197 0x08f8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0x7460B000
00:24:26.0197 0x08f8  ============================================================
00:24:26.0221 0x08f8  C: <-> \Device\Harddisk0\DR0\Partition2
00:24:26.0221 0x08f8  ============================================================
00:24:26.0221 0x08f8  Initialize success
00:24:26.0221 0x08f8  ============================================================
00:24:31.0011 0x0b1c  ============================================================
00:24:31.0011 0x0b1c  Scan started
00:24:31.0011 0x0b1c  Mode: Manual; 
00:24:31.0011 0x0b1c  ============================================================
00:24:31.0011 0x0b1c  KSN ping started
00:24:31.0426 0x0b1c  KSN ping finished: true
00:24:41.0909 0x0b1c  ================ Scan system memory ========================
00:24:41.0909 0x0b1c  System memory - ok
00:24:41.0910 0x0b1c  ================ Scan services =============================
00:24:42.0161 0x0b1c  1394ohci - ok
00:24:42.0171 0x0b1c  3ware - ok
00:24:42.0218 0x0b1c  ACPI - ok
00:24:42.0229 0x0b1c  AcpiDev - ok
00:24:42.0235 0x0b1c  acpiex - ok
00:24:42.0242 0x0b1c  acpipagr - ok
00:24:42.0296 0x0b1c  AcpiPmi - ok
00:24:42.0305 0x0b1c  acpitime - ok
00:24:42.0433 0x0b1c  [ B3C96DC286A6566185660E0760488725, D1833862E214E07C081A765C3AC9788632E133A56C67A19D27B8E79999D18B0C ] AdaptiveSleepService C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
00:24:42.0437 0x0b1c  AdaptiveSleepService - ok
00:24:42.0673 0x0b1c  [ C92B0A0957ACAD3CEEF502A2CA10ACB8, 78BF46318B69D9479ECDC83446DD8D454AA2A9A9D94B33C5FC68933DB18AFA3B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:24:42.0676 0x0b1c  AdobeARMservice - ok
00:24:42.0890 0x0b1c  [ B79750091FC0842182FE49D263791294, 32FC260A74C9C45CD1E8998523642C285866378FCD9478FEFD15A0CC42EC0E0B ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:24:42.0898 0x0b1c  AdobeFlashPlayerUpdateSvc - ok
00:24:42.0945 0x0b1c  ADP80XX - ok
00:24:42.0977 0x0b1c  AFD - ok
00:24:42.0989 0x0b1c  ahcache - ok
00:24:43.0082 0x0b1c  AJRouter - ok
00:24:43.0096 0x0b1c  ALG - ok
00:24:43.0149 0x0b1c  [ 264B9AE7F91280A3A99560BE562CEEA8, 2FE338C2E9CA65C81DFE851873D7B2D3CB108E1F7CD4491FF6AA7874B0578528 ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
00:24:43.0158 0x0b1c  AMD External Events Utility - ok
00:24:43.0188 0x0b1c  AMD FUEL Service - ok
00:24:43.0197 0x0b1c  AmdK8 - ok
00:24:43.0271 0x0b1c  [ BE7D85AE39DF0C021366986F26CB2A84, DF3002EB08014AB423382AE8F51CE0A9D4D5AD691F187AB1A3EFD94D21C393F2 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
00:24:43.0273 0x0b1c  amdkmafd - ok
00:24:43.0392 0x0b1c  amdkmdag - ok
00:24:43.0431 0x0b1c  [ D63F23E361FB774EDA3A5179E19CB64F, 8A72DA4C295748BB469F7D94D563219464E928114E7028FD49C6896351C92FA3 ] amdkmdap        C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys
00:24:43.0446 0x0b1c  amdkmdap - ok
00:24:43.0486 0x0b1c  AmdPPM - ok
00:24:43.0496 0x0b1c  amdsata - ok
00:24:43.0506 0x0b1c  amdsbs - ok
00:24:43.0511 0x0b1c  amdxata - ok
00:24:43.0558 0x0b1c  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
00:24:43.0560 0x0b1c  AODDriver4.3 - ok
00:24:43.0608 0x0b1c  AppID - ok
00:24:43.0623 0x0b1c  AppIDSvc - ok
00:24:43.0638 0x0b1c  Appinfo - ok
00:24:43.0654 0x0b1c  applockerfltr - ok
00:24:43.0719 0x0b1c  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
00:24:43.0732 0x0b1c  AppReadiness - ok
00:24:43.0788 0x0b1c  AppXSvc - ok
00:24:43.0803 0x0b1c  arcsas - ok
00:24:43.0855 0x0b1c  [ 7E66DFE6B62C6C34FD6B09DB6169E9F6, BCE908BBF35FD9471018BFC9DCE357529F558693692FF51DA868024F7FD0E868 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
00:24:43.0857 0x0b1c  aswHwid - ok
00:24:43.0941 0x0b1c  [ AECE9E699CAC76DC993BB988652B5AD8, 76DB04A9CA1D2EED9EB50F9D23197B02E9D42D96BF1C239C9EE5FA9CCA36F85A ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
00:24:43.0947 0x0b1c  aswKbd - ok
00:24:44.0028 0x0b1c  [ 1459AAD5C6A66A458C2D57EE6E080FA5, 6A3D6EBCE1EDCFE307DF915CB0C3183668848BCEAA71EA58AB0F4F650F8EABDA ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
00:24:44.0032 0x0b1c  aswMonFlt - ok
00:24:44.0068 0x0b1c  [ B5479D1DB58E6080DD1E03F970C6D0F3, 664E6F1A218704EF79536F8F0589A4BDC2D832A90FC199F72F65B19FD130F9EB ] aswNetSec       C:\WINDOWS\system32\drivers\aswNetSec.sys
00:24:44.0083 0x0b1c  aswNetSec - ok
00:24:44.0113 0x0b1c  [ 0866D5FE02D614501B7B4AD5E1BC7B53, C34B4AF64DA9592EADC070C7A384070D564DCE3412337F671932A4818D8E12E8 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
00:24:44.0116 0x0b1c  aswRdr - ok
00:24:44.0138 0x0b1c  [ 0AA12ADF5F87B4A70BDBAED77F54B978, 2C33F656EC2E51493A40FF32A5C934E209CF1475A8B0F3573396E97F8A10A76A ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
00:24:44.0141 0x0b1c  aswRvrt - ok
00:24:44.0199 0x0b1c  [ 719B704109B933D819093CDDB156A7F1, 3FF75BFA8BBE5C4A817C8166BAD73B1E3C5609D6A1F0AE85B166E30DE61EB901 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
00:24:44.0229 0x0b1c  aswSnx - ok
00:24:44.0330 0x0b1c  [ 43F46E7D103F46EC345B1056BDD2A60B, 6F8D844F3EBFDC56A319758C88B2C87FBDE185E5B1E08F8627F29158F190DBFF ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
00:24:44.0342 0x0b1c  aswSP - ok
00:24:44.0373 0x0b1c  [ 219D0E2348629FAE4E6E3478C21B23D6, 3545F59A966F31CE949596629217FD4D7119162411073D4D811575620728AC68 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
00:24:44.0379 0x0b1c  aswStm - ok
00:24:44.0415 0x0b1c  [ 02B63BC5E16515F3E4582497D0ACFD15, 974BA62FA1C97F00DA4C3C2382983D94CD87496635DEDBF3CEE1B8EF7B452555 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
00:24:44.0424 0x0b1c  aswVmm - ok
00:24:44.0439 0x0b1c  AsyncMac - ok
00:24:44.0486 0x0b1c  atapi - ok
00:24:44.0619 0x0b1c  [ 1A09489C7A110E92C78ABAD69BD55B25, 47BE6D09C38CEE90E4855D34A97D52A0158A05207036BEFF2A24640A1EBD186F ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
00:24:44.0623 0x0b1c  AtiHDAudioService - ok
00:24:44.0717 0x0b1c  [ 59F44051BCD479E70446506B7E4E78BB, CB58E55196EC702DC85916F963A3C16D429C141391F9AA7F415BD63E7328C4C6 ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
00:24:44.0727 0x0b1c  AudioEndpointBuilder - ok
00:24:44.0763 0x0b1c  [ 1C986DC8F4FDA1B040AC1176FB24467F, DEDA2FF4D0369348C2A74D29FB08AC86219BBCFDF44C59339BC39A25AE0727EB ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
00:24:44.0790 0x0b1c  Audiosrv - ok
00:24:44.0884 0x0b1c  [ 501E11AE85EE28D305D228F5931AC76C, FB7052CFA143E5D431131EBB59D4EDAEEFCB56A017552E2395F1954F861613A0 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:24:44.0892 0x0b1c  avast! Antivirus - ok
00:24:44.0976 0x0b1c  [ 468BBF1D3E62BE7A3A2C7A947BFB425F, AC45B8F0DBF75D50387D7DB0EA2BA74B10B21005F1DBEE5950C0C2C507D4C2E7 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
00:24:44.0980 0x0b1c  avast! Firewall - ok
00:24:45.0024 0x0b1c  AxInstSV - ok
00:24:45.0041 0x0b1c  b06bdrv - ok
00:24:45.0057 0x0b1c  BasicDisplay - ok
00:24:45.0065 0x0b1c  BasicRender - ok
00:24:45.0081 0x0b1c  bcmfn - ok
00:24:45.0093 0x0b1c  bcmfn2 - ok
00:24:45.0113 0x0b1c  BDESVC - ok
00:24:45.0133 0x0b1c  Beep - ok
00:24:45.0150 0x0b1c  BFE - ok
00:24:45.0226 0x0b1c  BITS - ok
00:24:45.0301 0x0b1c  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:24:45.0313 0x0b1c  Bonjour Service - ok
00:24:45.0355 0x0b1c  bowser - ok
00:24:45.0361 0x0b1c  BrokerInfrastructure - ok
00:24:45.0383 0x0b1c  Browser - ok
00:24:45.0395 0x0b1c  BthAvrcpTg - ok
00:24:45.0414 0x0b1c  BthHFEnum - ok
00:24:45.0420 0x0b1c  bthhfhid - ok
00:24:45.0438 0x0b1c  BthHFSrv - ok
00:24:45.0462 0x0b1c  BTHMODEM - ok
00:24:45.0472 0x0b1c  bthserv - ok
00:24:45.0495 0x0b1c  buttonconverter - ok
00:24:45.0510 0x0b1c  CapImg - ok
00:24:45.0521 0x0b1c  cdfs - ok
00:24:45.0582 0x0b1c  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
00:24:45.0596 0x0b1c  CDPSvc - ok
00:24:45.0624 0x0b1c  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
00:24:45.0635 0x0b1c  CDPUserSvc - ok
00:24:45.0712 0x0b1c  cdrom - ok
00:24:45.0735 0x0b1c  CertPropSvc - ok
00:24:45.0761 0x0b1c  cht4iscsi - ok
00:24:45.0767 0x0b1c  cht4vbd - ok
00:24:45.0787 0x0b1c  circlass - ok
00:24:45.0800 0x0b1c  CLFS - ok
00:24:46.0092 0x0b1c  [ BDED70145D7F931CAD02BD531BEB38B7, 6B6355482F7FD44ECD958BBFDC9795C8F79A60EB5294349DCB0DBBECE607A5B6 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
00:24:46.0165 0x0b1c  ClickToRunSvc - ok
00:24:46.0219 0x0b1c  ClipSVC - ok
00:24:46.0234 0x0b1c  clreg - ok
00:24:46.0266 0x0b1c  CmBatt - ok
00:24:46.0284 0x0b1c  CNG - ok
00:24:46.0297 0x0b1c  cnghwassist - ok
00:24:46.0355 0x0b1c  [ 81F2B52C47B8AD32CC4FF967FC8D73DA, 13D84B4096E0F9AB9D04F6CD9E9C0DE4B6DF6F11D63C797266D719FD2429A655 ] CompFilter64    C:\WINDOWS\System32\drivers\lvbflt64.sys
00:24:46.0357 0x0b1c  CompFilter64 - ok
00:24:46.0392 0x0b1c  CompositeBus - ok
00:24:46.0406 0x0b1c  COMSysApp - ok
00:24:46.0416 0x0b1c  condrv - ok
00:24:46.0430 0x0b1c  CoreMessagingRegistrar - ok
00:24:46.0460 0x0b1c  CryptSvc - ok
00:24:46.0477 0x0b1c  dam - ok
00:24:46.0485 0x0b1c  dbx - ok
00:24:46.0544 0x0b1c  [ 62C2617E1927776851B108717166BBA4, 5ED905AD21D2BA4308561BDFD2868A15A1F2062DFE1D28689D4082700C85500A ] DbxSvc          C:\WINDOWS\system32\DbxSvc.exe
00:24:46.0548 0x0b1c  DbxSvc - ok
00:24:46.0592 0x0b1c  DcomLaunch - ok
00:24:46.0614 0x0b1c  DcpSvc - ok
00:24:46.0630 0x0b1c  defragsvc - ok
00:24:46.0643 0x0b1c  DeviceAssociationService - ok
00:24:46.0648 0x0b1c  DeviceInstall - ok
00:24:46.0671 0x0b1c  DevQueryBroker - ok
00:24:46.0681 0x0b1c  Dfsc - ok
00:24:46.0724 0x0b1c  [ 9593475FBC857A05D93BFF4FA7323C2B, D2A958AF5EFDC6136A6ABB7F8D5FE1F84C967E79BEA96C5BE3661A0145DEB907 ] dg_ssudbus      C:\WINDOWS\system32\DRIVERS\ssudbus.sys
00:24:46.0729 0x0b1c  dg_ssudbus - ok
00:24:46.0777 0x0b1c  Dhcp - ok
00:24:46.0863 0x0b1c  diagnosticshub.standardcollector.service - ok
00:24:46.0908 0x0b1c  DiagTrack - ok
00:24:46.0953 0x0b1c  disk - ok
00:24:47.0016 0x0b1c  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
00:24:47.0044 0x0b1c  DmEnrollmentSvc - ok
00:24:47.0064 0x0b1c  dmvsc - ok
00:24:47.0086 0x0b1c  dmwappushservice - ok
00:24:47.0132 0x0b1c  Dnscache - ok
00:24:47.0149 0x0b1c  dot3svc - ok
00:24:47.0156 0x0b1c  DPS - ok
00:24:47.0173 0x0b1c  drmkaud - ok
00:24:47.0190 0x0b1c  DsmSvc - ok
00:24:47.0203 0x0b1c  DsSvc - ok
00:24:47.0225 0x0b1c  DXGKrnl - ok
00:24:47.0234 0x0b1c  EapHost - ok
00:24:47.0252 0x0b1c  ebdrv - ok
00:24:47.0284 0x0b1c  EFS - ok
00:24:47.0296 0x0b1c  EhStorClass - ok
00:24:47.0325 0x0b1c  EhStorTcgDrv - ok
00:24:47.0342 0x0b1c  embeddedmode - ok
00:24:47.0400 0x0b1c  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
00:24:47.0412 0x0b1c  EntAppSvc - ok
00:24:47.0431 0x0b1c  ErrDev - ok
00:24:47.0489 0x0b1c  EventSystem - ok
00:24:47.0496 0x0b1c  exfat - ok
00:24:47.0523 0x0b1c  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
00:24:47.0533 0x0b1c  fastfat - ok
00:24:47.0576 0x0b1c  Fax - ok
00:24:47.0596 0x0b1c  fdc - ok
00:24:47.0602 0x0b1c  fdPHost - ok
00:24:47.0608 0x0b1c  FDResPub - ok
00:24:47.0622 0x0b1c  fhsvc - ok
00:24:47.0639 0x0b1c  FileCrypt - ok
00:24:47.0658 0x0b1c  FileInfo - ok
00:24:47.0668 0x0b1c  Filetrace - ok
00:24:47.0677 0x0b1c  flpydisk - ok
00:24:47.0683 0x0b1c  FltMgr - ok
00:24:47.0732 0x0b1c  FontCache - ok
00:24:47.0956 0x0b1c  FontCache3.0.0.0 - ok
00:24:48.0006 0x0b1c  FrameServer - ok
00:24:48.0012 0x0b1c  FsDepends - ok
00:24:48.0023 0x0b1c  Fs_Rec - ok
00:24:48.0132 0x0b1c  [ B99C240DEA85007044E178C1C9C75659, 3EBF269FDCBAC46F47CC0670D6932D62A134EC489CDE4E87A8ED5F392A98EC76 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
00:24:48.0137 0x0b1c  Futuremark SystemInfo Service - ok
00:24:48.0174 0x0b1c  fvevol - ok
00:24:48.0184 0x0b1c  gencounter - ok
00:24:48.0193 0x0b1c  genericusbfn - ok
00:24:48.0208 0x0b1c  GPIOClx0101 - ok
00:24:48.0214 0x0b1c  gpsvc - ok
00:24:48.0220 0x0b1c  GpuEnergyDrv - ok
00:24:48.0282 0x0b1c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:48.0285 0x0b1c  gupdate - ok
00:24:48.0296 0x0b1c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:48.0300 0x0b1c  gupdatem - ok
00:24:48.0380 0x0b1c  [ 9932E254656DF50C514B8AE61EF12CCC, 502C06A9FE869CF65508155ABCD29640D5A0097FBF199DF0D61D9193D98C978B ] hcmon           C:\WINDOWS\system32\drivers\hcmon.sys
00:24:48.0383 0x0b1c  hcmon - ok
00:24:48.0429 0x0b1c  HDAudBus - ok
00:24:48.0438 0x0b1c  HidBatt - ok
00:24:48.0451 0x0b1c  HidBth - ok
00:24:48.0461 0x0b1c  hidi2c - ok
00:24:48.0466 0x0b1c  hidinterrupt - ok
00:24:48.0472 0x0b1c  HidIr - ok
00:24:48.0511 0x0b1c  hidserv - ok
00:24:48.0567 0x0b1c  HidUsb - ok
00:24:48.0698 0x0b1c  [ F831BCCA5DF23A92AD0D2426D91113C9, 7FD6D37472FA1BE87D917127E6EDCDD0DAA807DB5AD6E4E2A675B7945D0963BD ] hmevpnsvc       C:\Program Files (x86)\hide.me VPN\vpnsvc.exe
00:24:48.0704 0x0b1c  hmevpnsvc - ok
00:24:48.0752 0x0b1c  HomeGroupListener - ok
00:24:48.0764 0x0b1c  HomeGroupProvider - ok
00:24:48.0775 0x0b1c  HpSAMD - ok
00:24:48.0786 0x0b1c  HTTP - ok
00:24:48.0806 0x0b1c  HvHost - ok
00:24:48.0817 0x0b1c  hvservice - ok
00:24:48.0825 0x0b1c  hwpolicy - ok
00:24:48.0832 0x0b1c  hyperkbd - ok
00:24:48.0872 0x0b1c  i8042prt - ok
00:24:48.0880 0x0b1c  iagpio - ok
00:24:48.0886 0x0b1c  iai2c - ok
00:24:48.0894 0x0b1c  iaLPSS2i_GPIO2 - ok
00:24:48.0904 0x0b1c  iaLPSS2i_I2C - ok
00:24:48.0910 0x0b1c  iaLPSSi_GPIO - ok
00:24:48.0918 0x0b1c  iaLPSSi_I2C - ok
00:24:48.0928 0x0b1c  iaStorAV - ok
00:24:48.0934 0x0b1c  iaStorV - ok
00:24:48.0940 0x0b1c  ibbus - ok
00:24:48.0979 0x0b1c  icssvc - ok
00:24:48.0992 0x0b1c  IKEEXT - ok
00:24:49.0013 0x0b1c  IndirectKmd - ok
00:24:49.0185 0x0b1c  [ 1E1E28EEFAB3F61F7159FB5AD3A269A8, 5AF31AFE6D258F1470A3A2D6C2DC10C1607298246D0F20757AF49DA74068A1B9 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
00:24:49.0305 0x0b1c  IntcAzAudAddService - ok
00:24:49.0362 0x0b1c  intelide - ok
00:24:49.0388 0x0b1c  intelpep - ok
00:24:49.0397 0x0b1c  intelppm - ok
00:24:49.0406 0x0b1c  iorate - ok
00:24:49.0411 0x0b1c  IpFilterDriver - ok
00:24:49.0456 0x0b1c  iphlpsvc - ok
00:24:49.0504 0x0b1c  IPMIDRV - ok
00:24:49.0516 0x0b1c  IPNAT - ok
00:24:49.0531 0x0b1c  irda - ok
00:24:49.0545 0x0b1c  IRENUM - ok
00:24:49.0562 0x0b1c  irmon - ok
00:24:49.0570 0x0b1c  isapnp - ok
00:24:49.0600 0x0b1c  iScsiPrt - ok
00:24:49.0640 0x0b1c  kbdclass - ok
00:24:49.0682 0x0b1c  kbdhid - ok
00:24:49.0704 0x0b1c  kdnic - ok
00:24:49.0720 0x0b1c  KeyIso - ok
00:24:49.0742 0x0b1c  KSecDD - ok
00:24:49.0765 0x0b1c  KSecPkg - ok
00:24:49.0790 0x0b1c  ksthunk - ok
00:24:49.0797 0x0b1c  KtmRm - ok
00:24:49.0860 0x0b1c  LanmanServer - ok
00:24:49.0911 0x0b1c  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
00:24:49.0934 0x0b1c  LanmanWorkstation - ok
00:24:49.0952 0x0b1c  lfsvc - ok
00:24:50.0005 0x0b1c  LicenseManager - ok
00:24:50.0016 0x0b1c  lltdio - ok
00:24:50.0032 0x0b1c  lltdsvc - ok
00:24:50.0046 0x0b1c  lmhosts - ok
00:24:50.0080 0x0b1c  LSI_SAS - ok
00:24:50.0088 0x0b1c  LSI_SAS2i - ok
00:24:50.0106 0x0b1c  LSI_SAS3i - ok
00:24:50.0115 0x0b1c  LSI_SSS - ok
00:24:50.0186 0x0b1c  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\WINDOWS\System32\lsm.dll
00:24:50.0211 0x0b1c  LSM - ok
00:24:50.0219 0x0b1c  luafv - ok
00:24:50.0313 0x0b1c  [ A0A527569856B9814E8920F52EBB67F5, 4347277C84B47E4CC048850BDEFB258CFB3B476AA99FD503FD71FBB70FFF5ACF ] lvrs64          C:\WINDOWS\system32\DRIVERS\lvrs64.sys
00:24:50.0323 0x0b1c  lvrs64 - ok
00:24:50.0530 0x0b1c  [ 415E344294D1C0D04627B29146F68481, B4A1A05BDF07E8F226A98E51F62BE18BE2C046A084C495BD8A95CABC79FD0614 ] LVUVC64         C:\WINDOWS\system32\DRIVERS\lvuvc64.sys
00:24:50.0662 0x0b1c  LVUVC64 - ok
00:24:50.0752 0x0b1c  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\WINDOWS\System32\moshost.dll
00:24:50.0762 0x0b1c  MapsBroker - ok
00:24:50.0792 0x0b1c  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
00:24:50.0794 0x0b1c  MBAMProtector - ok
00:24:50.0900 0x0b1c  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
00:24:50.0931 0x0b1c  MBAMService - ok
00:24:51.0027 0x0b1c  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
00:24:51.0034 0x0b1c  MBAMSwissArmy - ok
00:24:51.0067 0x0b1c  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
00:24:51.0071 0x0b1c  MBAMWebAccessControl - ok
00:24:51.0363 0x0b1c  [ E57DAE18F312A1F6285CEA936FE29C25, 881938A6DD5B4B2E9746326337D2C7D21BB205B7D299569A63EE1DDF805EC37C ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe
00:24:51.0508 0x0b1c  MediaMall Server - ok
00:24:51.0555 0x0b1c  megasas - ok
00:24:51.0603 0x0b1c  megasas2i - ok
00:24:51.0621 0x0b1c  megasr - ok
00:24:51.0673 0x0b1c  MessagingService - ok
00:24:51.0802 0x0b1c  [ 5EED5CAA1BF6B4F2D345BB0F1827D266, 8E684E1023864DFDEEBF7A5B2E31179062D38CE142A4BFF8A321F6DA993001C4 ] MlPatch         C:\WINDOWS\system32\MlPatch.exe
00:24:51.0868 0x0b1c  MlPatch - ok
00:24:51.0922 0x0b1c  mlx4_bus - ok
00:24:51.0933 0x0b1c  MMCSS - ok
00:24:51.0990 0x0b1c  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\WINDOWS\system32\drivers\modem.sys
00:24:51.0993 0x0b1c  Modem - ok
00:24:52.0000 0x0b1c  monitor - ok
00:24:52.0014 0x0b1c  mouclass - ok
00:24:52.0024 0x0b1c  mouhid - ok
00:24:52.0029 0x0b1c  mountmgr - ok
00:24:52.0120 0x0b1c  [ 86320BA9D6A972C79D467931518B165A, 4D7ABD7E5637B9AF98D7F3D4C4DAE595C27C8FEEBAAFF9E6443271C41598FCE1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:24:52.0125 0x0b1c  MozillaMaintenance - ok
00:24:52.0137 0x0b1c  mpsdrv - ok
00:24:52.0180 0x0b1c  MpsSvc - ok
00:24:52.0195 0x0b1c  MRxDAV - ok
00:24:52.0205 0x0b1c  mrxsmb - ok
00:24:52.0265 0x0b1c  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
00:24:52.0273 0x0b1c  mrxsmb10 - ok
00:24:52.0310 0x0b1c  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
00:24:52.0317 0x0b1c  mrxsmb20 - ok
00:24:52.0358 0x0b1c  MsBridge - ok
00:24:52.0370 0x0b1c  MSDTC - ok
00:24:52.0384 0x0b1c  Msfs - ok
00:24:52.0397 0x0b1c  msgpiowin32 - ok
00:24:52.0414 0x0b1c  mshidkmdf - ok
00:24:52.0420 0x0b1c  mshidumdf - ok
00:24:52.0427 0x0b1c  msisadrv - ok
00:24:52.0444 0x0b1c  MSiSCSI - ok
00:24:52.0451 0x0b1c  msiserver - ok
00:24:52.0459 0x0b1c  MSKSSRV - ok
00:24:52.0467 0x0b1c  MsLldp - ok
00:24:52.0473 0x0b1c  MSPCLOCK - ok
00:24:52.0492 0x0b1c  MSPQM - ok
00:24:52.0500 0x0b1c  MsRPC - ok
00:24:52.0511 0x0b1c  mssmbios - ok
00:24:52.0518 0x0b1c  MSTEE - ok
00:24:52.0634 0x0b1c  [ C83829C280F0207677B7AAA151EF9C4D, 3CD9E5C42391DCD6D7AC99C1100237BD54A57F1F5511811D6382D6EFB97D444E ] msvad_simple    C:\WINDOWS\system32\drivers\povrtdev.sys
00:24:52.0637 0x0b1c  msvad_simple - ok
00:24:52.0649 0x0b1c  MTConfig - ok
00:24:52.0656 0x0b1c  Mup - ok
00:24:52.0671 0x0b1c  mvumis - ok
00:24:52.0729 0x0b1c  NativeWifiP - ok
00:24:52.0740 0x0b1c  NcaSvc - ok
00:24:52.0771 0x0b1c  NcbService - ok
00:24:52.0783 0x0b1c  NcdAutoSetup - ok
00:24:52.0798 0x0b1c  ndfltr - ok
00:24:52.0820 0x0b1c  NDIS - ok
00:24:52.0827 0x0b1c  NdisCap - ok
00:24:52.0906 0x0b1c  NdisImPlatform - ok
00:24:52.0922 0x0b1c  NdisTapi - ok
00:24:52.0937 0x0b1c  Ndisuio - ok
00:24:52.0949 0x0b1c  NdisVirtualBus - ok
00:24:52.0961 0x0b1c  NdisWan - ok
00:24:52.0968 0x0b1c  ndiswanlegacy - ok
00:24:52.0983 0x0b1c  ndproxy - ok
00:24:52.0989 0x0b1c  Ndu - ok
00:24:53.0001 0x0b1c  NetAdapterCx - ok
00:24:53.0018 0x0b1c  NetBIOS - ok
00:24:53.0035 0x0b1c  NetBT - ok
00:24:53.0046 0x0b1c  Netlogon - ok
00:24:53.0082 0x0b1c  Netman - ok
00:24:53.0090 0x0b1c  netprofm - ok
00:24:53.0134 0x0b1c  NetSetupSvc - ok
00:24:53.0187 0x0b1c  NetTcpPortSharing - ok
00:24:53.0222 0x0b1c  NgcCtnrSvc - ok
00:24:53.0237 0x0b1c  NgcSvc - ok
00:24:53.0259 0x0b1c  NlaSvc - ok
00:24:53.0275 0x0b1c  Npfs - ok
00:24:53.0284 0x0b1c  npsvctrig - ok
00:24:53.0295 0x0b1c  nsi - ok
00:24:53.0309 0x0b1c  nsiproxy - ok
00:24:53.0331 0x0b1c  NTFS - ok
00:24:53.0345 0x0b1c  Null - ok
00:24:53.0360 0x0b1c  nvraid - ok
00:24:53.0371 0x0b1c  nvstor - ok
00:24:53.0394 0x0b1c  OneSyncSvc - ok
00:24:53.0504 0x0b1c  [ D1AF4C86F851F9A345A400FD3B9D673A, BCC7B3AF92A2AB09CC52FB10107E209C02AC078E5F0197AEC40D7AE56F3A7CA0 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:24:53.0513 0x0b1c  ose64 - ok
00:24:53.0562 0x0b1c  p2pimsvc - ok
00:24:53.0571 0x0b1c  p2psvc - ok
00:24:53.0615 0x0b1c  Parport - ok
00:24:53.0707 0x0b1c  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
00:24:53.0712 0x0b1c  partmgr - ok
00:24:53.0791 0x0b1c  PcaSvc - ok
00:24:53.0884 0x0b1c  [ E2DD2E5BDCCD225670831B439826065B, 0153F1CE26D402C03CFC155F428EBA04D6EA8E19A28AF629B1CE347363B7697C ] pci             C:\WINDOWS\system32\drivers\pci.sys
00:24:53.0895 0x0b1c  pci - ok
00:24:53.0963 0x0b1c  pciide - ok
00:24:53.0980 0x0b1c  pcmcia - ok
00:24:53.0988 0x0b1c  pcw - ok
00:24:54.0018 0x0b1c  pdc - ok
00:24:54.0042 0x0b1c  PEAUTH - ok
00:24:54.0058 0x0b1c  percsas2i - ok
00:24:54.0072 0x0b1c  percsas3i - ok
00:24:54.0163 0x0b1c  PerfHost - ok
00:24:54.0185 0x0b1c  PhoneSvc - ok
00:24:54.0203 0x0b1c  PimIndexMaintenanceSvc - ok
00:24:54.0228 0x0b1c  pla - ok
00:24:54.0365 0x0b1c  [ 04325377B3D504927184CBAABF9D47FA, CA291106A21CF57408C33588AB9572048B7FF31FE3C2644E1C927303F5527569 ] PlaysService    C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
00:24:54.0367 0x0b1c  PlaysService - ok
00:24:54.0402 0x0b1c  PlugPlay - ok
00:24:54.0409 0x0b1c  PNRPAutoReg - ok
00:24:54.0421 0x0b1c  PNRPsvc - ok
00:24:54.0435 0x0b1c  PolicyAgent - ok
00:24:54.0453 0x0b1c  Power - ok
00:24:54.0475 0x0b1c  PptpMiniport - ok
00:24:54.0686 0x0b1c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
00:24:54.0776 0x0b1c  PrintNotify - ok
00:24:54.0822 0x0b1c  Processor - ok
00:24:54.0840 0x0b1c  ProfSvc - ok
00:24:54.0847 0x0b1c  Psched - ok
00:24:54.0865 0x0b1c  QWAVE - ok
00:24:54.0883 0x0b1c  QWAVEdrv - ok
00:24:54.0909 0x0b1c  RasAcd - ok
00:24:54.0922 0x0b1c  RasAgileVpn - ok
00:24:54.0933 0x0b1c  RasAuto - ok
00:24:54.0943 0x0b1c  Rasl2tp - ok
00:24:55.0011 0x0b1c  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\WINDOWS\System32\rasmans.dll
00:24:55.0040 0x0b1c  RasMan - ok
00:24:55.0048 0x0b1c  RasPppoe - ok
00:24:55.0057 0x0b1c  RasSstp - ok
00:24:55.0079 0x0b1c  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:24:55.0092 0x0b1c  rdbss - ok
00:24:55.0138 0x0b1c  rdpbus - ok
00:24:55.0147 0x0b1c  RDPDR - ok
00:24:55.0230 0x0b1c  RdpVideoMiniport - ok
00:24:55.0242 0x0b1c  rdyboost - ok
00:24:55.0259 0x0b1c  ReFSv1 - ok
00:24:55.0325 0x0b1c  RemoteAccess - ok
00:24:55.0341 0x0b1c  RemoteRegistry - ok
00:24:55.0412 0x0b1c  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
00:24:55.0441 0x0b1c  RetailDemo - ok
00:24:55.0482 0x0b1c  RmSvc - ok
00:24:55.0500 0x0b1c  RpcEptMapper - ok
00:24:55.0518 0x0b1c  RpcLocator - ok
00:24:55.0533 0x0b1c  RpcSs - ok
00:24:55.0546 0x0b1c  rspndr - ok
00:24:55.0566 0x0b1c  rt640x64 - ok
00:24:55.0590 0x0b1c  RtlWlanu_OldIC - ok
00:24:55.0603 0x0b1c  s3cap - ok
00:24:55.0626 0x0b1c  SamSs - ok
00:24:55.0648 0x0b1c  sbp2port - ok
00:24:55.0667 0x0b1c  SCardSvr - ok
00:24:55.0684 0x0b1c  ScDeviceEnum - ok
00:24:55.0690 0x0b1c  scfilter - ok
00:24:55.0700 0x0b1c  Schedule - ok
00:24:55.0711 0x0b1c  scmbus - ok
00:24:55.0725 0x0b1c  scmdisk0101 - ok
00:24:55.0743 0x0b1c  SCPolicySvc - ok
00:24:55.0758 0x0b1c  sdbus - ok
00:24:55.0766 0x0b1c  SDRSVC - ok
00:24:55.0777 0x0b1c  sdstor - ok
00:24:55.0790 0x0b1c  seclogon - ok
00:24:55.0812 0x0b1c  SENS - ok
00:24:55.0821 0x0b1c  SensorDataService - ok
00:24:55.0837 0x0b1c  SensorService - ok
00:24:55.0848 0x0b1c  SensrSvc - ok
00:24:55.0855 0x0b1c  SerCx - ok
00:24:55.0863 0x0b1c  SerCx2 - ok
00:24:55.0879 0x0b1c  Serenum - ok
00:24:55.0886 0x0b1c  Serial - ok
00:24:55.0892 0x0b1c  sermouse - ok
00:24:55.0912 0x0b1c  SessionEnv - ok
00:24:55.0924 0x0b1c  sfloppy - ok
00:24:56.0045 0x0b1c  SharedAccess - ok
00:24:56.0094 0x0b1c  ShellHWDetection - ok
00:24:56.0114 0x0b1c  shpamsvc - ok
00:24:56.0126 0x0b1c  SiSRaid2 - ok
00:24:56.0139 0x0b1c  SiSRaid4 - ok
00:24:56.0267 0x0b1c  [ F3AAB7DF6408431C762D8721B68F46E4, 56ED764AA660955B8B06322703D086B3A52106625A83CCAF195B08BCBDEDA88F ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:24:56.0275 0x0b1c  SkypeUpdate - ok
00:24:56.0329 0x0b1c  smphost - ok
00:24:56.0374 0x0b1c  SmsRouter - ok
00:24:56.0431 0x0b1c  SNMPTRAP - ok
00:24:56.0511 0x0b1c  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
00:24:56.0529 0x0b1c  spaceport - ok
00:24:56.0568 0x0b1c  SpbCx - ok
00:24:56.0584 0x0b1c  Spooler - ok
00:24:56.0639 0x0b1c  sppsvc - ok
00:24:56.0677 0x0b1c  srv - ok
00:24:56.0748 0x0b1c  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
00:24:56.0769 0x0b1c  srv2 - ok
00:24:56.0813 0x0b1c  srvnet - ok
00:24:56.0829 0x0b1c  SSDPSRV - ok
00:24:56.0843 0x0b1c  SstpSvc - ok
00:24:56.0892 0x0b1c  [ 592FF34A2FD6C6351B8A3AA76B2C0A9E, 152B7472DE531AC45492F562DD470B2CE33F1EEF13BC78F26046AE5ABF54E32F ] ssudmdm         C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
00:24:56.0898 0x0b1c  ssudmdm - ok
00:24:57.0109 0x0b1c  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
00:24:57.0231 0x0b1c  StateRepository - ok
00:24:57.0289 0x0b1c  stexstor - ok
00:24:57.0343 0x0b1c  [ B11724BFE7DA1BA55903B4D849415F1A, ED09B6AD68C87FED34FC66CB6C7A74DFC3AF524E3BE89EDD18A5B6685F656ACA ] StillCam        C:\WINDOWS\system32\DRIVERS\serscan.sys
00:24:57.0346 0x0b1c  StillCam - ok
00:24:57.0401 0x0b1c  stisvc - ok
00:24:57.0415 0x0b1c  storahci - ok
00:24:57.0422 0x0b1c  storflt - ok
00:24:57.0461 0x0b1c  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
00:24:57.0465 0x0b1c  stornvme - ok
00:24:57.0472 0x0b1c  storqosflt - ok
00:24:57.0560 0x0b1c  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
00:24:57.0586 0x0b1c  StorSvc - ok
00:24:57.0602 0x0b1c  storufs - ok
00:24:57.0608 0x0b1c  storvsc - ok
00:24:57.0652 0x0b1c  svsvc - ok
00:24:57.0664 0x0b1c  swenum - ok
00:24:57.0674 0x0b1c  swprv - ok
00:24:57.0698 0x0b1c  Synth3dVsc - ok
00:24:57.0722 0x0b1c  SysMain - ok
00:24:57.0749 0x0b1c  SystemEventsBroker - ok
00:24:57.0763 0x0b1c  TabletInputService - ok
00:24:57.0770 0x0b1c  TapiSrv - ok
00:24:57.0785 0x0b1c  Tcpip - ok
00:24:57.0804 0x0b1c  Tcpip6 - ok
00:24:57.0824 0x0b1c  tcpipreg - ok
00:24:57.0845 0x0b1c  tdx - ok
00:24:58.0344 0x0b1c  [ 553DF8F873F595C870C17D47EEDD8188, FAF966BFDC83FD3EAFBE943B59FCA2C6AB439B520D33E69FCF3F86215471B450 ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
00:24:58.0569 0x0b1c  TeamViewer - ok
00:24:58.0917 0x0b1c  [ 439BD966130226F464DC15F55ABD266E, 1AA73CC09CA7A01BE6052919CDD19714EDAB69898316953974F6D8BEF3EB1E4D ] TechSmith Uploader Service C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
00:24:59.0006 0x0b1c  TechSmith Uploader Service - ok
00:24:59.0033 0x0b1c  terminpt - ok
00:24:59.0053 0x0b1c  TermService - ok
00:24:59.0063 0x0b1c  Themes - ok
00:24:59.0089 0x0b1c  TieringEngineService - ok
00:24:59.0103 0x0b1c  tiledatamodelsvc - ok
00:24:59.0111 0x0b1c  TimeBrokerSvc - ok
00:24:59.0179 0x0b1c  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
00:24:59.0187 0x0b1c  TPM - ok
00:24:59.0195 0x0b1c  TrkWks - ok
00:24:59.0343 0x0b1c  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
00:24:59.0346 0x0b1c  TrustedInstaller - ok
00:24:59.0360 0x0b1c  tsusbflt - ok
00:24:59.0406 0x0b1c  TsUsbGD - ok
00:24:59.0417 0x0b1c  tunnel - ok
00:24:59.0435 0x0b1c  tzautoupdate - ok
00:24:59.0448 0x0b1c  UASPStor - ok
00:24:59.0460 0x0b1c  UcmCx0101 - ok
00:24:59.0473 0x0b1c  UcmTcpciCx0101 - ok
00:24:59.0480 0x0b1c  UcmUcsi - ok
00:24:59.0487 0x0b1c  Ucx01000 - ok
00:24:59.0498 0x0b1c  UdeCx - ok
00:24:59.0507 0x0b1c  udfs - ok
00:24:59.0513 0x0b1c  UEFI - ok
00:24:59.0520 0x0b1c  Ufx01000 - ok
00:24:59.0533 0x0b1c  UfxChipidea - ok
00:24:59.0555 0x0b1c  ufxsynopsys - ok
00:24:59.0589 0x0b1c  UI0Detect - ok
00:24:59.0597 0x0b1c  umbus - ok
00:24:59.0610 0x0b1c  UmPass - ok
00:24:59.0638 0x0b1c  UmRdpService - ok
00:24:59.0645 0x0b1c  UnistoreSvc - ok
00:24:59.0666 0x0b1c  upnphost - ok
00:24:59.0683 0x0b1c  UrsChipidea - ok
00:24:59.0699 0x0b1c  UrsCx01000 - ok
00:24:59.0717 0x0b1c  UrsSynopsys - ok
00:24:59.0736 0x0b1c  usbaudio - ok
00:24:59.0748 0x0b1c  usbccgp - ok
00:24:59.0762 0x0b1c  usbcir - ok
00:24:59.0769 0x0b1c  usbehci - ok
00:24:59.0787 0x0b1c  usbhub - ok
00:24:59.0795 0x0b1c  USBHUB3 - ok
00:24:59.0819 0x0b1c  usbohci - ok
00:24:59.0838 0x0b1c  usbprint - ok
00:24:59.0852 0x0b1c  usbser - ok
00:24:59.0859 0x0b1c  USBSTOR - ok
00:24:59.0879 0x0b1c  usbuhci - ok
00:24:59.0892 0x0b1c  USBXHCI - ok
00:24:59.0904 0x0b1c  UserDataSvc - ok
00:24:59.0931 0x0b1c  UserManager - ok
00:24:59.0953 0x0b1c  UsoSvc - ok
00:24:59.0959 0x0b1c  VaultSvc - ok
00:24:59.0983 0x0b1c  vdrvroot - ok
00:25:00.0001 0x0b1c  vds - ok
00:25:00.0011 0x0b1c  VerifierExt - ok
00:25:00.0035 0x0b1c  vhdmp - ok
00:25:00.0059 0x0b1c  vhf - ok
00:25:00.0174 0x0b1c  [ BD00A8CFB76E6BB0E89DB191E3712528, 870664951D908772454E30042E2CD464722DF7331AFAC016B0884EC375FEA5C3 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
00:25:00.0177 0x0b1c  VMAuthdService - ok
00:25:00.0215 0x0b1c  vmbus - ok
00:25:00.0226 0x0b1c  VMBusHID - ok
00:25:00.0272 0x0b1c  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\WINDOWS\system32\drivers\vmci.sys
00:25:00.0277 0x0b1c  vmci - ok
00:25:00.0317 0x0b1c  vmgid - ok
00:25:00.0329 0x0b1c  vmicguestinterface - ok
00:25:00.0340 0x0b1c  vmicheartbeat - ok
00:25:00.0349 0x0b1c  vmickvpexchange - ok
00:25:00.0374 0x0b1c  vmicrdv - ok
00:25:00.0384 0x0b1c  vmicshutdown - ok
00:25:00.0397 0x0b1c  vmictimesync - ok
00:25:00.0410 0x0b1c  vmicvmsession - ok
00:25:00.0418 0x0b1c  vmicvss - ok
00:25:00.0470 0x0b1c  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
00:25:00.0473 0x0b1c  VMnetAdapter - ok
00:25:00.0552 0x0b1c  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge     C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
00:25:00.0556 0x0b1c  VMnetBridge - ok
00:25:00.0658 0x0b1c  [ 338CD01BD29805A93902B9237A39CAC5, AB667D0BD54FFCAA997F97755CE576E47D361EEA21E45B95DEA1E912693B4CE2 ] VMnetDHCP       C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
00:25:01.0635 0x0b1c  VMnetDHCP - ok
00:25:01.0722 0x0b1c  [ 76C4CFAC694A581EA5C8DE89B6AEBD4B, B6D19529223BD20AA2A17D93A8F0D2D32369FDE4E8535F6D1191B065B0755EE4 ] VMnetuserif     C:\WINDOWS\system32\drivers\vmnetuserif.sys
00:25:01.0726 0x0b1c  VMnetuserif - ok
00:25:01.0803 0x0b1c  [ 10E2D1F255E7BC086F643D9A34DA1E5B, 29EC2A16F38C1EB10F6C141DE24B28C91C55ED39FFF66F40F9C13F43D3D15E51 ] VMparport       C:\WINDOWS\system32\drivers\VMparport.sys
00:25:01.0806 0x0b1c  VMparport - ok
00:25:01.0974 0x0b1c  [ 9D88591D3B97D30234F5B965B8E0ABD6, 42ECDD6D789645242E4640F10C1FB91BF0C2B37CDE3CF864B8175EE3E05DB2DB ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
00:25:01.0997 0x0b1c  VMUSBArbService - ok
00:25:02.0041 0x0b1c  [ 2B2BB1F8BFEBE6B847FDB32F89EA2A3E, 743EBF3EF12067A77454B04559E266EFB306A454AF765A0821193C646A952F2E ] VMware NAT Service C:\WINDOWS\SYSWOW64\VMNAT.EXE
00:25:02.0063 0x0b1c  VMware NAT Service - ok
00:25:02.0111 0x0b1c  [ F6B89D7078138FE6E9C00CF311FFE517, 701A33BB32A0289B2878268A27A5F4D36167C126601D51DC6EEE1C109E990868 ] vmx86           C:\WINDOWS\system32\drivers\vmx86.sys
00:25:02.0115 0x0b1c  vmx86 - ok
00:25:02.0139 0x0b1c  volmgr - ok
00:25:02.0146 0x0b1c  volmgrx - ok
00:25:02.0160 0x0b1c  volsnap - ok
00:25:02.0169 0x0b1c  volume - ok
00:25:02.0242 0x0b1c  vpci - ok
00:25:02.0249 0x0b1c  vsmraid - ok
00:25:02.0301 0x0b1c  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock           C:\WINDOWS\system32\drivers\vsock.sys
00:25:02.0305 0x0b1c  vsock - ok
00:25:02.0351 0x0b1c  VSS - ok
00:25:02.0360 0x0b1c  VSTXRAID - ok
00:25:02.0442 0x0b1c  vwifibus - ok
00:25:02.0453 0x0b1c  vwififlt - ok
00:25:02.0465 0x0b1c  vwifimp - ok
00:25:02.0485 0x0b1c  W32Time - ok
00:25:02.0495 0x0b1c  WacomPen - ok
00:25:02.0517 0x0b1c  WalletService - ok
00:25:02.0533 0x0b1c  wanarp - ok
00:25:02.0547 0x0b1c  wanarpv6 - ok
00:25:02.0562 0x0b1c  wbengine - ok
00:25:02.0617 0x0b1c  WbioSrvc - ok
00:25:02.0624 0x0b1c  wcifs - ok
00:25:02.0639 0x0b1c  Wcmsvc - ok
00:25:02.0655 0x0b1c  wcncsvc - ok
00:25:02.0671 0x0b1c  wcnfs - ok
00:25:02.0681 0x0b1c  WdBoot - ok
00:25:02.0753 0x0b1c  [ A556768CC1FA4F36022BEE2F0EDE2566, 3A4BC9DE614F43CD94FA354A565C66B2E1E36C0608D84C6288010B97B9D811AA ] WDC_SAM         C:\WINDOWS\System32\drivers\wdcsam64.sys
00:25:02.0756 0x0b1c  WDC_SAM - ok
00:25:02.0793 0x0b1c  Wdf01000 - ok
00:25:02.0810 0x0b1c  WdFilter - ok
00:25:02.0822 0x0b1c  WdiServiceHost - ok
00:25:02.0829 0x0b1c  WdiSystemHost - ok
00:25:02.0845 0x0b1c  wdiwifi - ok
00:25:02.0857 0x0b1c  WdNisDrv - ok
00:25:02.0909 0x0b1c  WdNisSvc - ok
00:25:02.0920 0x0b1c  WebClient - ok
00:25:02.0933 0x0b1c  Wecsvc - ok
00:25:02.0941 0x0b1c  WEPHOSTSVC - ok
00:25:02.0963 0x0b1c  wercplsupport - ok
00:25:02.0975 0x0b1c  WerSvc - ok
00:25:02.0982 0x0b1c  WFPLWFS - ok
00:25:02.0996 0x0b1c  WiaRpc - ok
00:25:03.0008 0x0b1c  WIMMount - ok
00:25:03.0014 0x0b1c  WinDefend - ok
00:25:03.0048 0x0b1c  WindowsTrustedRT - ok
00:25:03.0072 0x0b1c  WindowsTrustedRTProxy - ok
00:25:03.0121 0x0b1c  WinHttpAutoProxySvc - ok
00:25:03.0140 0x0b1c  WinMad - ok
00:25:03.0228 0x0b1c  Winmgmt - ok
00:25:03.0350 0x0b1c  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
00:25:03.0445 0x0b1c  WinRM - ok
00:25:03.0506 0x0b1c  WINUSB - ok
00:25:03.0518 0x0b1c  WinVerbs - ok
00:25:03.0537 0x0b1c  wisvc - ok
00:25:03.0550 0x0b1c  WlanSvc - ok
00:25:03.0661 0x0b1c  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
00:25:03.0734 0x0b1c  wlidsvc - ok
00:25:03.0832 0x0b1c  [ 031264F524BD831EEBF82D9FBF673F20, 89A1EEC5740CD030FB7D006B1317BB50A1E571392317B4FAEAD90E59805B6520 ] WLRAWMp50x64    C:\WINDOWS\system32\Drivers\WLRAWMp50x64.sys
00:25:03.0836 0x0b1c  WLRAWMp50x64 - ok
00:25:03.0856 0x0b1c  [ 8BF58BAE3D06E7E293468AA3EA8898C3, 56F13D86FF1693DE8059F561E6ED1BDA669CA85E9B513DD6B7248E6009C1DFF6 ] WLRAWSp50x64    C:\WINDOWS\system32\Drivers\WLRAWSp50x64.sys
00:25:03.0860 0x0b1c  WLRAWSp50x64 - ok
00:25:03.0906 0x0b1c  WmiAcpi - ok
00:25:03.0926 0x0b1c  wmiApSrv - ok
00:25:03.0977 0x0b1c  WMPNetworkSvc - ok
00:25:03.0993 0x0b1c  Wof - ok
00:25:04.0045 0x0b1c  workfolderssvc - ok
00:25:04.0061 0x0b1c  WPDBusEnum - ok
00:25:04.0090 0x0b1c  WpdUpFltr - ok
00:25:04.0109 0x0b1c  WpnService - ok
00:25:04.0125 0x0b1c  WpnUserService - ok
00:25:04.0160 0x0b1c  ws2ifsl - ok
00:25:04.0425 0x0b1c  [ 69671F82C17650612B68519ADA192F65, 282A0B8E5455DEEAE8AFED270A438F67463324C1B2A11369A7D3B0D47987EE53 ] WsAppService    C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
00:25:04.0436 0x0b1c  WsAppService - ok
00:25:04.0537 0x0b1c  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
00:25:04.0561 0x0b1c  wscsvc - ok
00:25:04.0576 0x0b1c  WSDPrintDevice - ok
00:25:04.0672 0x0b1c  [ F78547DB49396DF8A09C2013CE99B4C5, 82AA91D220527FC90B21E108251DF7422CFC53EDFD8F86E4BE37080971E2C18E ] WsDrvInst       C:\Program Files (x86)\Wondershare\MirrorGo\DriverInstall.exe
00:25:04.0676 0x0b1c  WsDrvInst - ok
00:25:04.0718 0x0b1c  WSDScan - ok
00:25:04.0733 0x0b1c  WSearch - ok
00:25:04.0853 0x0b1c  [ 5163F5BABAE1FF8CCC0AFD60B6EDD20A, E4F3FC2D7E9995DD34D6DD392D33B51649077985ECA0BF2AF0552D72DC3DF08E ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
00:25:04.0932 0x0b1c  wuauserv - ok
00:25:04.0953 0x0b1c  WudfPf - ok
00:25:04.0970 0x0b1c  WUDFRd - ok
00:25:05.0013 0x0b1c  wudfsvc - ok
00:25:05.0022 0x0b1c  WUDFWpdFs - ok
00:25:05.0038 0x0b1c  WUDFWpdMtp - ok
00:25:05.0051 0x0b1c  WwanSvc - ok
00:25:05.0080 0x0b1c  XblAuthManager - ok
00:25:05.0126 0x0b1c  XblGameSave - ok
00:25:05.0217 0x0b1c  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
00:25:05.0226 0x0b1c  xboxgip - ok
00:25:05.0243 0x0b1c  XboxNetApiSvc - ok
00:25:05.0300 0x0b1c  xinputhid - ok
00:25:05.0307 0x0b1c  ================ Scan global ===============================
00:25:05.0464 0x0b1c  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
00:25:05.0487 0x0b1c  [ Global ] - ok
00:25:05.0488 0x0b1c  ================ Scan MBR ==================================
00:25:05.0504 0x0b1c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:25:05.0696 0x0b1c  \Device\Harddisk0\DR0 - ok
00:25:05.0698 0x0b1c  ================ Scan VBR ==================================
00:25:05.0703 0x0b1c  [ 96720F75C2138020C5F4EC2B6CC82476 ] \Device\Harddisk0\DR0\Partition1
00:25:05.0705 0x0b1c  \Device\Harddisk0\DR0\Partition1 - ok
00:25:05.0725 0x0b1c  [ D05FE019E888966469C00A635057AF0E ] \Device\Harddisk0\DR0\Partition2
00:25:05.0727 0x0b1c  \Device\Harddisk0\DR0\Partition2 - ok
00:25:05.0729 0x0b1c  ================ Scan generic autorun ======================
00:25:06.0165 0x0b1c  [ F1BC7545F3AF1D8A165BCFB8F7F8F8DA, A409370179BE4088E381F473B744FBDEF1CB8B1D27E9E0D93B663D16E3143DCB ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
00:25:06.0374 0x0b1c  RTHDVCPL - ok
00:25:06.0614 0x0b1c  [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
00:25:06.0630 0x0b1c  AdobeAAMUpdater-1.0 - ok
00:25:06.0678 0x0b1c  [ 90570CBF6A72D254A516C518C90A7FFF, 174CF7FB3A5DA91B9A482E35C8EFB8C51DA27A46B029AF33BDC9196AE0886CE1 ] C:\Program Files\Mindjet\MindManager 15\MMReminderService.exe
00:25:06.0683 0x0b1c  MMReminderService - ok
00:25:07.0033 0x0b1c  [ D1B65D57E6DDCB32DA3689D02A8488C4, 43345C754840A89DD080CC267A798E2648BEFE97BE6556A7DC327D274BAE8280 ] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
00:25:07.0260 0x0b1c  StartCN - ok
00:25:07.0395 0x0b1c  [ 9E14107C0C1E0E5AFF69FFABB410308A, EAAFC052D584E189744D38F5521CA86E32BB539D387B829FAC5EFA22DADF9E9E ] C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
00:25:07.0439 0x0b1c  LogiOptions - ok
00:25:07.0483 0x0b1c  Logitech Download Assistant - ok
00:25:07.0786 0x0b1c  [ 82B7AE85A3C197514055DA16D658D8C1, 6FB05B89FBD5FA39F86B7A260CF2C6A692F01FAF79828B18B00735D5A59BC81B ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
00:25:07.0929 0x0b1c  AvastUI.exe - ok
00:25:08.0025 0x0b1c  [ 8FFDB89A0FB7C8ABC3A8825E38047341, B9107FAA3A885CD9A08C20F78D31C3642FA76812E417F41C4F2ADF7D90CA8C72 ] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
00:25:08.0031 0x0b1c  LWS - ok
00:25:08.0212 0x0b1c  [ 12DDA5DE47461555B28954C6711399B4, 35AD5AD8C6E0479EC2FCEBEFA38E69227E5178B9B9D70E7891F9CEBE7491B80A ] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
00:25:08.0266 0x0b1c  Wondershare Helper Compact.exe - ok
00:25:08.0522 0x0b1c  [ 64F4BC028B6C1C3D3FCA046BFF2B21E6, B2719C8F81351B20F32E8CC474C0D43BB044A73EA4B347EB467345C411ADE681 ] C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
00:25:08.0570 0x0b1c  DelaypluginInstall - ok
00:25:08.0737 0x0b1c  [ 8FE651ACBA3344E645CFEB6286FFF6B8, ECE4DFFEB7EB0B19B6790FD0F619A5C4B23CA0BA9CC3F25924925F8EA07264B6 ] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
00:25:08.0759 0x0b1c  AdobeCS6ServiceManager - ok
00:25:08.0875 0x0b1c  OneDriveSetup - ok
00:25:08.0879 0x0b1c  OneDriveSetup - ok
00:25:09.0102 0x0b1c  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\danny_fantastico\AppData\Local\Microsoft\OneDrive\OneDrive.exe
00:25:09.0119 0x0b1c  OneDrive - ok
00:25:09.0252 0x0b1c  [ 22F7B9670AD770C7ED7F4738204C8E5C, 7B793AC094CB1B073419B5DAE09DFBB8EBED03D29301F490AA76EA0667613438 ] C:\Program Files\HP\HP ENVY 120 series\Bin\ScanToPCActivationApp.exe
00:25:09.0317 0x0b1c  HP ENVY 120 series (NET) - ok
00:25:09.0407 0x0b1c  Lync - ok
00:25:09.0711 0x0b1c  [ 79B65FCC2AC6169B0B898F2894C61221, 5D4801D5D3C8E60F02D93E07B0068471C37B7E25359786A868DBC391D9E4E9DD ] C:\Program Files\CCleaner\CCleaner64.exe
00:25:09.0929 0x0b1c  CCleaner Monitoring - ok
00:25:10.0012 0x0b1c  Skype - ok
00:25:10.0216 0x0b1c  [ 501E808B5832505C51F539874E586353, 2F0C36BBB52052DD86E31BD7E0D3B7DD3BB7CF84E212900518E9CBE0C935DC43 ] C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe
00:25:10.0304 0x0b1c  HP ENVY 4500 series (NET) - ok
00:25:10.0399 0x0b1c  [ C5EBD429718E1EAC77D7094F807EB328, 8FB0A9E0B9915225188791A3B9A6EF14BF6A98DBD901F6FF90F5606CA558E2A0 ] C:\Users\danny_fantastico\AppData\Roaming\CricutDesignSpace\BRIDGE\CricutLauncher.exe
00:25:10.0410 0x0b1c  Cricut Design Space - ok
00:25:10.0538 0x0b1c  [ FC2343B581874C0ABB3AC090292DF403, 59954BEA312175B0DE773F1751BC5D406D63C1D62BF72C68C459C61965DC4043 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
00:25:10.0558 0x0b1c  GoogleChromeAutoLaunch_3FE1058DA2D59A50645575E01DFB9FEC - ok
00:25:10.0700 0x0b1c  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Speedy\AppData\Local\Microsoft\OneDrive\OneDrive.exe
00:25:10.0717 0x0b1c  OneDrive - ok
00:25:10.0726 0x0b1c  Waiting for KSN requests completion. In queue: 86
00:25:11.0747 0x0b1c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
00:25:11.0748 0x0b1c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41000 ( enabled : updated )
00:25:11.0750 0x0b1c  FW detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 11.1.2253.1653 ), 0x41010 ( enabled )
00:25:22.0010 0x0b1c  ============================================================
00:25:22.0010 0x0b1c  Scan finished
00:25:22.0010 0x0b1c  ============================================================
00:25:22.0031 0x1d98  Detected object count: 0
00:25:22.0031 0x1d98  Actual detected object count: 0


#5 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 03:58 AM

# AdwCleaner v6.040 - Logfile created 15/12/2016 at 00:54:49
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-15.1 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : danny_fantastico - TIMEWARNERCABLE
# Running from : C:\Users\danny_fantastico\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\Speedy\AppData\Local\PackageAware
Folder Found:  C:\ProgramData\Thunder Network
Folder Found:  C:\ProgramData\thunder network
Folder Found:  C:\ProgramData\Application Data\Thunder Network
Folder Found:  C:\ProgramData\Application Data\thunder network
Folder Found:  C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
 
 
***** [ Files ] *****
 
File Found:  C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage
File Found:  C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - cknebhggccemgcnbidipinkifmmegdel
Chrome pref Found:  [C:\Users\Speedy\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Speedy\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2322 Bytes] - [15/12/2016 00:54:49]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2395 Bytes] ##########


#6 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 05:01 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64 
Ran by danny_fantastico (Administrator) on Thu 12/15/2016 at  1:05:19.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Successfully deleted: C:\ProgramData\thunder network (Folder) 
Successfully deleted: C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel (Folder) 
Successfully deleted: C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage-journal (File) 
Successfully deleted: C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cknebhggccemgcnbidipinkifmmegdel_0.localstorage (File) 
Successfully deleted: C:\Users\danny_fantastico\AppData\Roaming\wyupdate au (Folder) 
Successfully deleted: C:\Users\Public\thunder network (Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3FE1058DA2D59A50645575E01DFB9FEC (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 12/15/2016 at  1:57:29.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 15 December 2016 - 10:40 AM

You're welcome!

Clean what ADW found

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    I see some file corruption that we can address after ESET and a restart .

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 12:11 PM

Okay, I'm just about to hit the 7-hour mark with the ESET scanner. It's at 82% with about 47 infected files found. As soon as it finishes, I'll post the log and continue with your instructions. Thanks again, so much, for your time and help!



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 15 December 2016 - 01:42 PM

Cool, I'll check back.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 05:22 PM

A little over 12 hours...94%, 94 Infections



#11 Condobloke

Condobloke

    Outback Aussie @ 54.2101 N, 0.2906 W


  • Members
  • 6,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:28 AM

Posted 15 December 2016 - 05:38 PM

your pc will probably implode when the infections are cleared....from a sense of relief !...... :hysterical:


Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy

 GcnI1aH.jpg

 

 


#12 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 15 December 2016 - 08:31 PM

Results from ESET...
 
C:\Users\All Users\KMSAutoS\KMSAuto Net.exe a variant of MSIL/HackKMS.I potentially unsafe application
C:\Users\All Users\KMSAutoS\bin\KMSSS.exe a variant of Win32/HackKMS.W potentially unsafe application
C:\Users\All Users\KMSAutoS\bin\TunMirror.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\All Users\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application
C:\Users\All Users\LogiShrd\LogiOptions\Software\Current\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application
C:\$Recycle.Bin\S-1-5-21-3653159639-3780992185-529759721-1004\$RRHC8TP\mobilego_full818.exe multiple threats cleaned by deleting
C:\BP\Palo Alto Software Business Plan Pro 11.0 Premier Edition By Adrian Dennis.rar Win32/Keygen.SS potentially unsafe application deleted
C:\Program Files (x86)\Wondershare\MobileGoCommon\root\getroot a variant of Android/Exploit.Lotoor.GW trojan cleaned by deleting
C:\Program Files (x86)\Wondershare\MobileGoCommon\root\run_root_shell Android/Exploit.Lotoor.EZ trojan cleaned by deleting
C:\Program Files (x86)\Wondershare\MobileGoCommon\root\b33\getroot a variant of Android/Exploit.Lotoor.GX trojan cleaned by deleting
C:\Program Files (x86)\Wondershare\MobileGoCommon\root\sr\getroot a variant of Android/Exploit.Lotoor.GX trojan cleaned by deleting
C:\Program Files (x86)\Wondershare\MobileGoCommon\root\v4\getroot a variant of Android/Exploit.Lotoor.GW trojan cleaned by deleting
C:\Program Files (x86)\Wondershare\Video Converter Ultimate\patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
C:\ProgramData\KMSAutoS\KMSAuto Net.exe a variant of MSIL/HackKMS.I potentially unsafe application cleaned by deleting
C:\ProgramData\KMSAutoS\bin\KMSSS.exe a variant of Win32/HackKMS.W potentially unsafe application cleaned by deleting
C:\ProgramData\KMSAutoS\bin\TunMirror.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application cleaned by deleting
C:\ProgramData\KMSAutoS\bin\TunMirror2.exe a variant of MSIL/HackTool.TunMirror.A potentially unsafe application cleaned by deleting
C:\ProgramData\LogiShrd\LogiOptions\Software\Current\dma_x64.dll a variant of Win64/WebBar.B potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8K0RORF\vlcmediaplayer203-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\AppData\Local\TidyNetwork.com\tidy2networkYDLUS01.exe a variant of Win32/TidyNetwork.D potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\AppData\Local\TidyNetwork.com\tidy2update.exe a variant of Win32/TidyNetwork.D potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\Documents\pal_install_r83075.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\Documents\sbt_ad.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\Documents - Copy\pal_install_r83075.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\Documents - Copy\sbt_ad.exe a variant of Win32/Toolbar.Softomate.A potentially unwanted application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\Downloads\MapsGalaxyCrxSetup.28D35FD2-E8F4-47E3-BA8A-830DDAE22761 (1).exe a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dadpic\Admin\Downloads\MapsGalaxyCrxSetup.28D35FD2-E8F4-47E3-BA8A-830DDAE22761.exe a variant of Win32/Toolbar.MyWebSearch.AI potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\DeskClean1\KMSAuto Net.exe a variant of MSIL/HackKMS.I potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dt 4-3\Apps\card\Download\download a variant of Android/Locker.EC trojan deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\dt 4-3\Apps\card\Video Downloader\hp-drivers-update-utility.zip Win64/Adware.DGTSoft.B application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\dt611\fgfgc\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O8K0RORF\vlcmediaplayer203-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted
C:\Users\danny_fantastico\Desktop\dt1120\dt88\New folder (2)\Download\KingoRoot.apk a variant of Android/DroidRooter.AZ potentially unsafe application deleted
C:\Users\danny_fantastico\Documents\Wondershare\MobileGo\App\617\Porn Tube.apk a variant of Android/AdDisplay.AirPush.P potentially unwanted application deleted
C:\Users\danny_fantastico\Documents\Wondershare\MobileGo\App\617\SURE.apk a variant of Android/Anydown.J potentially unsafe application deleted
C:\Users\danny_fantastico\Documents\Wondershare\MobileGo\Backup\Samsung SM-N900S_20160731_113938.bak multiple threats deleted
C:\Users\danny_fantastico\Downloads\Active_3D-Photoshop_CS6.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\EN4500_198 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\EN4500_198.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Hirens.BootCD.15.2.zip multiple threats deleted
C:\Users\danny_fantastico\Downloads\Keychain_camera_driver_.iso a variant of Win32/ExpressDownloader.K potentially unwanted application deleted
C:\Users\danny_fantastico\Downloads\KingoRoot (1).exe a variant of Win32/InstallCore.AKI.gen potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Downloads\KingoRoot (2).exe a variant of Win32/InstallCore.AKI.gen potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Downloads\KingoRoot.exe a variant of Win32/InstallCore.AKI.gen potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Options_6.30.80 (1).exe a variant of Win32/WebBar.D potentially unwanted application deleted
C:\Users\danny_fantastico\Downloads\Options_6.30.80.exe a variant of Win32/WebBar.D potentially unwanted application deleted
C:\Users\danny_fantastico\Downloads\PaloAlto..15 BusinessPlan.Pro.15th.Ed.rar Win32/Keygen.TW potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Proposal_Kit_10.0_Pro.zip a variant of Win32/TrojanDownloader.Small.NZM trojan deleted
C:\Users\danny_fantastico\Downloads\UmmyVD-Web-Loader.exe a variant of Win32/Magicbit.A potentially unwanted application cleaned by deleting
C:\Users\danny_fantastico\Downloads\UmmyVideoDownloader_is.exe a variant of Win32/FusionCore.I potentially unwanted application deleted
C:\Users\danny_fantastico\Downloads\Wondershare Video Converter Ultimate 8.5.7.1 Multilingual Incl Patch [SadeemPC].zip a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Active_3D-Photoshop_CS6\Active_3D-Photoshop_CS6\Active_3D-Photoshop_CS6.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Adobe After Effects CS6 11.0.0.378 LS7 [Multilanguage][WwW.ZoNaTorrent.CoM]\Setup\AfterEffects_11_LS7.exe a variant of MSIL/TrojanDownloader.Agent.WD trojan cleaned by deleting
C:\Users\danny_fantastico\Downloads\Adobe.Premiere.Pro.CS6.v6.0.1.014.Multilingual.mundomanuales.com\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\crack\crack\md5crack.exe MSIL/Keygen.V potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Intuit QuickBooks Enterprise Accountant 2016 16.0 R3 Incl Patch-=TEAM OS=-\Fix\amped-qbpatch.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\BOTS\MEGA BOTNET PACK\Bots.7z multiple threats deleted
C:\Users\danny_fantastico\Downloads\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\Atomic Mail Verifier v3.1 Portable.7z a variant of Win32/Keygen.CS potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\MaxBulk Mailer Pro 8.4.8.7z a variant of Win32/Keygen.AE potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\Maxprog eMail Extractor 3.4.2.7z a variant of Win32/Keygen.AE potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\FACEBOOK MARKETING SOFTWARE\FaceDominator  1.1.41.7z a variant of MSIL/Fbtaken.B trojan deleted
C:\Users\danny_fantastico\Downloads\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\SEO PACKS\SEO MEGA PACK\Search Engine Optimization Pack.7z multiple threats deleted
C:\Users\danny_fantastico\Downloads\Software\Acrobat.XI.Pro\Adobe.Acrobat.Pro.v11.0.13.Multilingual.iso a variant of Win32/Keygen.HA potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Software\Acrobat.XI.Pro\Adobe.Acrobat.Pro.v11.0.13.Multilingual\Crack\Activation_Keygen.exe a variant of Win32/Keygen.HA potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Software\Acrobat.XI.Pro\Adobe.Acrobat.Pro.v11.0.13.Multilingual\Crack\Alternative\adobe.snr.patch-painter.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Software\Avast_License_Key_till_2050\Avast 2050 License Faker by ZeNiX 2014-03-14\Manual Install\ZeNiX.dll a variant of Win32/AheadLib.A potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Software\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET]\MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator [TechTools.NET].rar a variant of MSIL/HackKMS.I potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Stardock Start8 v1.45 Incl Patch-PainteR [TorDigger]\Patch-PainteR\stardock.start8-patch.painter.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Windows 10 AIO Build 1511 Final May 2016 (x86x64)[Mafia]\Windows 10 AIO Build 1511 Final May 2016 (x86x64)[Mafia].iso MSIL/HackTool.WinActivator.J potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Windows 10 AIO Build 1511 Final May 2016 (x86x64)[Mafia]\Windows 10 Permanent Activator Ultimate v1.5.rar a variant of MSIL/Packed.Confuser.J suspicious application deleted
C:\Users\danny_fantastico\Downloads\Wondershare MobileGo (For Android-iOS) 8.0.0.5 Final Incl. Patch-MPT [ATOM]\mobilego_full818.exe multiple threats cleaned by deleting
C:\Users\danny_fantastico\Downloads\Wondershare MobileGo (For Android-iOS) 8.0.0.5 Final Incl. Patch-MPT [ATOM]\Patch-MPT.zip a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Wondershare MobileGo (For Android-iOS) 8.0.0.5 Final Incl. Patch-MPT [ATOM]\Patch-MPT\wondershare.mobilego-MPT.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Downloads\Wondershare Video Converter Ultimate 8.5.7.1 Multilingual Incl Patch [SadeemPC]\Wondershare Video Converter Ultimate 8.5.7.1 Multilingual Incl Patch [SadeemPC]\Patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
C:\Users\danny_fantastico\Downloads\Wondershare Video Converter Ultimate 8.5.7.1 Multilingual Incl Patch [SadeemPC]\Wondershare Video Converter Ultimate 8.5.7.1 Multilingual Incl Patch [SadeemPC]\Patch\patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting
C:\Users\danny_fantastico\Videos\Download\chromepass.zip a variant of Win32/PSWTool.ChromePass.A potentially unsafe application deleted
C:\Users\danny_fantastico\Videos\Download\My_Webcam.apk a variant of Android/Anydown.N potentially unsafe application deleted
C:\Users\danny_fantastico\Videos\Download\dev8c3\Download\dSploit-1.0.31b.apk Android/HackTool.DSploit.E potentially unsafe application deleted
C:\Users\danny_fantastico\Videos\Download\dev8c3\Download\uk.digitalsquid.netspoofer-1.apk Android/HackTool.NetSpoof.A potentially unsafe application deleted
C:\Users\Public\Documents\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\BOTS\MEGA BOTNET PACK\Bots.7z multiple threats deleted
C:\Users\Public\Documents\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\Atomic Mail Verifier v3.1 Portable.7z a variant of Win32/Keygen.CS potentially unsafe application deleted
C:\Users\Public\Documents\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\MaxBulk Mailer Pro 8.4.8.7z a variant of Win32/Keygen.AE potentially unsafe application deleted
C:\Users\Public\Documents\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\Maxprog eMail Extractor 3.4.2.7z a variant of Win32/Keygen.AE potentially unsafe application deleted
C:\Users\Public\Documents\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\FACEBOOK MARKETING SOFTWARE\FaceDominator  1.1.41.7z a variant of MSIL/Fbtaken.B trojan deleted
C:\Users\Public\Documents\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\SEO PACKS\SEO MEGA PACK\Search Engine Optimization Pack.7z multiple threats deleted
C:\Users\Public\Documents\Youtube SEO Secrets Plus How To Rank Page No1 Google\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\BOTS\MEGA BOTNET PACK\Bots.7z multiple threats deleted
C:\Users\Public\Documents\Youtube SEO Secrets Plus How To Rank Page No1 Google\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\Atomic Mail Verifier v3.1 Portable.7z a variant of Win32/Keygen.CS potentially unsafe application deleted
C:\Users\Public\Documents\Youtube SEO Secrets Plus How To Rank Page No1 Google\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\MaxBulk Mailer Pro 8.4.8.7z a variant of Win32/Keygen.AE potentially unsafe application deleted
C:\Users\Public\Documents\Youtube SEO Secrets Plus How To Rank Page No1 Google\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\E-MAIL SOFTWARE\Maxprog eMail Extractor 3.4.2.7z a variant of Win32/Keygen.AE potentially unsafe application deleted
C:\Users\Public\Documents\Youtube SEO Secrets Plus How To Rank Page No1 Google\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\FACEBOOK MARKETING SOFTWARE\FaceDominator  1.1.41.7z a variant of MSIL/Fbtaken.B trojan deleted
C:\Users\Public\Documents\Youtube SEO Secrets Plus How To Rank Page No1 Google\Online-Marketing, SEO MEGAPACK (+90mil.E-mails)\SEO PACKS\SEO MEGA PACK\Search Engine Optimization Pack.7z multiple threats deleted
C:\Windows\System32\SppExtComObjHook.dll a variant of Win64/HackKMS.I potentially unsafe application cleaned by deleting
C:\Windows\System32\SppExtComObjPatcher.exe a variant of Win64/HackKMS.C potentially unsafe application cleaned by deleting
C:\Windows\System32\MRT\3AC662F4-BBD5-4771-B2A0-164912094D5D\FilesStash\DF497822-4650-BA87-B52D-044B57A5F764 a variant of MSIL/HackKMS.I potentially unsafe application cleaned by deleting
C:\Windows\System32\MRT\F6945BD2-D48B-4B07-A7FB-A55C4F98A324\FilesStash\075C5455-4389-EE7A-900A-235D4F50B8C1_1d257733ad618a2 a variant of MSIL/HackKMS.I potentially unsafe application cleaned by deleting


#13 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 16 December 2016 - 08:18 AM

# AdwCleaner v6.041 - Logfile created 16/12/2016 at 01:14:34
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-15.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : danny_fantastico - TIMEWARNERCABLE
# Running from : C:\Users\danny_fantastico\Desktop\adwcleaner_6.041.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Speedy\AppData\Local\PackageAware
[-] Folder deleted: C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\danny_fantastico\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: cknebhggccemgcnbidipinkifmmegdel
[-] [C:\Users\Speedy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Speedy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [1722 Bytes] - [16/12/2016 01:14:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [2482 Bytes] - [15/12/2016 00:54:49]
C:\AdwCleaner\AdwCleaner[S1].txt - [2027 Bytes] - [15/12/2016 22:47:31]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1941 Bytes] ##########


#14 bigfanta

bigfanta
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:06:28 AM

Posted 17 December 2016 - 07:12 AM

Was the adware clean the last thing I needed to do? And did the results show anything insightful? Other than the fact that I had a lot of infections. Was there anything major?

Thanks for your help thus far. I'm surprised that malwarebytes and avast don't pick this stuff up 😕

Edited by bigfanta, 17 December 2016 - 07:15 AM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:28 AM

Posted 19 December 2016 - 02:47 PM

A lot of junk some with Bots (which are bad)

Let me ask you if you use crack software? I am no t judging you but it could be a source.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users