PDA

View Full Version : Instashare has got me!



TheJDawg
2014-09-15, 15:05
Hi
I've at the very least got a problem with Instashare pop up ads. Tried to uninstall. Failed. Used RevoUninstall and that appears to have just hidden it. Ran Malwarebytes but hasn't removed it nor has Spybot. Would appreciate some help.

Farber Logs below. Trying to get aswMBR log but keeps stalling. Will post when obtained. Thanks:D:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Jonesboy (administrator) on JONESBOY-PC on 15-09-2014 21:26:40
Running from C:\Users\Jonesboy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\DCService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Interesting Solutions) C:\ProgramData\myXaturuft\ZGtfxyv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
() C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Suunto) C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\Moveslink2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Windows\system\cm106eye.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
() C:\Program Files (x86)\Star Downloader\stardown.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\files\vss_pause.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-11-12] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-11-12] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-03-16] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-09-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Cm106Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKLM-x32\...\Run: [Lenovo SplitScreen] => C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe [778592 2010-06-23] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Moveslink2] => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Viber] => C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe [936656 2014-06-10] ()
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efb99-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efbab-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {dfefbe99-e45d-11e1-bbcb-ec55f9ebde21} - E:\AutoRun.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {ff38db40-789b-11e1-aaf9-ec55f9ebde21} - E:\win\setup.exe -phs
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {175023C8-9E2B-4397-A1BB-D91BB93ABDAD} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {FFFFFEF0-5B30-21D4-945D-000000000000} -> C:\Program Files (x86)\Star Downloader\SDIEInt.dll ()
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///F:/activeX/DCP.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///F:/activeX/aplugLiteDL.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF}: [NameServer] 198.142.0.51 61.88.88.88
Tcpip\..\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688}: [NameServer] 198.142.0.51 61.88.88.88

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: reconinstruments.com/Recon -> C:\Users\Jonesboy\AppData\Roaming\ReconInstruments\ReconUplink\1.0.2.1\npReconUplink.dll (Recon Instruments)
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> FB2353EF818E000C9EC1B1DDDF8F147F6788363B76B7D4A4E3563D81BDDA2FD4
CHR DefaultSearchURL: Default -> 3A93E825D69222AF67266526206B5617EC1F7F2100BD65E5D18A6E7AD7FEA498
CHR Profile: C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02]
CHR Extension: (Google Drive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-02]
CHR Extension: (Google Search) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-02]
CHR Extension: (iCloud Bookmarks) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-03]
CHR Extension: (OneDrive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Desktop Client for Viber™) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-06-13]
CHR Extension: (Gmail) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-04]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2014-06-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
CHR HKLM-x32\...\Chrome\Extension: [hfimfliilbabfohebppnfomgjljicpdm] - C:\Program Files (x86)\MP3 Rocket\MP3RocketDownloader.crx [2013-03-12]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [915232 2010-06-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8988048 2013-04-03] (DisplayLink Corp.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438104 2014-07-10] (Garmin Ltd or its subsidiaries)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-09-15] (SurfRight B.V.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 ZGtfxyv; C:\ProgramData\myXaturuft\ZGtfxyv.exe [2319728 2014-09-14] (Interesting Solutions)
S2 HPSLPSVC; C:\Users\Jonesboy\AppData\Local\Temp\7zS51CF\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [44944 2013-04-10] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-06] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [57072 2010-04-24] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31344 2010-04-24] (JMicron Technology Corp.)
S3 massfilter_lte; C:\windows\system32\drivers\massfilter_lte.sys [18456 2011-08-09] (HandSet Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [122584 2014-09-15] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated) [File not signed]
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.) [File not signed]
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.) [File not signed]
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
U0 xgjbae; C:\Windows\System32\drivers\hnnhhmec.sys [79064 2014-09-15] (Malwarebytes Corporation)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 21:26 - 2014-09-15 21:27 - 00035571 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
2014-09-15 21:25 - 2014-09-15 21:26 - 00000000 ____D () C:\FRST
2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-15 21:00 - 2014-09-15 21:00 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\hnnhhmec.sys
2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-15 20:59 - 2014-09-15 21:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 20:46 - 2014-09-15 20:49 - 11194928 _____ (SurfRight B.V.) C:\Users\Jonesboy\Downloads\HitmanPro_x64.exe
2014-09-15 20:32 - 2014-09-15 20:32 - 00000056 _____ () C:\windows\setupact.log
2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-15 15:32 - 2014-09-15 15:32 - 00000000 ____D () C:\ProgramData\Browser
2014-09-14 08:41 - 2014-09-14 08:42 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-09-14 08:31 - 2014-09-14 08:32 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup (1).exe
2014-09-14 08:30 - 2014-09-15 19:14 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-09-14 08:30 - 2014-09-15 19:03 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-09-14 08:30 - 2014-09-14 08:30 - 03608126 _____ (Word-Pdf-Convert Software, Inc. ) C:\Users\Jonesboy\Downloads\power_word_to_pdf_converter.exe
2014-09-14 08:30 - 2014-08-25 12:14 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
2014-09-14 08:29 - 2014-09-15 20:41 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
2014-09-14 08:29 - 2014-09-14 08:29 - 02003352 _____ (Acro Software Inc. ) C:\Users\Jonesboy\Downloads\CuteWriter.exe
2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
2014-09-14 08:27 - 2014-09-14 08:27 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup.exe
2014-09-13 17:52 - 2014-09-13 18:14 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Systweak
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 15:54 - 2014-08-20 04:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 15:54 - 2014-08-20 03:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 15:54 - 2014-08-19 09:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 15:54 - 2014-08-19 08:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 15:54 - 2014-08-19 08:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-10 15:54 - 2014-08-19 08:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-10 15:54 - 2014-08-19 08:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 15:54 - 2014-08-19 08:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-10 15:54 - 2014-08-19 08:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-10 15:54 - 2014-08-19 08:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 15:54 - 2014-08-19 08:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 15:54 - 2014-08-19 08:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-10 15:54 - 2014-08-19 08:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-10 15:54 - 2014-08-19 08:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-10 15:54 - 2014-08-19 08:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-10 15:54 - 2014-08-19 07:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 15:54 - 2014-08-19 07:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:54 - 2014-08-19 07:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 15:54 - 2014-08-19 07:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-10 15:54 - 2014-08-19 07:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:54 - 2014-08-19 07:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 15:54 - 2014-08-19 07:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:54 - 2014-08-19 07:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:54 - 2014-08-19 07:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 15:54 - 2014-08-19 07:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 15:54 - 2014-08-19 07:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 15:54 - 2014-08-19 07:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 15:54 - 2014-08-19 07:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 15:54 - 2014-08-19 07:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-10 15:54 - 2014-08-19 07:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-10 15:54 - 2014-08-19 07:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-10 15:54 - 2014-08-19 07:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 15:54 - 2014-08-19 07:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 15:54 - 2014-08-19 07:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 15:54 - 2014-08-19 07:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-10 15:54 - 2014-08-19 07:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:54 - 2014-08-19 07:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 15:54 - 2014-08-19 07:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 15:54 - 2014-08-19 07:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 15:54 - 2014-08-19 07:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 15:54 - 2014-08-19 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-10 15:54 - 2014-08-19 06:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-10 15:54 - 2014-08-19 06:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-10 15:53 - 2014-08-19 08:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 15:53 - 2014-08-19 08:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 15:53 - 2014-08-19 08:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 15:53 - 2014-08-19 08:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 15:53 - 2014-08-19 07:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 15:53 - 2014-08-19 07:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 15:53 - 2014-08-19 07:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 15:53 - 2014-08-19 07:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 15:53 - 2014-08-19 07:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 15:53 - 2014-08-19 07:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 15:53 - 2014-08-19 06:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 15:53 - 2014-08-19 06:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 15:53 - 2014-08-19 06:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 15:43 - 2014-06-27 12:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-10 15:43 - 2014-06-27 11:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 15:41 - 2014-08-01 21:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 15:41 - 2014-08-01 21:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 15:41 - 2014-07-07 12:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 15:41 - 2014-07-07 12:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 15:41 - 2014-07-07 11:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 15:41 - 2014-07-07 11:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 15:41 - 2014-07-07 11:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 15:41 - 2014-06-24 13:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 15:41 - 2014-06-24 12:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 15:40 - 2014-09-05 12:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:40 - 2014-09-05 12:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 12:38 - 2014-08-23 12:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-29 12:38 - 2014-08-23 11:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-29 12:38 - 2014-08-23 10:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 01:54 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 01:54 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 01:54 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 01:54 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-22 01:53 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 01:53 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-22 01:53 - 2014-05-14 12:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 01:53 - 2014-05-14 12:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-22 01:53 - 2014-05-14 12:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-22 01:53 - 2014-05-14 12:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-18 18:54 - 2014-09-13 17:22 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 21:27 - 2014-09-15 21:26 - 00035571 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
2014-09-15 21:26 - 2014-09-15 21:25 - 00000000 ____D () C:\FRST
2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-15 21:14 - 2014-09-15 20:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 21:13 - 2012-02-27 00:51 - 00000000 ____D () C:\Users\Jonesboy\Documents\Outlook Files
2014-09-15 21:09 - 2012-04-22 20:24 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Files
2014-09-15 21:00 - 2014-09-15 21:00 - 00079064 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\hnnhhmec.sys
2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-09-15 21:00 - 2014-09-15 21:00 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-15 20:59 - 2013-07-02 18:28 - 00004996 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC
2014-09-15 20:49 - 2014-09-15 20:46 - 11194928 _____ (SurfRight B.V.) C:\Users\Jonesboy\Downloads\HitmanPro_x64.exe
2014-09-15 20:43 - 2014-05-25 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 20:43 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:43 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 20:41 - 2014-09-14 08:29 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
2014-09-15 20:39 - 2014-05-18 12:32 - 01415212 _____ () C:\windows\WindowsUpdate.log
2014-09-15 20:38 - 2014-06-13 13:55 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\ViberPC
2014-09-15 20:37 - 2012-07-28 18:09 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Deployment
2014-09-15 20:36 - 2014-06-13 13:40 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Viber
2014-09-15 20:36 - 2012-04-02 21:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 20:35 - 2013-01-22 11:01 - 00000354 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-09-15 20:35 - 2013-01-10 18:25 - 00000342 _____ () C:\windows\Tasks\spmonitor.job
2014-09-15 20:35 - 2013-01-10 18:25 - 00000264 _____ () C:\windows\Tasks\SpeedUpMyPC.job
2014-09-15 20:35 - 2012-02-15 21:17 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 20:35 - 2012-02-15 21:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 20:33 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 20:32 - 2014-09-15 20:32 - 00000056 _____ () C:\windows\setupact.log
2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
2014-09-15 19:55 - 2012-02-22 14:09 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-15 19:55 - 2011-03-16 04:31 - 00000000 ____D () C:\ProgramData\Temp
2014-09-15 19:53 - 2012-11-22 09:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 19:48 - 2012-02-22 17:45 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\PhotoScape
2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-15 19:15 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
2014-09-15 19:14 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-09-15 19:03 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-09-15 18:56 - 2012-06-19 17:53 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Skype
2014-09-15 18:46 - 2012-02-15 00:12 - 00002038 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-09-15 18:45 - 2012-07-07 17:13 - 00002038 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-15 18:45 - 2012-02-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-15 15:32 - 2014-09-15 15:32 - 00000000 ____D () C:\ProgramData\Browser
2014-09-15 12:07 - 2012-08-10 15:22 - 00000000 ____D () C:\Program Files (x86)\Hubb Investor
2014-09-15 11:33 - 2012-07-07 21:50 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-14 08:42 - 2014-09-14 08:41 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-09-14 08:32 - 2014-09-14 08:31 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup (1).exe
2014-09-14 08:30 - 2014-09-14 08:30 - 03608126 _____ (Word-Pdf-Convert Software, Inc. ) C:\Users\Jonesboy\Downloads\power_word_to_pdf_converter.exe
2014-09-14 08:29 - 2014-09-14 08:29 - 02003352 _____ (Acro Software Inc. ) C:\Users\Jonesboy\Downloads\CuteWriter.exe
2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
2014-09-14 08:27 - 2014-09-14 08:27 - 01212232 _____ () C:\Users\Jonesboy\Downloads\freepowerwordtopdfconverter-setup.exe
2014-09-13 22:10 - 2012-02-23 20:36 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\vlc
2014-09-13 21:39 - 2012-02-19 08:58 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Anti Virus
2014-09-13 21:23 - 2012-03-04 23:33 - 00001999 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-09-13 20:49 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
2014-09-13 18:20 - 2014-03-29 00:37 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Tax Docs
2014-09-13 18:14 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Systweak
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
2014-09-13 17:22 - 2014-08-18 18:54 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe
2014-09-11 19:14 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
2014-09-10 19:36 - 2012-04-02 21:34 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 19:36 - 2012-04-02 21:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 19:36 - 2012-03-05 22:07 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 16:58 - 2012-02-19 08:56 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Adobe
2014-09-10 15:51 - 2013-07-15 18:18 - 00000000 ____D () C:\windows\system32\MRT
2014-09-10 15:44 - 2012-02-15 16:56 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-10 15:42 - 2014-04-24 19:45 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-08 22:15 - 2012-10-18 22:44 - 00000000 ____D () C:\Users\Jonesboy\Downloads\YTD
2014-09-08 18:41 - 2012-08-10 10:38 - 00000000 ___RD () C:\Users\Jonesboy\SkyDrive
2014-09-08 15:25 - 2009-07-14 15:13 - 00006620 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-05 12:10 - 2014-09-10 15:40 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 12:05 - 2014-09-10 15:40 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 09:14 - 2012-06-19 17:53 - 00000000 ____D () C:\ProgramData\Skype
2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-04 09:13 - 2012-06-19 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-31 21:51 - 2014-03-28 23:44 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Pt Cook
2014-08-29 12:54 - 2009-07-14 14:45 - 00437128 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 10:29 - 2014-06-22 00:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 11:55 - 2012-02-22 17:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-25 12:14 - 2014-09-14 08:30 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
2014-08-23 22:20 - 2013-10-18 01:15 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-08-23 22:20 - 2013-10-18 01:15 - 00000000 ____D () C:\Program Files\Java
2014-08-23 22:16 - 2012-03-04 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-23 22:14 - 2013-10-01 20:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-23 12:07 - 2014-08-29 12:38 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 11:45 - 2014-08-29 12:38 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 10:59 - 2014-08-29 12:38 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 01:50 - 2012-02-15 21:03 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Apple
2014-08-20 22:02 - 2012-03-05 09:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Windows Live
2014-08-20 04:05 - 2014-09-10 15:54 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-20 03:39 - 2014-09-10 15:54 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-19 22:03 - 2014-01-26 21:30 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Run Swim Ride
2014-08-19 09:01 - 2014-09-10 15:54 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 08:29 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-19 08:29 - 2014-09-10 15:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-19 08:26 - 2014-09-10 15:53 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-19 08:20 - 2014-09-10 15:53 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-19 08:19 - 2014-09-10 15:53 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-19 08:15 - 2014-09-10 15:54 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-19 08:15 - 2014-09-10 15:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-19 08:14 - 2014-09-10 15:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-19 08:14 - 2014-09-10 15:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-19 08:08 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-19 08:08 - 2014-09-10 15:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-19 08:08 - 2014-09-10 15:53 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-19 08:05 - 2014-09-10 15:54 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-19 08:03 - 2014-09-10 15:54 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-19 08:03 - 2014-09-10 15:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-19 08:03 - 2014-09-10 15:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-19 07:57 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-19 07:56 - 2014-09-10 15:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-19 07:51 - 2014-09-10 15:54 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-19 07:46 - 2014-09-10 15:54 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-19 07:45 - 2014-09-10 15:54 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 07:45 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-19 07:44 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-19 07:44 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-19 07:42 - 2014-09-10 15:53 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-19 07:40 - 2014-09-10 15:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-19 07:39 - 2014-09-10 15:54 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-19 07:39 - 2014-09-10 15:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-19 07:39 - 2014-09-10 15:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-19 07:38 - 2014-09-10 15:54 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-19 07:37 - 2014-09-10 15:54 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-19 07:36 - 2014-09-10 15:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-19 07:35 - 2014-09-10 15:54 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-19 07:27 - 2014-09-10 15:54 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-19 07:25 - 2014-09-10 15:54 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-19 07:25 - 2014-09-10 15:54 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-19 07:23 - 2014-09-10 15:54 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-19 07:23 - 2014-09-10 15:53 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-19 07:22 - 2014-09-10 15:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 07:19 - 2014-09-10 15:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-19 07:17 - 2014-09-10 15:54 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-19 07:17 - 2014-09-10 15:54 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-19 07:16 - 2014-09-10 15:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-19 07:15 - 2014-09-10 15:53 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-19 07:15 - 2014-09-10 15:53 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-19 07:09 - 2014-09-10 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-19 07:08 - 2014-09-10 15:53 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-19 07:07 - 2014-09-10 15:54 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-19 06:55 - 2014-09-10 15:53 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-19 06:46 - 2014-09-10 15:53 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-19 06:38 - 2014-09-10 15:54 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-19 06:38 - 2014-09-10 15:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-19 06:36 - 2014-09-10 15:54 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-18 00:39 - 2014-07-12 18:14 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Go Pro

Files to move or delete:
====================
C:\ProgramData\Setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-07 22:57

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-15 21:27:37
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{26D103BC-A153-B74C-CA98-8F0A66EF6041}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AX88772A & AX88772 Vista 64-bit Driver (HKLM-x32\...\InstallShield_{663451CD-7556-46FF-9EDA-45A50AEA658C}) (Version: 3.10.234.13 - ASIX Electronics Corporation)
AX88772A & AX88772 Vista 64-bit Driver (x32 Version: 3.10.234.13 - ASIX Electronics Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.3.1 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0727.2126.36625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
ccc-utility64 (Version: 2010.0727.2126.36625 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2603 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{A0A51EB5-5C6C-4588-816A-D6990B79F298}) (Version: 7.2.47157.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{B76E347A-DFF5-4CD7-88D5-7F947BC75D41}) (Version: 7.0.43577.0 - DisplayLink Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
dynadock Utility_II (HKLM\...\{F6D91449-5BB1-4F5D-9565-CA1E7EB961CD}) (Version: 2.1.1.0.64 - TOSHIBA Corporation)
Elevated Installer (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.2.2 - Lenovo)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Full DVD Ripper 9 Free (HKLM-x32\...\{DA5931FD-7F75-49CA-A405-85D230DE29D8}_is1) (Version: - Full DVD Studio)
Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}) (Version: 3.2.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.225 - SurfRight B.V.)
Hubb Investor (HKLM-x32\...\Hubb Investor) (Version: - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.6 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.6 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2400 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.4 - Suyin Optronics Corp.)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Lenovo SplitScreen (HKLM-x32\...\Lenovo SplitScreen) (Version: 1.00.1823.0001 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
More Add-in (HKLM-x32\...\{F522CEC8-CBF8-4733-9344-563D322E25E1}) (Version: 4.2.0 - MoreAddin)
Moveslink2 (HKCU\...\ad9740b1426036fe) (Version: 1.2.9.4693 - Suunto)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.6 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.6 - Lenovo) Hidden
Optus Mobile Broadband (HKLM-x32\...\Optus Mobile Broadband) (Version: 16.002.10.01.432 - Huawei Technologies Co.,Ltd)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.24 - NCH Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.6903 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
ReconUplink (HKLM-x32\...\{D2EBF10F-4746-4994-BF85-5964ED9AB9A5}) (Version: 1.0.2.1 - Recon Instruments)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Star Downloader Free (HKLM-x32\...\Star Downloader Free) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.53 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA dynadock (HKLM\...\{3933FB5F-85F6-4D24-A663-0D376CA05D90}) (Version: 4.5.14974.0 - TOSHIBA Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
USB Multi-Channel Audio Device (HKLM-x32\...\Generic USB 106 Sound) (Version: - )
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-09-2014 00:12:31 Windows Update
07-09-2014 11:21:30 Windows Update
08-09-2014 11:11:51 Installed Samsung Kies3
10-09-2014 05:42:19 Windows Update
14-09-2014 07:02:39 Windows Update
15-09-2014 08:46:31 Removed PicRec (x86)
15-09-2014 08:48:21 Removed PicRec (x86)
15-09-2014 09:28:01 Revo Uninstaller's restore point - InstaShare
15-09-2014 09:49:20 Revo Uninstaller's restore point - Bing Desktop
15-09-2014 11:13:34 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2014-09-15 21:08 - 00450770 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E565558-BC0D-4DA0-AD83-1F6E717DAC64} - System32\Tasks\{8653835D-03A1-4CC8-909A-285E036CB7AD} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116&amp;LastError=0
Task: {24A6AB29-40C9-40A1-8FEE-389792A623C4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2E2818CD-D83C-47C2-BEFE-6DBFACC268ED} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: {2EBD4A33-07B1-41EC-A28F-79ED90CB1848} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-10] ()
Task: {345CC3E1-A5D3-4F6F-A4A4-70BC03338845} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {3CA9C9C8-8A3E-4BA5-B121-B596EE02C559} - System32\Tasks\{4D9FBE05-3A90-4892-A19A-CEF2CED8137F} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {453218D4-6179-4C01-8C1B-4AFF7774811E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {49399536-52DB-486E-AF9C-41E909330979} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-27] (Microsoft Corporation)
Task: {4D20A384-F7F7-4028-B7D5-D4FA2C72242B} - System32\Tasks\{4109FCE8-B55C-4BD3-9B73-CD0BF3B4C7D6} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {5F3EBEE2-5768-4836-8667-DD87DA02646B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {615899FB-6231-44E4-8883-FC4FD8B31CBB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {672D6D2C-0BA4-4A6C-8EE2-018289B8602C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: {68D0EB38-394E-4C96-B903-575D24E114AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6A1803A4-EB8A-49F3-A864-F35B32CD8201} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7D96CFB1-CBDA-49E0-801C-58D922F2F1DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7DBB66B2-B6BC-4792-9D06-49441D499C16} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {7E7B4D0B-B2EC-4AE4-AE60-4196E6847FD4} - System32\Tasks\{5C69CC98-2842-4857-B783-164F24FC0344} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {9760B92A-420C-48CA-B7B9-54074AE48896} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {9E1E0B6F-CE97-4D06-9DE1-FBA233A528C3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A5CA1764-E513-408D-A3E4-F93809AE8189} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE2A720F-EE38-4928-82F0-852934809CB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {BC042629-8A25-4F0F-BD78-CBC955EDC851} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C85C4CA9-A503-4158-88E9-0D58220FF9A8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {F89B0AAF-30A9-477D-AE3A-E08EAA057CED} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
Task: {FEAFB85C-231B-4DFF-B67B-28050E562C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\BCK1 7 July 2013.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
Task: C:\windows\Tasks\BCK2 13 07 13.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: C:\windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: C:\windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe

==================== Loaded Modules (whitelisted) =============

2014-06-22 00:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-08-19 18:52 - 2010-08-19 18:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2010-10-19 00:50 - 2010-10-19 00:50 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-10-19 00:52 - 2010-10-19 00:52 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-03-16 10:43 - 2012-03-31 23:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2011-03-16 04:28 - 2011-03-16 04:28 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2014-06-13 13:55 - 2014-06-10 14:25 - 00936656 _____ () C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
2012-03-04 09:58 - 2008-05-20 20:18 - 00221184 _____ () C:\windows\system\Cm106eye.exe
2010-08-26 23:47 - 2010-08-26 23:47 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-28 06:25 - 2010-07-28 06:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-15 20:36 - 2014-09-15 20:36 - 01389936 _____ () C:\ProgramData\myXaturuft\dat\cHmAzL.dll
2014-06-14 13:50 - 2006-02-25 19:02 - 01785344 _____ () C:\Program Files (x86)\Star Downloader\stardown.exe
2014-07-04 18:20 - 2014-07-04 18:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-15 11:33 - 2014-09-15 11:33 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091401\algo.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-04 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-04 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-04 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-04 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-04 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2010-10-19 00:46 - 2010-10-19 00:46 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-10-19 00:49 - 2010-10-19 00:49 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 22593536 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libViber.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00737280 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libGLESv2.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00098304 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\qfacebook.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00049152 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libEGL.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00860160 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\platforms\qwindows.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qgif.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qico.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00204800 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qjpeg.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00221184 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qmng.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qsvg.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtga.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00311296 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtiff.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qwbmp.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00622592 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\sqldrivers\qsqlite.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00032768 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\iconengines\qsvgicon.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-09-04 09:12 - 2014-09-04 09:12 - 07248384 _____ () C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\BLLWrapper.DLL
2012-03-04 09:58 - 2006-09-13 15:08 - 00491520 _____ () C:\windows\system\CmAu106.dll
2014-07-04 18:20 - 2014-07-04 18:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-22 00:32 - 2014-06-22 00:32 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2012-09-24 13:19 - 2011-05-27 10:17 - 01372160 ____N () C:\Program Files (x86)\Infotriever\Agent\ifboutlook.dll
2014-08-27 10:44 - 2014-08-27 10:47 - 01032352 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-06-14 13:50 - 2006-02-26 17:44 - 00135680 _____ () C:\Program Files (x86)\Star Downloader\SDIEInt.dll
2014-09-15 20:36 - 2014-09-15 20:36 - 01186160 _____ () C:\ProgramData\myXaturuft\dat\czsVqsmU.dll
2014-06-14 13:50 - 2004-02-18 02:05 - 00133632 _____ () C:\Program Files (x86)\Star Downloader\SDIE55Int.dll
2014-06-14 13:50 - 2004-02-04 22:53 - 00139264 _____ () C:\Program Files (x86)\Star Downloader\NSHelper.dll
2014-06-14 13:50 - 2004-02-04 22:53 - 00032768 _____ () C:\Program Files (x86)\Star Downloader\SDExt.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Place.lnk => C:\windows\pss\My Place.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Moveslink2 => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: ooVoo.exe => C:\program files (x86)\oovoo\oovoo.exe /minimized
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TosDockApp => C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Viber => "C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2014 08:36:28 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/15/2014 07:39:24 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/15/2014 07:36:58 PM) (Source: Garmin Core Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (09/15/2014 07:21:18 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/15/2014 06:57:36 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/15/2014 06:47:14 PM) (Source: MsiInstaller) (EventID: 11001) (User: Jonesboy-PC)
Description: Product: PicRec (x86) -- Error 1001. Error 1001. An exception occurred while uninstalling. This exception will be ignored and the uninstall will continue. However, the application might not be fully uninstalled after the uninstall is complete. --> You canceled uninstallation(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

Error: (09/15/2014 11:29:24 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/14/2014 07:20:20 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.


System errors:
=============
Error: (09/15/2014 08:37:21 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (09/15/2014 08:36:30 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (MSSMLBIZ) service terminated with service-specific error %%3414.

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/15/2014 08:35:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/15/2014 08:36:28 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/15/2014 07:39:24 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/15/2014 07:36:58 PM) (Source: Garmin Core Update Service) (EventID: 0) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (09/15/2014 07:21:18 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/15/2014 06:57:36 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/15/2014 06:47:14 PM) (Source: MsiInstaller) (EventID: 11001) (User: Jonesboy-PC)
Description: Product: PicRec (x86) -- Error 1001. Error 1001. An exception occurred while uninstalling. This exception will be ignored and the uninstall will continue. However, the application might not be fully uninstalled after the uninstall is complete. --> You canceled uninstallation(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

Error: (09/15/2014 11:30:02 AM) (Source: Microsoft Office 15) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x803D0010; CorrelationId: {82ED58B3-5340-48CA-8A49-0E4BDD929648}

Error: (09/15/2014 11:29:24 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/14/2014 07:20:20 PM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model


CodeIntegrity Errors:
===================================
Date: 2014-09-15 20:37:19.315
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 20:37:18.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 20:37:02.088
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 20:36:59.049
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 19:39:15.511
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 19:39:15.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 19:38:50.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 19:38:49.772
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 19:21:22.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-15 19:21:20.377
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 8172.58 MB
Available physical RAM: 4387.63 MB
Total Pagefile: 16343.34 MB
Available Pagefile: 11812.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive b: () (RAMDisk) (Total:653 GB) (Free:56.16 GB) NTFS
Drive c: () (Fixed) (Total:653 GB) (Free:55.33 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.69 GB) (Free:28.52 GB) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2140.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5EE4C6C4)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================

Finally got the aswMBR log. attached.

aswMBR version 1.0.1.2041 Copyright(c) 2014 AVAST Software
Run date: 2014-09-15 22:03:20
-----------------------------
22:03:20.698 OS Version: Windows x64 6.1.7601 Service Pack 1
22:03:20.698 Number of processors: 8 586 0x2A07
22:03:20.699 ComputerName: JONESBOY-PC UserName: Jonesboy
22:03:22.375 Initialize success
22:03:22.376 VM: initialized successfully
22:03:22.392 VM: Intel CPU supported
22:03:24.327 VM: supported disk I/O iaStor.sys
22:03:27.182 AVAST engine defs: 14091401
22:03:32.522 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:03:32.529 Disk 0 Vendor: WDC_WD75 02.0 Size: 715404MB BusType: 3
22:03:32.777 Disk 0 MBR read successfully
22:03:32.781 Disk 0 MBR scan
22:03:32.784 Disk 0 Windows 7 default MBR code
22:03:32.798 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 200 MB offset 2048
22:03:32.813 Disk 0 default boot code
22:03:32.818 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 668670 MB offset 411648
22:03:32.822 Disk 0 Partition - 00 0F Extended LBA 31425 MB offset 1369847808
22:03:32.859 Disk 0 Partition 3 00 12 Compaq diag NTFS 15108 MB offset 1434206208
22:03:32.923 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 31424 MB offset 1369849856
22:03:33.189 Disk 0 scanning C:\windows\system32\drivers
22:03:51.859 Service scanning
22:04:21.789 Modules scanning
22:04:21.805 Disk 0 trace - called modules:
22:04:21.835 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:04:21.847 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007c6c790]
22:04:21.860 3 CLASSPNP.SYS[fffff88000dbf43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800765c050]
22:04:23.599 AVAST engine scan C:\windows
22:04:30.055 AVAST engine scan C:\windows\system32
22:08:25.063 AVAST engine scan C:\windows\system32\drivers
22:08:43.897 AVAST engine scan C:\Users\Jonesboy
22:45:56.956 AVAST engine scan C:\ProgramData
22:55:26.997 Scan finished successfully
22:57:45.747 Disk 0 MBR has been saved successfully to "C:\Users\Jonesboy\Desktop\MBR.dat"
22:57:45.752 The log file has been saved successfully to "C:\Users\Jonesboy\Desktop\aswMBR 1.txt"

ken545
2014-09-15, 19:11
:snwelcome:

Lets run a few scans and tools

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.



===============================================================================


http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.




===============================================================================


Then open Malwarebytes, check for updates and run the Threat scan , here are instructions in case you removed it


Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)


On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Detections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

TheJDawg
2014-09-16, 02:49
3 logs below. Thanks for the help.
:cool:


# AdwCleaner v3.310 - Report created 16/09/2014 at 08:42:58
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jonesboy - JONESBOY-PC
# Running from : C:\Users\Jonesboy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files\003
Folder Deleted : C:\Users\Jonesboy\AppData\Local\apn
Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\DownLite
Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\GrabPro
Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Jonesboy\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfimfliilbabfohebppnfomgjljicpdm
File Deleted : C:\END
File Deleted : C:\Users\Jonesboy\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk
File Deleted : C:\Users\Jonesboy\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : SpeedUpMyPC
Task Deleted : spmonitor

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hfimfliilbabfohebppnfomgjljicpdm
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchSettings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avast-uninstall-utility_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_avast-uninstall-utility_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C55BBCD6-41AD-48AD-9953-3609C48EACC7}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625576}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626676}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v

-\\ Google Chrome v37.0.2062.120

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hfimfliilbabfohebppnfomgjljicpdm
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={6C0558D9-CC86-41A6-8388-73A988C2FCFA}&mid=655d9f02c9f14561b20850110a262a31-7517f13cfd7680160233733b6e2ba585a6f035f4&lang=en&ds=pl011&pr=sa&d=2012-07-14 21:55:09&v=12.2.5.32&sap=dsp&q={searchTerms}
Deleted [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deleted [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Deleted [Extension] : hfimfliilbabfohebppnfomgjljicpdm

*************************

AdwCleaner[R0].txt - [10851 octets] - [16/09/2014 08:38:38]
AdwCleaner[S0].txt - [10812 octets] - [16/09/2014 08:42:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10873 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jonesboy on Tue 16/09/2014 at 8:59:25.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3601747211-198960775-3737481478-1001\Software\wajam
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244624476}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244624476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244624476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244624476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstaller_RASMANCS



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{0F83C0D1-6819-453F-AA75-7C4FD9500118}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{26C9608B-BC5D-4216-8AEA-21A78F8BF8E3}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{290B8B57-98AA-4AA5-A1A4-C255B89D69E6}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{3AD7A380-4FD4-4331-BE22-520E6FAEFF62}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{3F94F9F8-71EF-497E-BAAC-4DDED31A8CCB}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{42EF28CD-8959-4F87-8AE2-9EE39EB2B9F2}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{597F929F-4A68-483D-8BC0-29DD5EBACB20}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{719AA97E-1D6C-4EC3-B241-CB8DCC1A86AA}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{7D3AC051-9AA9-4909-8877-85DFF8E94785}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{87898BA0-0BBA-4D41-A191-9D7EE19CB8BE}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{8BBD3764-8099-4B36-85FF-A84B3EBE97B8}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{94248547-A1DB-480B-92C3-471DD911C839}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{9EDE0484-900C-4338-954C-178EDAFB6829}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{A0C416E6-E734-4D32-93FD-5D36A8D49B56}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{B38CF3DD-ADC5-4040-B69D-5D8B9CAB0DD9}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{CCBE715B-87ED-4B72-8D37-E67FCE4EA25E}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{EA49EFBC-D8DE-4ADD-B9F6-872FCB761F5B}
Successfully deleted: [Empty Folder] C:\Users\Jonesboy\appdata\local\{F25738DB-9761-4308-AF1C-0C1461B5944A}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 16/09/2014 at 9:08:14.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hope this is the right log from
Malwarebytes

<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/09/16 09:12:49 +1000</date>
<logfile>mbam-log-2014-09-16 (09-12-46).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.09.15.12</malware-database>
<rootkit-database>v2014.09.15.01</rootkit-database>
<license>premium</license>
<file-protection>enabled</file-protection>
<web-protection>enabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Jonesboy</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>361592</objects>
<time>791</time>
<processes>0</processes>
<modules>0</modules>
<keys>0</keys>
<values>0</values>
<datas>0</datas>
<folders>0</folders>
<files>2</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<file><path>C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage</path><vendor>PUP.Optional.Superfish.A</vendor><action>delete-on-reboot</action><hash>2cc68469225982b4d7682af13bc83bc5</hash></file>
<file><path>C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal</path><vendor>PUP.Optional.Superfish.A</vendor><action>success</action><hash>fcf6608d7308b77f93ac0b1029da7d83</hash></file>
</items>
</mbam-log>

ken545
2014-09-16, 02:55
Funny Malwarebytes log , but it looks like if found a few things and removed them

Go ahead and run a new scan with FRST, be sure to check Additions and post both logs please

TheJDawg
2014-09-16, 04:30
I think this is a better malwarbytes log. I will run FRST again and post logs shortly.
Thanks

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 16/09/2014
Scan Time: 9:42:57 AM
Logfile: malwarbytes 2014 09 16 01.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.15.12
Rootkit Database: v2014.09.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jonesboy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361650
Time Elapsed: 15 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, Quarantined, [faf8638a8fec181e9bcd6d1d49b97b85],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Superfish.A, C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [bc36f6f76615b18541fe70ab9d665da3],
PUP.Optional.Superfish.A, C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Delete-on-Reboot, [d31f05e8245768ce4bf4b16ad72c0000],

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-09-16, 04:44
Thanks, been a loooooooong day, be back in the am

TheJDawg
2014-09-16, 05:26
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Jonesboy (administrator) on JONESBOY-PC on 16-09-2014 11:50:36
Running from C:\Users\Jonesboy\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\ProgramData\DatacardService\DCService.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Interesting Solutions) C:\ProgramData\myXaturuft\ZGtfxyv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Suunto) C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\Moveslink2.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\system\cm106eye.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Interesting Solutions) C:\ProgramData\myXaturuft\dat\LRtGyBDdr.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11663976 2010-12-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2396968 2010-11-12] (Synaptics Incorporated)
HKLM\...\Run: [SynBtnAsst] => C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe [54568 2010-11-12] (Synaptics Incorporated)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-03-16] (Lenovo)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-24] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7069088 2010-09-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [Cm106Sound] => C:\windows\syswow64\RunDll32.exe C:\windows\Syswow64\cm106.dll,CMICtrlWnd
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [336384 2009-12-28] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [Lenovo SlideNav2] => C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe [318400 2009-12-30] (Lenovo)
HKLM-x32\...\Run: [Lenovo SplitScreen] => C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe [778592 2010-06-23] (Lenovo)
HKLM-x32\...\Run: [UCam_Menu] => c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-01] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Moveslink2] => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [852808 2014-09-04] (Google Inc.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Viber] => C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe [936656 2014-06-10] ()
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\RunOnce: [Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efb99-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {845efbab-e39f-11e1-8326-ec55f9ebde21} - E:\AutoRun.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {dfefbe99-e45d-11e1-bbcb-ec55f9ebde21} - E:\AutoRun.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\MountPoints2: {ff38db40-789b-11e1-aaf9-ec55f9ebde21} - E:\win\setup.exe -phs
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - {175023C8-9E2B-4397-A1BB-D91BB93ABDAD} URL = http://au.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {FFFFFEF0-5B30-21D4-945D-000000000000} -> C:\Program Files (x86)\Star Downloader\SDIEInt.dll ()
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: HKLM-x32 {12193C65-F0E1-4DD1-AD4E-DB73C6911011} file:///F:/activeX/DCP.cab
DPF: HKLM-x32 {7191F0AC-D686-46A8-BFCC-EA61778C74DD} file:///F:/activeX/aplugLiteDL.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF}: [NameServer] 198.142.0.51 61.88.88.88
Tcpip\..\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688}: [NameServer] 198.142.0.51 61.88.88.88

FireFox:
========
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: reconinstruments.com/Recon -> C:\Users\Jonesboy\AppData\Roaming\ReconInstruments\ReconUplink\1.0.2.1\npReconUplink.dll (Recon Instruments)
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-03-10]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> FB2353EF818E000C9EC1B1DDDF8F147F6788363B76B7D4A4E3563D81BDDA2FD4
CHR DefaultSearchURL: Default -> 3A93E825D69222AF67266526206B5617EC1F7F2100BD65E5D18A6E7AD7FEA498
CHR Profile: C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-02]
CHR Extension: (Google Drive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-02]
CHR Extension: (Google Search) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-02]
CHR Extension: (iCloud Bookmarks) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2013-09-24]
CHR Extension: (Skype Click to Call) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-07-03]
CHR Extension: (OneDrive) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (Desktop Client for Viber™) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\olamheimegmegknankiijehcgocchdph [2014-06-13]
CHR Extension: (Gmail) - C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-02]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-04] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [915232 2010-06-14] (Broadcom Corporation.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 DCService.exe; C:\ProgramData\DatacardService\DCService.exe [229376 2010-08-19] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8988048 2013-04-03] (DisplayLink Corp.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-22] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-05-22] (Ellora Assets Corp.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438104 2014-07-10] (Garmin Ltd or its subsidiaries)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43044512 2014-07-12] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Slidebar Notifier Service; C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [69568 2009-12-30] (Lenovo)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [380064 2014-07-12] (Microsoft Corporation)
R2 ZGtfxyv; C:\ProgramData\myXaturuft\ZGtfxyv.exe [2319728 2014-09-14] (Interesting Solutions)
S2 HPSLPSVC; C:\Users\Jonesboy\AppData\Local\Temp\7zS51CF\hpslpsvc64.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-04] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-04] ()
R3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [83968 2013-12-03] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R3 DisplayLinkUsbIo_x64; C:\Windows\System32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [44944 2013-04-10] ()
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [256000 2010-08-31] (Huawei Technologies Co., Ltd.)
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R3 JmUsbCcgp; C:\Windows\System32\DRIVERS\jmccgp.sys [17904 2010-02-06] (JMicron Technology Corp.)
R3 JmUsbVideo; C:\Windows\System32\Drivers\jmcam.sys [57072 2010-04-24] (JMicron Technology Corp.)
R3 JmUsbVideo2; C:\Windows\System32\Drivers\jmcam_lo.sys [31344 2010-04-24] (JMicron Technology Corp.)
S3 massfilter_lte; C:\windows\system32\drivers\massfilter_lte.sys [18456 2011-08-09] (HandSet Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 swg3kser00; C:\Windows\System32\DRIVERS\swg3kser00.sys [258432 2011-07-21] (Sierra Wireless Incorporated) [File not signed]
S3 swiwdmbx; C:\Windows\System32\DRIVERS\swiwdmbx64.sys [109312 2011-07-21] (Sierra Wireless Inc.) [File not signed]
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [249344 2011-07-21] (Sierra Wireless Inc.) [File not signed]
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc)
S3 DisplayLinkUsbPort; system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [X]
U2 IAStorDataMgrSvc; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 11:25 - 2014-09-16 11:25 - 00001585 _____ () C:\Users\Jonesboy\Desktop\malwarbytes 2014 09 16 01.txt
2014-09-16 09:08 - 2014-09-16 09:08 - 00004269 _____ () C:\Users\Jonesboy\Desktop\JRT.txt
2014-09-16 08:59 - 2014-09-16 08:59 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 08:55 - 2014-09-16 08:56 - 01016261 _____ (Thisisu) C:\Users\Jonesboy\Desktop\JRT.exe
2014-09-16 08:53 - 2014-09-16 08:53 - 00011042 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner[S0].txt
2014-09-16 08:50 - 2014-09-16 08:50 - 00000000 ____D () C:\ProgramData\Browser
2014-09-16 08:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-09-16 08:38 - 2014-09-16 08:43 - 00000000 ____D () C:\AdwCleaner
2014-09-16 08:35 - 2014-09-16 08:35 - 01373475 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner.exe
2014-09-16 08:19 - 2014-09-16 11:31 - 00002630 _____ () C:\windows\PFRO.log
2014-09-15 22:57 - 2014-09-15 22:57 - 00002298 _____ () C:\Users\Jonesboy\Desktop\aswMBR 1.txt
2014-09-15 22:01 - 2014-09-15 22:57 - 00000512 _____ () C:\Users\Jonesboy\Desktop\MBR.dat
2014-09-15 22:01 - 2014-09-15 22:01 - 00002202 _____ () C:\Users\Jonesboy\Desktop\aswMBR.txt
2014-09-15 21:27 - 2014-09-15 21:28 - 00059656 _____ () C:\Users\Jonesboy\Desktop\Addition.txt
2014-09-15 21:26 - 2014-09-16 11:50 - 00034202 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
2014-09-15 21:25 - 2014-09-16 11:50 - 00000000 ____D () C:\FRST
2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-15 20:59 - 2014-09-15 21:14 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 20:32 - 2014-09-16 11:32 - 00000280 _____ () C:\windows\setupact.log
2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-14 08:41 - 2014-09-14 08:42 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-09-14 08:30 - 2014-09-15 19:14 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-09-14 08:30 - 2014-09-15 19:03 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-09-14 08:30 - 2014-08-25 12:14 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
2014-09-14 08:29 - 2014-09-16 08:35 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 17:51 - 2014-09-13 17:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
2014-09-10 15:54 - 2014-08-20 04:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-10 15:54 - 2014-08-20 03:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-10 15:54 - 2014-08-19 09:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-10 15:54 - 2014-08-19 08:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-10 15:54 - 2014-08-19 08:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-10 15:54 - 2014-08-19 08:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-10 15:54 - 2014-08-19 08:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-10 15:54 - 2014-08-19 08:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-10 15:54 - 2014-08-19 08:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-10 15:54 - 2014-08-19 08:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-10 15:54 - 2014-08-19 08:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-10 15:54 - 2014-08-19 08:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-10 15:54 - 2014-08-19 08:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-10 15:54 - 2014-08-19 08:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-10 15:54 - 2014-08-19 08:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-10 15:54 - 2014-08-19 07:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-10 15:54 - 2014-08-19 07:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:54 - 2014-08-19 07:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-10 15:54 - 2014-08-19 07:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-10 15:54 - 2014-08-19 07:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:54 - 2014-08-19 07:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-10 15:54 - 2014-08-19 07:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-10 15:54 - 2014-08-19 07:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-10 15:54 - 2014-08-19 07:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-10 15:54 - 2014-08-19 07:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-10 15:54 - 2014-08-19 07:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-10 15:54 - 2014-08-19 07:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-10 15:54 - 2014-08-19 07:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-10 15:54 - 2014-08-19 07:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-10 15:54 - 2014-08-19 07:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-10 15:54 - 2014-08-19 07:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-10 15:54 - 2014-08-19 07:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-10 15:54 - 2014-08-19 07:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-10 15:54 - 2014-08-19 07:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-10 15:54 - 2014-08-19 07:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-10 15:54 - 2014-08-19 07:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 15:54 - 2014-08-19 07:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-10 15:54 - 2014-08-19 07:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-10 15:54 - 2014-08-19 07:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-10 15:54 - 2014-08-19 07:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-10 15:54 - 2014-08-19 07:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-10 15:54 - 2014-08-19 06:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-10 15:54 - 2014-08-19 06:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-10 15:53 - 2014-08-19 08:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-10 15:53 - 2014-08-19 08:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-10 15:53 - 2014-08-19 08:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-10 15:53 - 2014-08-19 08:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-10 15:53 - 2014-08-19 07:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-10 15:53 - 2014-08-19 07:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-10 15:53 - 2014-08-19 07:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-10 15:53 - 2014-08-19 07:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-10 15:53 - 2014-08-19 07:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-10 15:53 - 2014-08-19 07:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-10 15:53 - 2014-08-19 06:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-10 15:53 - 2014-08-19 06:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-10 15:53 - 2014-08-19 06:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-10 15:43 - 2014-06-27 12:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-10 15:43 - 2014-06-27 11:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 15:41 - 2014-08-01 21:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 15:41 - 2014-08-01 21:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 15:41 - 2014-07-07 12:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 15:41 - 2014-07-07 12:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 15:41 - 2014-07-07 11:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 15:41 - 2014-07-07 11:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 15:41 - 2014-07-07 11:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-10 15:41 - 2014-06-24 13:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 15:41 - 2014-06-24 12:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 15:40 - 2014-09-05 12:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-10 15:40 - 2014-09-05 12:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-08-29 12:38 - 2014-08-23 12:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-29 12:38 - 2014-08-23 11:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-29 12:38 - 2014-08-23 10:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 01:54 - 2014-05-15 02:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-08-22 01:54 - 2014-05-15 02:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-08-22 01:54 - 2014-05-15 02:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-08-22 01:54 - 2014-05-15 02:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-08-22 01:53 - 2014-05-15 02:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-08-22 01:53 - 2014-05-15 02:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-08-22 01:53 - 2014-05-15 02:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-08-22 01:53 - 2014-05-14 12:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-08-22 01:53 - 2014-05-14 12:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-08-22 01:53 - 2014-05-14 12:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-08-22 01:53 - 2014-05-14 12:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-18 18:54 - 2014-09-13 17:22 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 11:50 - 2014-09-15 21:26 - 00034202 _____ () C:\Users\Jonesboy\Desktop\FRST.txt
2014-09-16 11:50 - 2014-09-15 21:25 - 00000000 ____D () C:\FRST
2014-09-16 11:47 - 2014-06-13 13:55 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\ViberPC
2014-09-16 11:47 - 2013-07-02 18:28 - 00004998 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC
2014-09-16 11:47 - 2012-07-28 18:09 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Deployment
2014-09-16 11:46 - 2014-06-13 13:40 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Viber
2014-09-16 11:46 - 2014-05-25 22:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 11:46 - 2013-01-22 11:01 - 00000354 _____ () C:\windows\Tasks\ROC_JAN2013_TB_rmv.job
2014-09-16 11:46 - 2012-02-15 21:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 11:42 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 11:42 - 2009-07-14 14:45 - 00022464 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 11:39 - 2014-05-18 12:32 - 01465087 _____ () C:\windows\WindowsUpdate.log
2014-09-16 11:36 - 2012-04-02 21:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-16 11:35 - 2012-02-15 21:17 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 11:32 - 2014-09-15 20:32 - 00000280 _____ () C:\windows\setupact.log
2014-09-16 11:32 - 2009-07-14 15:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-16 11:31 - 2014-09-16 08:19 - 00002630 _____ () C:\windows\PFRO.log
2014-09-16 11:25 - 2014-09-16 11:25 - 00001585 _____ () C:\Users\Jonesboy\Desktop\malwarbytes 2014 09 16 01.txt
2014-09-16 09:35 - 2012-06-19 17:53 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Skype
2014-09-16 09:08 - 2014-09-16 09:08 - 00004269 _____ () C:\Users\Jonesboy\Desktop\JRT.txt
2014-09-16 08:59 - 2014-09-16 08:59 - 00000000 ____D () C:\windows\ERUNT
2014-09-16 08:56 - 2014-09-16 08:55 - 01016261 _____ (Thisisu) C:\Users\Jonesboy\Desktop\JRT.exe
2014-09-16 08:53 - 2014-09-16 08:53 - 00011042 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner[S0].txt
2014-09-16 08:50 - 2014-09-16 08:50 - 00000000 ____D () C:\ProgramData\Browser
2014-09-16 08:43 - 2014-09-16 08:38 - 00000000 ____D () C:\AdwCleaner
2014-09-16 08:35 - 2014-09-16 08:35 - 01373475 _____ () C:\Users\Jonesboy\Desktop\AdwCleaner.exe
2014-09-16 08:35 - 2014-09-14 08:29 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\InstaShare
2014-09-15 23:11 - 2012-02-27 00:51 - 00000000 ____D () C:\Users\Jonesboy\Documents\Outlook Files
2014-09-15 22:57 - 2014-09-15 22:57 - 00002298 _____ () C:\Users\Jonesboy\Desktop\aswMBR 1.txt
2014-09-15 22:57 - 2014-09-15 22:01 - 00000512 _____ () C:\Users\Jonesboy\Desktop\MBR.dat
2014-09-15 22:01 - 2014-09-15 22:01 - 00002202 _____ () C:\Users\Jonesboy\Desktop\aswMBR.txt
2014-09-15 21:28 - 2014-09-15 21:27 - 00059656 _____ () C:\Users\Jonesboy\Desktop\Addition.txt
2014-09-15 21:25 - 2014-09-15 21:25 - 05185536 _____ (AVAST Software) C:\Users\Jonesboy\Desktop\aswMBR.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 02105856 _____ (Farbar) C:\Users\Jonesboy\Desktop\FRST64.exe
2014-09-15 21:24 - 2014-09-15 21:24 - 00000207 _____ () C:\windows\tweaking.com-regbackup-JONESBOY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-09-15 21:23 - 2014-09-15 21:23 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\RegBackup
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-15 21:23 - 2014-09-15 21:23 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-09-15 21:22 - 2014-09-15 21:22 - 04057608 _____ () C:\Users\Jonesboy\Desktop\tweaking.com_registry_backup_setup.exe
2014-09-15 21:14 - 2014-09-15 20:59 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-15 21:09 - 2012-04-22 20:24 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Files
2014-09-15 20:32 - 2014-09-15 20:32 - 00000000 _____ () C:\windows\setuperr.log
2014-09-15 19:55 - 2012-02-22 14:09 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-09-15 19:55 - 2011-03-16 04:31 - 00000000 ____D () C:\ProgramData\Temp
2014-09-15 19:53 - 2012-11-22 09:59 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-09-15 19:48 - 2012-02-22 17:45 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\PhotoScape
2014-09-15 19:26 - 2014-09-15 19:26 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jonesboy\Downloads\revosetup.exe
2014-09-15 19:26 - 2014-09-15 19:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-15 19:15 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\IME
2014-09-15 19:14 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files\Common Files\PicRec
2014-09-15 19:03 - 2014-09-14 08:30 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-09-15 18:46 - 2012-02-15 00:12 - 00002038 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-15 18:45 - 2014-09-15 18:45 - 00002096 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-09-15 18:45 - 2012-07-07 17:13 - 00002038 _____ () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-15 18:45 - 2012-02-15 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-15 17:02 - 2014-09-15 17:02 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\speed browser
2014-09-15 17:01 - 2014-09-15 17:01 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-15 12:07 - 2012-08-10 15:22 - 00000000 ____D () C:\Program Files (x86)\Hubb Investor
2014-09-15 11:33 - 2012-07-07 21:50 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-14 08:42 - 2014-09-14 08:41 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\CutePDF Writer
2014-09-14 08:32 - 2014-09-14 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-09-14 08:29 - 2014-09-14 08:29 - 00000000 ____D () C:\ProgramData\myXaturuft
2014-09-13 22:10 - 2012-02-23 20:36 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\vlc
2014-09-13 21:39 - 2012-02-19 08:58 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Anti Virus
2014-09-13 21:23 - 2012-03-04 23:33 - 00001999 _____ () C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2014-09-13 20:49 - 2009-07-14 15:32 - 00000000 ____D () C:\windows\Performance
2014-09-13 18:20 - 2014-03-29 00:37 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Tax Docs
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-09-13 17:52 - 2014-09-13 17:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iTunes
2014-09-13 17:52 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-13 17:51 - 2014-09-13 17:51 - 00000000 ____D () C:\Program Files\iPod
2014-09-13 17:22 - 2014-08-18 18:54 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Adobe
2014-09-11 19:14 - 2009-07-14 13:20 - 00000000 ____D () C:\windows\rescache
2014-09-10 19:36 - 2012-04-02 21:34 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 19:36 - 2012-04-02 21:34 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 19:36 - 2012-03-05 22:07 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 16:58 - 2012-02-19 08:56 - 00000000 ____D () C:\Users\Jonesboy\AppData\Roaming\Adobe
2014-09-10 15:51 - 2013-07-15 18:18 - 00000000 ____D () C:\windows\system32\MRT
2014-09-10 15:44 - 2012-02-15 16:56 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-10 15:42 - 2014-04-24 19:45 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-08 22:15 - 2012-10-18 22:44 - 00000000 ____D () C:\Users\Jonesboy\Downloads\YTD
2014-09-08 18:41 - 2012-08-10 10:38 - 00000000 ___RD () C:\Users\Jonesboy\SkyDrive
2014-09-08 15:25 - 2009-07-14 15:13 - 00006620 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-05 12:10 - 2014-09-10 15:40 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 12:05 - 2014-09-10 15:40 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-04 09:14 - 2012-06-19 17:53 - 00000000 ____D () C:\ProgramData\Skype
2014-09-04 09:13 - 2014-09-04 09:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-04 09:13 - 2012-06-19 17:53 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-08-31 21:51 - 2014-03-28 23:44 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Pt Cook
2014-08-29 12:54 - 2009-07-14 14:45 - 00437128 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-29 10:29 - 2014-06-22 00:30 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-08-27 11:55 - 2012-02-22 17:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-08-25 12:14 - 2014-09-14 08:30 - 00049880 _____ (Windows (R) Win 7 DDK provider) C:\windows\system32\Drivers\netmon_wfp.sys
2014-08-23 22:20 - 2013-10-18 01:15 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll
2014-08-23 22:20 - 2013-10-18 01:15 - 00000000 ____D () C:\Program Files\Java
2014-08-23 22:16 - 2012-03-04 17:32 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-23 22:14 - 2013-10-01 20:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-23 12:07 - 2014-08-29 12:38 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 11:45 - 2014-08-29 12:38 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 10:59 - 2014-08-29 12:38 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-22 01:50 - 2012-02-15 21:03 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Apple
2014-08-20 22:02 - 2012-03-05 09:52 - 00000000 ____D () C:\Users\Jonesboy\AppData\Local\Windows Live
2014-08-20 04:05 - 2014-09-10 15:54 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-20 03:39 - 2014-09-10 15:54 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-20 01:05 - 2014-08-20 01:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-08-19 22:03 - 2014-01-26 21:30 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Run Swim Ride
2014-08-19 09:01 - 2014-09-10 15:54 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 08:29 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-19 08:29 - 2014-09-10 15:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-19 08:26 - 2014-09-10 15:53 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-19 08:20 - 2014-09-10 15:53 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-19 08:19 - 2014-09-10 15:53 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-19 08:15 - 2014-09-10 15:54 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-19 08:15 - 2014-09-10 15:54 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-19 08:14 - 2014-09-10 15:54 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-19 08:14 - 2014-09-10 15:54 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-19 08:08 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-19 08:08 - 2014-09-10 15:54 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-19 08:08 - 2014-09-10 15:53 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-19 08:05 - 2014-09-10 15:54 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-19 08:03 - 2014-09-10 15:54 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-19 08:03 - 2014-09-10 15:54 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-19 08:03 - 2014-09-10 15:54 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-19 07:57 - 2014-09-10 15:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-19 07:56 - 2014-09-10 15:54 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-19 07:51 - 2014-09-10 15:54 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-19 07:46 - 2014-09-10 15:54 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-19 07:45 - 2014-09-10 15:54 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 07:45 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-19 07:44 - 2014-09-10 15:54 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-19 07:44 - 2014-09-10 15:54 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-19 07:42 - 2014-09-10 15:53 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-19 07:40 - 2014-09-10 15:54 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-19 07:39 - 2014-09-10 15:54 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-19 07:39 - 2014-09-10 15:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-19 07:39 - 2014-09-10 15:54 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-19 07:38 - 2014-09-10 15:54 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-19 07:37 - 2014-09-10 15:54 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-19 07:36 - 2014-09-10 15:54 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-19 07:35 - 2014-09-10 15:54 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-19 07:27 - 2014-09-10 15:54 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-19 07:25 - 2014-09-10 15:54 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-19 07:25 - 2014-09-10 15:54 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-19 07:23 - 2014-09-10 15:54 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-19 07:23 - 2014-09-10 15:53 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-19 07:22 - 2014-09-10 15:54 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 07:19 - 2014-09-10 15:54 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-19 07:17 - 2014-09-10 15:54 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-19 07:17 - 2014-09-10 15:54 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-19 07:16 - 2014-09-10 15:53 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-19 07:15 - 2014-09-10 15:53 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-19 07:15 - 2014-09-10 15:53 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-19 07:09 - 2014-09-10 15:54 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-19 07:08 - 2014-09-10 15:53 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-19 07:07 - 2014-09-10 15:54 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-19 06:55 - 2014-09-10 15:53 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-19 06:46 - 2014-09-10 15:53 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-19 06:38 - 2014-09-10 15:54 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-19 06:38 - 2014-09-10 15:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-19 06:36 - 2014-09-10 15:54 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-18 00:39 - 2014-07-12 18:14 - 00000000 ___RD () C:\Users\Jonesboy\Desktop\Go Pro

Files to move or delete:
====================
C:\ProgramData\Setup.exe


Some content of TEMP:
====================
C:\Users\Jonesboy\AppData\Local\Temp\HitmanPro.exe
C:\Users\Jonesboy\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 10:13

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-16 11:51:13
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AceBackup 3 (HKLM-x32\...\{87B60A11-AA9E-43FE-A68F-B3C4F80F7D2F}) (Version: 3.0.2 - AceBIT)
Acrobat.com (HKLM-x32\...\{77DCDCE3-2DED-62F3-8154-05E745472D07}) (Version: 1.1.377 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{26D103BC-A153-B74C-CA98-8F0A66EF6041}) (Version: 3.0.786.0 - ATI Technologies, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
AX88772A & AX88772 Vista 64-bit Driver (HKLM-x32\...\InstallShield_{663451CD-7556-46FF-9EDA-45A50AEA658C}) (Version: 3.10.234.13 - ASIX Electronics Corporation)
AX88772A & AX88772 Vista 64-bit Driver (x32 Version: 3.10.234.13 - ASIX Electronics Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.2.4.2 - Broadcom Corporation)
Business Contact Manager for Microsoft Outlook 2010 (HKLM-x32\...\Business Contact Manager) (Version: 4.0.11308.0 - Microsoft Corporation)
Business Contact Manager for Microsoft Outlook 2010 (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MOV Decoder (HKLM-x32\...\Canon MOV Decoder) (Version: 1.8.0.7 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.6.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.7.0.4 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Digital Photo Professional (HKLM-x32\...\Digital Photo Professional) (Version: 3.12.52.0 - Canon Inc.)
Canon Utilities EOS Sample Music (HKLM-x32\...\EOS Sample Music) (Version: 1.0.0.204 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.12.3.1 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities Movie Uploader for YouTube (HKLM-x32\...\MovieUploaderForYouTube) (Version: 1.2.0.7 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.9.0.0 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.7.0.24 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.5.0.9 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0727.2126.36625 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help English (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help French (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help German (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0727.2125.36625 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0727.2126.36625 - ATI) Hidden
ccc-utility64 (Version: 2010.0727.2126.36625 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.2603 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.0.2603 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisplayLink Core Software (HKLM\...\{A0A51EB5-5C6C-4588-816A-D6990B79F298}) (Version: 7.2.47157.0 - DisplayLink Corp.)
DisplayLink Graphics (HKLM\...\{B76E347A-DFF5-4CD7-88D5-7F947BC75D41}) (Version: 7.0.43577.0 - DisplayLink Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)
dynadock Utility_II (HKLM\...\{F6D91449-5BB1-4F5D-9565-CA1E7EB961CD}) (Version: 2.1.1.0.64 - TOSHIBA Corporation)
Elevated Installer (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.2.2 - Lenovo)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.0 - Ellora Assets Corporation)
Full DVD Ripper 9 Free (HKLM-x32\...\{DA5931FD-7F75-49CA-A405-85D230DE29D8}_is1) (Version: - Full DVD Studio)
Garmin BaseCamp (HKLM-x32\...\{F487FEEC-AE9F-4E68-82F2-300F49A8C435}) (Version: 4.2.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{ac22014a-a254-43b9-9cc0-e87cf9c7e18a}) (Version: 3.2.13.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.13.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM-x32\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoPro Studio 2.0.1 (HKLM-x32\...\GoPro Studio) (Version: 2.0.1 - WoodmanLabs Inc. d.b.a. GoPro)
Hubb Investor (HKLM-x32\...\Hubb Investor) (Version: - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 11 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418011FF}) (Version: 8.0.110 - Oracle Corporation)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.41.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.4.6 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.4.6 - )
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.2400 - Broadcom Corporation)
Lenovo DirectShare (HKLM-x32\...\InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}) (Version: 1.0.1.38 - ArcSoft)
Lenovo DirectShare (x32 Version: 1.0.1.38 - ArcSoft) Hidden
Lenovo EasyCamera (HKLM-x32\...\{F5608FF7-17C0-440A-80C7-29C48363BD87}) (Version: 1.0.9.4 - Suyin Optronics Corp.)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo MuteSync (HKLM-x32\...\InstallShield_{2955FADE-ADED-44AD-A853-D1EAEA7ACAD5}) (Version: 1.0.0.2 - Lenovo)
Lenovo MuteSync (x32 Version: 1.0.0.2 - Lenovo) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1230 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1230 - CyberLink Corp.) Hidden
Lenovo SlideNav (HKLM-x32\...\Lenovo SlideNav2) (Version: 2.0.1230.0003 - Lenovo)
Lenovo SplitScreen (HKLM-x32\...\Lenovo SplitScreen) (Version: 1.00.1823.0001 - Lenovo)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4641.1003 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (HKLM-x32\...\{95140000-007D-0409-0000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (x32 Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Native Client (HKLM\...\{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{5D60AB1A-2409-4829-83D4-0972856D885A}) (Version: 10.3.5520.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010) (x32 Version: 4.0.11308.0 - Microsoft Corporation) Hidden
More Add-in (HKLM-x32\...\{F522CEC8-CBF8-4733-9344-563D322E25E1}) (Version: 4.2.0 - MoreAddin)
Moveslink2 (HKCU\...\ad9740b1426036fe) (Version: 1.2.9.4693 - Suunto)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MP3 Rocket (HKLM-x32\...\MP3 Rocket) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4641.1003 - Microsoft Corporation) Hidden
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.6 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.6 - Lenovo) Hidden
Optus Mobile Broadband (HKLM-x32\...\Optus Mobile Broadband) (Version: 16.002.10.01.432 - Huawei Technologies Co.,Ltd)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PhotoStage Slideshow Producer (HKLM-x32\...\PhotoStage) (Version: 2.24 - NCH Software)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.6903 - CyberLink Corp.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6121 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6265 - Realtek Semiconductor Corp.)
ReconUplink (HKLM-x32\...\{D2EBF10F-4746-4994-BF85-5964ED9AB9A5}) (Version: 1.0.2.1 - Recon Instruments)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.0.12104_15 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14083.9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM-x32\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sql Server Customer Experience Improvement Program (x32 Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Star Downloader Free (HKLM-x32\...\Star Downloader Free) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.20.53 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TOSHIBA dynadock (HKLM\...\{3933FB5F-85F6-4D24-A663-0D376CA05D90}) (Version: 4.5.14974.0 - TOSHIBA Corporation)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
USB Multi-Channel Audio Device (HKLM-x32\...\Generic USB 106 Sound) (Version: - )
Viber (HKCU\...\Viber) (Version: 3.0.0.134678 - Viber Media Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Broadcom (BTHUSB) Bluetooth (04/08/2010 6.3.5.430) (HKLM\...\DE7217D2A8B057F15EC6E52329FDAB84231521E8) (Version: 04/08/2010 6.3.5.430 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
YTD Video Downloader 3.9.6 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 3.9.6 - GreenTree Applications SRL)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3601747211-198960775-3737481478-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)

==================== Restore Points =========================

02-09-2014 00:12:31 Windows Update
07-09-2014 11:21:30 Windows Update
08-09-2014 11:11:51 Installed Samsung Kies3
10-09-2014 05:42:19 Windows Update
14-09-2014 07:02:39 Windows Update
15-09-2014 08:46:31 Removed PicRec (x86)
15-09-2014 08:48:21 Removed PicRec (x86)
15-09-2014 09:28:01 Revo Uninstaller's restore point - InstaShare
15-09-2014 09:49:20 Revo Uninstaller's restore point - Bing Desktop
15-09-2014 11:13:34 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 12:34 - 2014-09-15 21:08 - 00450770 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0E565558-BC0D-4DA0-AD83-1F6E717DAC64} - System32\Tasks\{8653835D-03A1-4CC8-909A-285E036CB7AD} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.10.0.116&amp;LastError=0
Task: {24A6AB29-40C9-40A1-8FEE-389792A623C4} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {2EBD4A33-07B1-41EC-A28F-79ED90CB1848} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-07-10] ()
Task: {345CC3E1-A5D3-4F6F-A4A4-70BC03338845} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-01] (Microsoft Corporation)
Task: {3CA9C9C8-8A3E-4BA5-B121-B596EE02C559} - System32\Tasks\{4D9FBE05-3A90-4892-A19A-CEF2CED8137F} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {453218D4-6179-4C01-8C1B-4AFF7774811E} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Jonesboy-PC-Jonesboy Jonesboy-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-08-27] (Microsoft Corporation)
Task: {49399536-52DB-486E-AF9C-41E909330979} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-08-27] (Microsoft Corporation)
Task: {4D20A384-F7F7-4028-B7D5-D4FA2C72242B} - System32\Tasks\{4109FCE8-B55C-4BD3-9B73-CD0BF3B4C7D6} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {5F3EBEE2-5768-4836-8667-DD87DA02646B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {615899FB-6231-44E4-8883-FC4FD8B31CBB} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {672D6D2C-0BA4-4A6C-8EE2-018289B8602C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: {68D0EB38-394E-4C96-B903-575D24E114AA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {6A1803A4-EB8A-49F3-A864-F35B32CD8201} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7D96CFB1-CBDA-49E0-801C-58D922F2F1DA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {7DBB66B2-B6BC-4792-9D06-49441D499C16} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {7E7B4D0B-B2EC-4AE4-AE60-4196E6847FD4} - System32\Tasks\{5C69CC98-2842-4857-B783-164F24FC0344} => Chrome.exe http://ui.skype.com/ui/0/6.0.0.126/en/go/help.faq.installer?LastError=1603
Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {9760B92A-420C-48CA-B7B9-54074AE48896} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-27] (Microsoft Corporation)
Task: {9E1E0B6F-CE97-4D06-9DE1-FBA233A528C3} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {A5CA1764-E513-408D-A3E4-F93809AE8189} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE2A720F-EE38-4928-82F0-852934809CB7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)
Task: {BC042629-8A25-4F0F-BD78-CBC955EDC851} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {C85C4CA9-A503-4158-88E9-0D58220FF9A8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {FEAFB85C-231B-4DFF-B67B-28050E562C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\BCK1 7 July 2013.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
Task: C:\windows\Tasks\BCK2 13 07 13.job => C:\Program Files (x86)\AceBIT\AceBackup 3\AceBackup.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (whitelisted) =============

2014-06-22 00:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2010-08-19 18:52 - 2010-08-19 18:52 - 00229376 _____ () C:\ProgramData\DatacardService\DCService.exe
2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-10-19 00:50 - 2010-10-19 00:50 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-10-19 00:52 - 2010-10-19 00:52 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2011-03-16 04:28 - 2011-03-16 04:28 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2011-03-16 04:44 - 2009-07-16 01:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2014-06-13 13:55 - 2014-06-10 14:25 - 00936656 _____ () C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe
2012-03-04 09:58 - 2008-05-20 20:18 - 00221184 _____ () C:\windows\system\Cm106eye.exe
2010-08-26 23:47 - 2010-08-26 23:47 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-28 06:25 - 2010-07-28 06:25 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-04 18:20 - 2014-07-04 18:20 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-16 08:23 - 2014-09-16 08:23 - 02862592 _____ () C:\Program Files\AVAST Software\Avast\defs\14091501\algo.dll
2014-01-20 12:17 - 2014-01-20 12:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 12:16 - 2014-01-20 12:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-04 19:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-07-04 19:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-07-04 19:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-07-04 19:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-07-04 19:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-08-27 10:48 - 2014-08-27 10:48 - 08892576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2010-10-19 00:46 - 2010-10-19 00:46 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-10-19 00:49 - 2010-10-19 00:49 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2014-09-16 11:46 - 2014-09-16 11:46 - 01186160 _____ () C:\ProgramData\myXaturuft\dat\RyCHUlOsx.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 22593536 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libViber.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00737280 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libGLESv2.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00098304 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\qfacebook.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00049152 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\libEGL.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00860160 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\platforms\qwindows.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qgif.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00024576 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qico.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00204800 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qjpeg.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00221184 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qmng.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qsvg.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtga.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00311296 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qtiff.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00016384 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\imageformats\qwbmp.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00622592 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\sqldrivers\qsqlite.dll
2014-08-01 09:56 - 2014-08-01 09:56 - 00032768 _____ () C:\Users\Jonesboy\AppData\Local\Viber\4.2.2.6\iconengines\qsvgicon.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-09-13 16:37 - 2014-09-04 13:01 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
2014-09-13 16:37 - 2014-09-04 13:01 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
2014-09-04 09:12 - 2014-09-04 09:12 - 07248384 _____ () C:\Users\Jonesboy\AppData\Local\Apps\2.0\J3GJB57M.PLP\OXTB5DWT.DJK\move..tion_3ccae3cb2a36e2f5_0001.0002_a975bf06beb701f6\BLLWrapper.DLL
2014-09-13 16:37 - 2014-09-04 13:01 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
2014-09-13 16:37 - 2014-09-04 13:01 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
2014-09-13 16:37 - 2014-09-04 13:01 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
2012-03-04 09:58 - 2006-09-13 15:08 - 00491520 _____ () C:\windows\system\CmAu106.dll
2014-07-04 18:20 - 2014-07-04 18:20 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-22 00:32 - 2014-06-22 00:32 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-09-13 16:37 - 2014-09-04 13:01 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\ProgramData\Temp:5C321E34

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CineForm Status.lnk => C:\windows\pss\CineForm Status.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^My Place.lnk => C:\windows\pss\My Place.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\windows\pss\EvernoteClipper.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Jonesboy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HTC Sync Loader => "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
MSCONFIG\startupreg: iCloudServices => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: Moveslink2 => C:\Users\Jonesboy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Suunto\Moveslink2.appref-ms -auto
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: ooVoo.exe => C:\program files (x86)\oovoo\oovoo.exe /minimized
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: SkyDrive => "C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spybot-S&D Cleaning => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
MSCONFIG\startupreg: TosDockApp => C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
MSCONFIG\startupreg: Viber => "C:\Users\Jonesboy\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: YouCam Mirror Tray icon => "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: NetGroup Packet Filter Driver
Description: NetGroup Packet Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: npf
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2014 11:37:04 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/16/2014 11:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FreemakeUtilsService.exe, version: 1.0.0.0, time stamp: 0x537d973e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434352
Fault offset: 0x0000c42d
Faulting process id: 0x8f0
Faulting application start time: 0xFreemakeUtilsService.exe0
Faulting application path: FreemakeUtilsService.exe1
Faulting module path: FreemakeUtilsService.exe2
Report Id: FreemakeUtilsService.exe3

Error: (09/16/2014 11:34:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
at System.Management.ManagementScope.InitializeGuts(System.Object)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetLoggedOnUsersList()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.CollectInformation()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 09:33:34 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: The log scan number (88:224:1) passed to log scan in database 'model' is not valid. This error may indicate data corruption or that the log file (.ldf) does not match the data file (.mdf). If this error occurred during replication, re-create the publication. Otherwise, restore from backup if the problem results in a failure during startup.

Error: (09/16/2014 09:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 37.0.2062.120, time stamp: 0x5407bf0e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x1f40
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3


System errors:
=============
Error: (09/16/2014 11:37:14 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The HP Network Devices Support service terminated with the following error:
%%126

Error: (09/16/2014 11:37:04 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The SQL Server (MSSMLBIZ) service terminated with service-specific error %%3414.

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

Error: (09/16/2014 11:36:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (09/16/2014 11:37:04 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/16/2014 11:35:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FreemakeUtilsService.exe1.0.0.0537d973eKERNELBASE.dll6.1.7601.1840953159a86e04343520000c42d8f001cfd14e2e9c22ffC:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exeC:\windows\syswow64\KERNELBASE.dllb1702ed7-3d41-11e4-801b-001c7e554ab6

Error: (09/16/2014 11:34:53 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: FreemakeUtilsService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.COMException
Stack:
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32, IntPtr)
at System.Runtime.InteropServices.Marshal.ThrowExceptionForHR(Int32)
at System.Management.ManagementScope.InitializeGuts(System.Object)
at System.Management.ManagementScope.Initialize()
at System.Management.ManagementObjectSearcher.Initialize()
at System.Management.ManagementObjectSearcher.Get()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.GetLoggedOnUsersList()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.CollectInformation()
at FreemakeUtilsService.Common.ToolbarInstallationChecker.CheckInfo(FreemakeUtilsService.Common.FreemakeToolbarsInfo)
at FreemakeUtilsService.Statistics.Manager.StartToolbarInfoCheck()
at FreemakeUtilsService.Statistics.Manager.SettingsSyncFailed(System.Object, System.EventArgs)
at FreemakeUtilsService.Common.Synchronizer.OnWorkerCompleted(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(System.Object)
at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (09/16/2014 09:33:34 AM) (Source: MSSQL$MSSMLBIZ) (EventID: 9003) (User: )
Description: (88:224:1)model

Error: (09/16/2014 09:16:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe37.0.2062.1205407bf0entdll.dll6.1.7601.18247521ea8e7c0000374000ce7531f4001cfd13a0b8e82f9C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\windows\SysWOW64\ntdll.dll4e2d2f36-3d2e-11e4-bf4a-001c7e554ab6


CodeIntegrity Errors:
===================================
Date: 2014-09-16 11:47:08.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 11:47:07.842
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 11:46:57.773
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 11:46:57.292
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 09:35:28.974
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 09:35:28.560
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 09:34:59.693
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 09:34:58.950
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 08:53:23.187
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-09-16 08:53:22.779
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 37%
Total physical RAM: 8172.58 MB
Available physical RAM: 5081.93 MB
Total Pagefile: 16343.34 MB
Available Pagefile: 12518.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:653 GB) (Free:54.4 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:30.69 GB) (Free:28.52 GB) NTFS
Drive e: (Seagate Expansion Drive) (Fixed) (Total:2794.51 GB) (Free:2140.09 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5EE4C6C4)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=653 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

==================== End Of Log ============================

ken545
2014-09-16, 06:56
Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.



Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.



How is your system behaving now, still getting pop ups from Instashare ??

TheJDawg
2014-09-16, 17:32
No change. Instashare pop ups still there. Thanks


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-17 00:16:08 Run:1
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Hosts:
EmptyTemp:
End
*****************

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 413.1 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

ken545
2014-09-16, 17:37
OK, not seeing it on your logs and also I dont see it in Programs and Features to uninstall it

What browsers are the pops on , all three, IE, Firefox and Chrome ?

TheJDawg
2014-09-16, 17:46
It's in both Google and IE. Don't think I have Firefox that I know of.

I used a program Revo Uninstaller to remove Insta Share (which may have exacerbated the problem) and normal windows uninstaller wouldn't work.

ken545
2014-09-16, 18:00
Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons from the dropdown list
In this window you can manage the Internet Explorer add-ons
Click on Search Providers
Click on the option Toolbars and Extensions on left side of the window.
Then click on the malicious items te remove Instashare
Make Google you default
Close IE and then open it again and see if Instashare is gone


If this dont work then lets set IE back to default


Open IE
Go to Tools> Internet Options > Advanced Tab
Reset Internet Explorer Setting
Reset
This will take a few seconds
Close IE and then reopen it and see if it helped









Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Then Manage Search Engines
Highlite Instashare and select Delete



Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on Settings
Open a specific page or set of pages.
Set Pages
Remove Instashare if present
You can copy and paste the url from a page you like or if you have that page open select use current
OK your way out and close chome.
Reopen Chrome and make sure your start page is the one you want





Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Locate the Privacy Section, select Content Settings
In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
Locate the following plug-ins and set them to Disable:Instashare
Exit Chrome settings menu.




Open Chrome
Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Click on History
Click on Clear Browsing History
Check
1. Browsing History
2. Cookies and Site Plug Ins
3. Cached Images and Files
Then ok your way out and close Chrome



If no luck then lets set Chome back to factory defaults


Click the Chrome menu http://i24.photobucket.com/albums/c30/ken545/Clipboard01_zps2e55f676.jpgon the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Down on the bottom you will see an option for RESET BROWSER SETTINGS
Click on it and it will set Chome back to defaults

TheJDawg
2014-09-16, 18:39
Unfortunately non of that worked. Didn't find Insta Share in any of the areas specified either.

ken545
2014-09-16, 18:52
Open up FRST and paste this into the search box

Insta Share

Then click on Search Files

Post the log please

TheJDawg
2014-09-17, 04:20
Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-17 11:12:24
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal

================== Search Files: "Insta Share" =============

====== End Of Search ======

TheJDawg
2014-09-17, 05:16
An auto Malwarbytes Log after an auto scan. Still infected though.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 17/09/2014
Scan Time: 11:51:00 AM
Logfile: Malwarbytes 17092014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.16.09
Rootkit Database: v2014.09.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jonesboy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 360307
Time Elapsed: 10 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.WebSteroids.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}, , [9ebb618dc1bae6502113523957abf709],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.Superfish.A, C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, , [9ebb65893f3cdf57d89bee2e6f9443bd],
PUP.Optional.Superfish.A, C:\Users\Jonesboy\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, , [88d121cda0db66d0274c74a8d033b947],

Physical Sectors: 0
(No malicious items detected)


(end)

ken545
2014-09-17, 10:20
Lets try this

Download Avast-browser-cleanup (http://files.avast.com/files/tools/avast-browser-cleanup.exe) to your desktop


There is nothing to install, just right click on it and Run As Adminstrator
When its finished scanning it will list Browser Add ONs
If if finds Insta Share or any other bogus toolbars
Just high light them and select REMOVE
Close out the program
Reboot your system and test your browsers

TheJDawg
2014-09-17, 17:46
Nope. Didn't find INsta share or anything.

ken545
2014-09-17, 18:09
This is what I think, Instashare is gone, you might just be seeing leftover pages

When you open IE, besides your homepage do other pages load ?

Open IE and go to tools > internet options and on the general tab make sure just your homepage is listed, anything else you can just remove

TheJDawg
2014-09-17, 18:25
There were no other homepages listed.
No other pages load initially but I use Google.com as the homepage.
If I go to say a newspaper page then a new tab will pop up asking me to take part in a survey.
Google Chrome seems more infected than IE as it has ads all through the web page.
But both get the extra tab popping up asking me to undertake a survey.

TheJDawg
2014-09-17, 18:38
Speed Browser
PCClean365 and the Survey Request are some of the pop ups I'm getting. Plus Insta share ads everywhere.

ken545
2014-09-17, 18:53
Hmmm, then its still there, from what we have done so far it should be gone :sad:


Lets try something different

Open up FRST like before but put this in, there appears to be two spellings of this pest

Instashare

First copy and paste into the search box and select Search Files and then do it again and this time Search Registry

TheJDawg
2014-09-17, 19:04
File Search First, Registry search second.

Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-18 01:55:13
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal

================== Search Files: "Instashare" =============

====== End Of Search =====

Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-18 02:04:09
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal

================== Search Registry: "Instashare" ===========


====== End Of Search ======

ken545
2014-09-17, 19:18
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

TheJDawg
2014-09-17, 19:58
02:54:10.0615 0x193c TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
02:54:25.0124 0x193c ============================================================
02:54:25.0124 0x193c Current date / time: 2014/09/18 02:54:25.0124
02:54:25.0124 0x193c SystemInfo:
02:54:25.0124 0x193c
02:54:25.0124 0x193c OS Version: 6.1.7601 ServicePack: 1.0
02:54:25.0124 0x193c Product type: Workstation
02:54:25.0124 0x193c ComputerName: JONESBOY-PC
02:54:25.0124 0x193c UserName: Jonesboy
02:54:25.0124 0x193c Windows directory: C:\windows
02:54:25.0124 0x193c System windows directory: C:\windows
02:54:25.0124 0x193c Running under WOW64
02:54:25.0124 0x193c Processor architecture: Intel x64
02:54:25.0124 0x193c Number of processors: 8
02:54:25.0124 0x193c Page size: 0x1000
02:54:25.0125 0x193c Boot type: Normal boot
02:54:25.0125 0x193c ============================================================
02:54:26.0353 0x193c KLMD registered as C:\windows\system32\drivers\76271493.sys
02:54:27.0113 0x193c System UUID: {D47CB399-40DC-D875-D78F-B1BD72CF6788}
02:54:27.0695 0x193c Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:54:27.0702 0x193c Drive \Device\Harddisk1\DR1 - Size: 0x2BAA1475000 ( 2794.52 Gb ), SectorSize: 0x1000, Cylinders: 0xB220, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
02:54:27.0705 0x193c ============================================================
02:54:27.0705 0x193c \Device\Harddisk0\DR0:
02:54:27.0705 0x193c MBR partitions:
02:54:27.0705 0x193c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000
02:54:27.0705 0x193c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x519FF000
02:54:27.0734 0x193c \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x51A64000, BlocksNum 0x3D60000
02:54:27.0734 0x193c \Device\Harddisk1\DR1:
02:54:27.0925 0x193c MBR partitions:
02:54:27.0925 0x193c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2BAA0800
02:54:27.0925 0x193c ============================================================
02:54:28.0080 0x193c C: <-> \Device\Harddisk0\DR0\Partition2
02:54:28.0143 0x193c D: <-> \Device\Harddisk0\DR0\Partition3
02:54:28.0174 0x193c E: <-> \Device\Harddisk1\DR1\Partition1
02:54:28.0174 0x193c ============================================================
02:54:28.0174 0x193c Initialize success
02:54:28.0174 0x193c ============================================================
02:54:41.0855 0x04b8 ============================================================
02:54:41.0855 0x04b8 Scan started
02:54:41.0856 0x04b8 Mode: Manual;
02:54:41.0856 0x04b8 ============================================================
02:54:41.0856 0x04b8 KSN ping started
02:54:45.0082 0x04b8 KSN ping finished: true
02:54:45.0976 0x04b8 ================ Scan system memory ========================
02:54:45.0976 0x04b8 System memory - ok
02:54:45.0977 0x04b8 ================ Scan services =============================
02:54:46.0187 0x04b8 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
02:54:46.0203 0x04b8 1394ohci - ok
02:54:46.0325 0x04b8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
02:54:46.0339 0x04b8 ACPI - ok
02:54:46.0406 0x04b8 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
02:54:46.0408 0x04b8 AcpiPmi - ok
02:54:46.0457 0x04b8 [ DC201246A14CB3B274DF59FAF539AB07, D4DAED256E9EDD5ADD7384E9FD9F8DC2B1029543BC894367B582BA7119FABD94 ] ACPIVPC C:\windows\system32\DRIVERS\AcpiVpc.sys
02:54:46.0460 0x04b8 ACPIVPC - ok
02:54:46.0636 0x04b8 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:54:46.0641 0x04b8 AdobeARMservice - ok
02:54:46.0845 0x04b8 [ FBB312C9DA3863673EC18F4AE4101778, 4E9AAE7C700E485C17FDFCC9100A79784673B006D00D4D4CE8F1DB617D25C864 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
02:54:46.0862 0x04b8 AdobeFlashPlayerUpdateSvc - ok
02:54:46.0948 0x04b8 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
02:54:47.0004 0x04b8 adp94xx - ok
02:54:47.0047 0x04b8 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
02:54:47.0069 0x04b8 adpahci - ok
02:54:47.0126 0x04b8 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
02:54:47.0139 0x04b8 adpu320 - ok
02:54:47.0185 0x04b8 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
02:54:47.0188 0x04b8 AeLookupSvc - ok
02:54:47.0280 0x04b8 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
02:54:47.0358 0x04b8 AFD - ok
02:54:47.0407 0x04b8 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
02:54:47.0410 0x04b8 agp440 - ok
02:54:47.0434 0x04b8 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
02:54:47.0438 0x04b8 ALG - ok
02:54:47.0493 0x04b8 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
02:54:47.0497 0x04b8 aliide - ok
02:54:47.0538 0x04b8 [ 8FB0FE84496291F35090DA6352889472, EB05A52E2E406A30BB09734AA43C108F24EB446CFFCCC2E9937ED8E82E9B247E ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
02:54:47.0547 0x04b8 AMD External Events Utility - ok
02:54:47.0596 0x04b8 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
02:54:47.0599 0x04b8 amdide - ok
02:54:47.0647 0x04b8 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
02:54:47.0653 0x04b8 AmdK8 - ok
02:54:47.0901 0x04b8 [ 0D8BA29B572C916669F267706ED498CD, F46D783DC3F8DE3D5D139A2B48B3D18A553AB0211E17EDA53CADD9B4E9241F28 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
02:54:48.0135 0x04b8 amdkmdag - ok
02:54:48.0161 0x04b8 [ 5D06AB33F2C1F2265D57C8975514D9D7, AA1DAAE5C84128E319986A0B9C244F767A1E43D83AE42722F2F3EE7E0336D109 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
02:54:48.0166 0x04b8 amdkmdap - ok
02:54:48.0170 0x04b8 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
02:54:48.0172 0x04b8 AmdPPM - ok
02:54:48.0234 0x04b8 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
02:54:48.0243 0x04b8 amdsata - ok
02:54:48.0271 0x04b8 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
02:54:48.0285 0x04b8 amdsbs - ok
02:54:48.0306 0x04b8 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
02:54:48.0308 0x04b8 amdxata - ok
02:54:48.0360 0x04b8 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
02:54:48.0366 0x04b8 AppID - ok
02:54:48.0389 0x04b8 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
02:54:48.0393 0x04b8 AppIDSvc - ok
02:54:48.0462 0x04b8 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
02:54:48.0468 0x04b8 Appinfo - ok
02:54:48.0619 0x04b8 [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:54:48.0624 0x04b8 Apple Mobile Device - ok
02:54:48.0671 0x04b8 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
02:54:48.0678 0x04b8 arc - ok
02:54:48.0702 0x04b8 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
02:54:48.0708 0x04b8 arcsas - ok
02:54:48.0856 0x04b8 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
02:54:48.0862 0x04b8 aspnet_state - ok
02:54:48.0948 0x04b8 [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid C:\windows\system32\drivers\aswHwid.sys
02:54:48.0951 0x04b8 aswHwid - ok
02:54:49.0028 0x04b8 [ F146F83E8F7AC22BD011D5942E4C155C, 6BD93D15C5C795C070781CF206F7226AFBD735E894865EAABA075054821B0B3C ] aswKbd C:\windows\system32\drivers\aswKbd.sys
02:54:49.0030 0x04b8 aswKbd - ok
02:54:49.0086 0x04b8 [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
02:54:49.0092 0x04b8 aswMonFlt - ok
02:54:49.0149 0x04b8 [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
02:54:49.0153 0x04b8 aswRdr - ok
02:54:49.0226 0x04b8 [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
02:54:49.0228 0x04b8 aswRvrt - ok
02:54:49.0314 0x04b8 [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx C:\windows\system32\drivers\aswSnx.sys
02:54:49.0333 0x04b8 aswSnx - ok
02:54:49.0464 0x04b8 [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP C:\windows\system32\drivers\aswSP.sys
02:54:49.0472 0x04b8 aswSP - ok
02:54:49.0513 0x04b8 [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm C:\windows\system32\drivers\aswStm.sys
02:54:49.0515 0x04b8 aswStm - ok
02:54:49.0545 0x04b8 [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
02:54:49.0552 0x04b8 aswVmm - ok
02:54:49.0562 0x04b8 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
02:54:49.0563 0x04b8 AsyncMac - ok
02:54:49.0618 0x04b8 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
02:54:49.0622 0x04b8 atapi - ok
02:54:49.0743 0x04b8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
02:54:49.0761 0x04b8 AudioEndpointBuilder - ok
02:54:49.0779 0x04b8 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
02:54:49.0792 0x04b8 AudioSrv - ok
02:54:49.0943 0x04b8 [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
02:54:49.0948 0x04b8 avast! Antivirus - ok
02:54:50.0028 0x04b8 [ 2FDE0CD829A488051C04386266F01630, 9769B944CC02816B51FB7D9AC7A6961C9E69055B57D5F77398C0493B42271D98 ] AX88772 C:\windows\system32\DRIVERS\ax88772.sys
02:54:50.0034 0x04b8 AX88772 - ok
02:54:50.0097 0x04b8 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
02:54:50.0107 0x04b8 AxInstSV - ok
02:54:50.0165 0x04b8 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
02:54:50.0182 0x04b8 b06bdrv - ok
02:54:50.0198 0x04b8 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
02:54:50.0204 0x04b8 b57nd60a - ok
02:54:50.0275 0x04b8 [ F8FE7E12F8151E0A17C23CF840599F9A, 5D1AA3A5DAC08B521A7BE775F32434AFF1F5F19B69CD16D2D94B0D399E61C371 ] bcbtums C:\windows\system32\drivers\bcbtums.sys
02:54:50.0286 0x04b8 bcbtums - ok
02:54:50.0457 0x04b8 [ ACB44407FF63C3A5A22AB5782F209604, 86BE221F07EB49D2149710CCCE4F0C24677560FEFD41F093C6D2BA0C962CF5C3 ] BcmBtRSupport C:\windows\system32\BtwRSupportService.exe
02:54:50.0540 0x04b8 BcmBtRSupport - ok
02:54:50.0664 0x04b8 [ 2E552B658273B90251E0441631DE2CA3, EE6D42A9D95E8D53B5DBF9A3F195C63505CCB9C59C63E4BF7014CDC528217723 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
02:54:50.0668 0x04b8 BcmSqlStartupSvc - ok
02:54:50.0699 0x04b8 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
02:54:50.0707 0x04b8 BDESVC - ok
02:54:50.0733 0x04b8 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
02:54:50.0735 0x04b8 Beep - ok
02:54:50.0838 0x04b8 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
02:54:50.0856 0x04b8 BFE - ok
02:54:50.0954 0x04b8 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
02:54:50.0973 0x04b8 BITS - ok
02:54:51.0002 0x04b8 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
02:54:51.0004 0x04b8 blbdrive - ok
02:54:51.0110 0x04b8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
02:54:51.0135 0x04b8 Bonjour Service - ok
02:54:51.0190 0x04b8 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
02:54:51.0197 0x04b8 bowser - ok
02:54:51.0226 0x04b8 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
02:54:51.0228 0x04b8 BrFiltLo - ok
02:54:51.0245 0x04b8 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
02:54:51.0247 0x04b8 BrFiltUp - ok
02:54:51.0311 0x04b8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
02:54:51.0319 0x04b8 Browser - ok
02:54:51.0347 0x04b8 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
02:54:51.0360 0x04b8 Brserid - ok
02:54:51.0375 0x04b8 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
02:54:51.0378 0x04b8 BrSerWdm - ok
02:54:51.0396 0x04b8 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
02:54:51.0398 0x04b8 BrUsbMdm - ok
02:54:51.0401 0x04b8 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
02:54:51.0403 0x04b8 BrUsbSer - ok
02:54:51.0466 0x04b8 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
02:54:51.0471 0x04b8 BthEnum - ok
02:54:51.0499 0x04b8 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
02:54:51.0506 0x04b8 BTHMODEM - ok
02:54:51.0537 0x04b8 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
02:54:51.0546 0x04b8 BthPan - ok
02:54:51.0617 0x04b8 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys
02:54:51.0649 0x04b8 BTHPORT - ok
02:54:51.0684 0x04b8 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
02:54:51.0688 0x04b8 bthserv - ok
02:54:51.0704 0x04b8 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys
02:54:51.0708 0x04b8 BTHUSB - ok
02:54:51.0733 0x04b8 [ 2641A3FE3D7B0646308F33B67F3B5300, 8D2E37F6524D10197D36AAE41F59028B3DF0692A113EA342BB1AC36DEA13D8F6 ] btusbflt C:\windows\system32\drivers\btusbflt.sys
02:54:51.0736 0x04b8 btusbflt - ok
02:54:51.0812 0x04b8 [ BC279FCEE9FC8CBF991D5DE539771AA9, 5DE007672BFBFA78C44CC08251F495420402AFF4AD01541AA84AD37BD4A58190 ] btwampfl C:\windows\system32\DRIVERS\btwampfl.sys
02:54:51.0823 0x04b8 btwampfl - ok
02:54:51.0882 0x04b8 [ A72A9101F9730DB7332714E566614E4D, 7C75772EA40EAEDDE2565E5FF901B17EA9B748563B8CE40062D86D4B0F1DBF0C ] btwaudio C:\windows\system32\drivers\btwaudio.sys
02:54:51.0885 0x04b8 btwaudio - ok
02:54:51.0917 0x04b8 [ 5CEEC634B617525F2B6AD29F871033F7, 0A48E08FB3C3384860783F72C85022F6AD11D8F7023580D007478AA94F6F41C5 ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
02:54:51.0923 0x04b8 btwavdt - ok
02:54:52.0012 0x04b8 [ D09F379CC86BAC2D659DF0B99CFFA168, 747BA3E3958AD8DA8BBA2B7F138870D553565BD2F3653D097829347FDCD32E15 ] btwdins C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
02:54:52.0048 0x04b8 btwdins - ok
02:54:52.0056 0x04b8 [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
02:54:52.0057 0x04b8 btwl2cap - ok
02:54:52.0065 0x04b8 [ 2AF5604D28BEF77B7CF4B9D232FE7CD3, 758524012FE284EDFC27DF095A2DD5853A0F084999F14DA66784103176E938E4 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
02:54:52.0066 0x04b8 btwrchid - ok
02:54:52.0094 0x04b8 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
02:54:52.0101 0x04b8 cdfs - ok
02:54:52.0172 0x04b8 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
02:54:52.0176 0x04b8 cdrom - ok
02:54:52.0248 0x04b8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
02:54:52.0256 0x04b8 CertPropSvc - ok
02:54:52.0275 0x04b8 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
02:54:52.0278 0x04b8 circlass - ok
02:54:52.0320 0x04b8 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
02:54:52.0342 0x04b8 CLFS - ok
02:54:52.0580 0x04b8 [ FE0CFEDA0CFC71F1FF0F77E85CA1FE1F, D067024F9110CEEF573152275DAB100943B59A36E58B342B5CC764FC3C917834 ] ClickToRunSvc C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
02:54:52.0623 0x04b8 ClickToRunSvc - ok
02:54:52.0710 0x04b8 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:54:52.0717 0x04b8 clr_optimization_v2.0.50727_32 - ok
02:54:52.0776 0x04b8 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:54:52.0784 0x04b8 clr_optimization_v2.0.50727_64 - ok
02:54:52.0869 0x04b8 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:54:52.0877 0x04b8 clr_optimization_v4.0.30319_32 - ok
02:54:52.0960 0x04b8 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:54:52.0969 0x04b8 clr_optimization_v4.0.30319_64 - ok
02:54:52.0999 0x04b8 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
02:54:53.0002 0x04b8 CmBatt - ok
02:54:53.0057 0x04b8 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
02:54:53.0060 0x04b8 cmdide - ok
02:54:53.0143 0x04b8 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
02:54:53.0208 0x04b8 CNG - ok
02:54:53.0249 0x04b8 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
02:54:53.0251 0x04b8 Compbatt - ok
02:54:53.0294 0x04b8 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
02:54:53.0297 0x04b8 CompositeBus - ok
02:54:53.0317 0x04b8 COMSysApp - ok
02:54:53.0332 0x04b8 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
02:54:53.0334 0x04b8 crcdisk - ok
02:54:53.0387 0x04b8 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
02:54:53.0402 0x04b8 CryptSvc - ok
02:54:53.0489 0x04b8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
02:54:53.0511 0x04b8 DcomLaunch - ok
02:54:53.0624 0x04b8 [ 3B604417EBAE4E1E66E6ABD8CC55FD76, 996C0C32A4F76E675909FBD48EA2EE296041271F26ABB339E05EDD272CB876DC ] DCService.exe C:\ProgramData\DatacardService\DCService.exe
02:54:53.0632 0x04b8 DCService.exe - ok
02:54:53.0680 0x04b8 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
02:54:53.0693 0x04b8 defragsvc - ok
02:54:53.0756 0x04b8 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
02:54:53.0764 0x04b8 DfsC - ok
02:54:53.0855 0x04b8 [ 30710AEFCE721CEEE0F35EB6A01C263C, FB062EC86474D38BBC38E11E2618A9505001C287430B495C482977BBE58017C8 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
02:54:53.0862 0x04b8 dg_ssudbus - ok
02:54:53.0939 0x04b8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
02:54:54.0029 0x04b8 Dhcp - ok
02:54:54.0039 0x04b8 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
02:54:54.0043 0x04b8 discache - ok
02:54:54.0114 0x04b8 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
02:54:54.0121 0x04b8 Disk - ok
02:54:54.0497 0x04b8 [ 37C2096863037FB4DF0D7A59F38BB0FE, EF90D24470C06E5A0E353A2BE3280AD39519F54DB9DFE4DDD1180ACA9994DCB2 ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
02:54:54.0760 0x04b8 DisplayLinkService - ok
02:54:54.0843 0x04b8 [ 5720BA23E5BED756B04CD52BAF31EFA7, A004346AB7E92776CF55DC2D85B0FBEF9AA5F95CF477672B8BD87BD0590AE71A ] DisplayLinkUsbIo_x64 C:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys
02:54:54.0845 0x04b8 DisplayLinkUsbIo_x64 - ok
02:54:54.0860 0x04b8 DisplayLinkUsbPort - ok
02:54:54.0905 0x04b8 [ F7ABF14F9BDF5DCE820E2ED04C1CA7DC, 39846B095D32AD9DF50E6966FDB40A5346A299CC58CFF050B5FCAC448E6409A4 ] dlkmd C:\windows\system32\drivers\dlkmd.sys
02:54:54.0916 0x04b8 dlkmd - ok
02:54:54.0960 0x04b8 [ 69A1101254551EF7EE22AD5E4D5C1F75, 04FF8C9DC7F70365C31A2D52BC524EDAA5D93F8D2ADDAE541CEF7A2E55E02363 ] dlkmdldr C:\windows\system32\drivers\dlkmdldr.sys
02:54:54.0963 0x04b8 dlkmdldr - ok
02:54:55.0034 0x04b8 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
02:54:55.0047 0x04b8 Dnscache - ok
02:54:55.0121 0x04b8 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
02:54:55.0148 0x04b8 dot3svc - ok
02:54:55.0207 0x04b8 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
02:54:55.0211 0x04b8 DPS - ok
02:54:55.0262 0x04b8 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
02:54:55.0265 0x04b8 drmkaud - ok
02:54:55.0358 0x04b8 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
02:54:55.0378 0x04b8 DXGKrnl - ok
02:54:55.0399 0x04b8 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
02:54:55.0403 0x04b8 EapHost - ok
02:54:55.0549 0x04b8 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
02:54:55.0607 0x04b8 ebdrv - ok
02:54:55.0660 0x04b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\windows\System32\lsass.exe
02:54:55.0662 0x04b8 EFS - ok
02:54:55.0777 0x04b8 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
02:54:55.0849 0x04b8 ehRecvr - ok
02:54:55.0880 0x04b8 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
02:54:55.0885 0x04b8 ehSched - ok
02:54:55.0928 0x04b8 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
02:54:55.0961 0x04b8 elxstor - ok
02:54:56.0009 0x04b8 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
02:54:56.0012 0x04b8 ErrDev - ok
02:54:56.0085 0x04b8 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
02:54:56.0095 0x04b8 EventSystem - ok
02:54:56.0183 0x04b8 [ D83EB7ADE99D99A4CD6568AC1261D35E, 92F7ACBFE9CD717129176CEDF33FCA738C0FE0AFC5F2C22C894AB605A3F0747C ] ewusbnet C:\windows\system32\DRIVERS\ewusbnet.sys
02:54:56.0228 0x04b8 ewusbnet - ok
02:54:56.0300 0x04b8 [ 86F7951BBCEE4A86E79A97306BD14318, 84B52A0392DA53ED71A2C4D483DD93DDF552BF8AC764C7BD47BE0EB58C7C8219 ] ew_hwusbdev C:\windows\system32\DRIVERS\ew_hwusbdev.sys
02:54:56.0310 0x04b8 ew_hwusbdev - ok
02:54:56.0370 0x04b8 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
02:54:56.0383 0x04b8 exfat - ok
02:54:56.0410 0x04b8 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
02:54:56.0418 0x04b8 fastfat - ok
02:54:56.0456 0x04b8 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
02:54:56.0458 0x04b8 fdc - ok
02:54:56.0486 0x04b8 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
02:54:56.0491 0x04b8 fdPHost - ok
02:54:56.0523 0x04b8 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
02:54:56.0529 0x04b8 FDResPub - ok
02:54:56.0544 0x04b8 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
02:54:56.0549 0x04b8 FileInfo - ok
02:54:56.0565 0x04b8 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
02:54:56.0568 0x04b8 Filetrace - ok
02:54:56.0592 0x04b8 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
02:54:56.0595 0x04b8 flpydisk - ok
02:54:56.0657 0x04b8 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
02:54:56.0671 0x04b8 FltMgr - ok
02:54:56.0782 0x04b8 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
02:54:56.0804 0x04b8 FontCache - ok
02:54:56.0872 0x04b8 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:54:56.0875 0x04b8 FontCache3.0.0.0 - ok
02:54:56.0967 0x04b8 [ 3C36885FAD477629BE44BDC2D98682D6, 2A7B79E5896CAC37DB2C77C081B77FBD85F73333F4B50FD408CD0A04A2228239 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
02:54:56.0975 0x04b8 Freemake Improver - ok
02:54:57.0072 0x04b8 [ 23BA2103F69C7E12138240C86030F954, 2BDA358530FC776B835B90AC551D3FEBD660A97620EA9724DD3A5741DD3AB66D ] FreemakeVideoCapture C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
02:54:57.0074 0x04b8 FreemakeVideoCapture - ok
02:54:57.0092 0x04b8 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
02:54:57.0098 0x04b8 FsDepends - ok
02:54:57.0154 0x04b8 [ C2E475625F2C6F7DCDE4E920523A0573, C316D2223008BD5EA022AFB79CC21B841939FA8D511729455E787E59A27A0DE6 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
02:54:57.0160 0x04b8 fssfltr - ok
02:54:57.0347 0x04b8 [ 7B4C82899A967A7EB22DAB502770AE8E, 209FB59669070FCAAACB24B0CE81C375362BF1C519B15FDB5AA3EC2C87E2069B ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
02:54:57.0374 0x04b8 fsssvc - ok
02:54:57.0496 0x04b8 [ DDEE99DC54EFA20BD5A442CD733C4462, 941D6C5D91F6419198F1A53BF7D33AA2D9118CEAC028B6ED8E5308751810B9B5 ] FsUsbExDisk C:\windows\SysWOW64\FsUsbExDisk.SYS
02:54:57.0502 0x04b8 FsUsbExDisk - ok
02:54:57.0566 0x04b8 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
02:54:57.0569 0x04b8 Fs_Rec - ok
02:54:57.0650 0x04b8 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
02:54:57.0684 0x04b8 fvevol - ok
02:54:57.0727 0x04b8 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
02:54:57.0732 0x04b8 gagp30kx - ok
02:54:57.0893 0x04b8 [ 1412AF9A55BCC400E03FF3296C23DEAA, 2D31FE3D5F6C6E397450AB018FBA4C3468801B8DE06D5A614987049A26139888 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
02:54:57.0916 0x04b8 Garmin Core Update Service - ok
02:54:58.0000 0x04b8 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:54:58.0004 0x04b8 GEARAspiWDM - ok
02:54:58.0097 0x04b8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
02:54:58.0133 0x04b8 gpsvc - ok
02:54:58.0203 0x04b8 [ B9893A68032A6D9ADDB5B98287C630F7, F0280764D7B31F1EA634E91397229B1C064A7C1B3A77A6BBD123CEA74180789F ] grmnusb C:\windows\system32\drivers\grmnusb.sys
02:54:58.0206 0x04b8 grmnusb - ok
02:54:58.0301 0x04b8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:54:58.0310 0x04b8 gupdate - ok
02:54:58.0345 0x04b8 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:54:58.0353 0x04b8 gupdatem - ok
02:54:58.0373 0x04b8 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
02:54:58.0377 0x04b8 hcw85cir - ok
02:54:58.0465 0x04b8 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
02:54:58.0513 0x04b8 HdAudAddService - ok
02:54:58.0549 0x04b8 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
02:54:58.0557 0x04b8 HDAudBus - ok
02:54:58.0573 0x04b8 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
02:54:58.0578 0x04b8 HidBatt - ok
02:54:58.0590 0x04b8 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
02:54:58.0598 0x04b8 HidBth - ok
02:54:58.0611 0x04b8 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
02:54:58.0614 0x04b8 HidIr - ok
02:54:58.0641 0x04b8 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
02:54:58.0645 0x04b8 hidserv - ok
02:54:58.0715 0x04b8 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
02:54:58.0719 0x04b8 HidUsb - ok
02:54:58.0775 0x04b8 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
02:54:58.0785 0x04b8 hkmsvc - ok
02:54:58.0878 0x04b8 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
02:54:58.0912 0x04b8 HomeGroupListener - ok
02:54:58.0975 0x04b8 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
02:54:58.0992 0x04b8 HomeGroupProvider - ok
02:54:59.0032 0x04b8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
02:54:59.0039 0x04b8 HpSAMD - ok
02:54:59.0190 0x04b8 HPSLPSVC - ok
02:54:59.0258 0x04b8 [ F47CEC45FB85791D4AB237563AD0FA8F, 1035066D48BD179855BCA7F62EFA1B951E6E839D2E29E15A31844E18A126DD41 ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
02:54:59.0262 0x04b8 HTCAND64 - ok
02:54:59.0360 0x04b8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
02:54:59.0402 0x04b8 HTTP - ok
02:54:59.0457 0x04b8 [ 09AF4D7563EFC283BEDDDAFE60FAF168, C21BE5CB114D9C2BD5D22A19DF6F7AC5D1D7234918BD1D167C5B03C4377C248A ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
02:54:59.0460 0x04b8 huawei_enumerator - ok
02:54:59.0537 0x04b8 [ 6E05228393CD614B983568EC40C262C3, CEB1CFDD346534F01A52D2E7004B0220692FC67CAD874FE04740ECDA2F92767D ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
02:54:59.0547 0x04b8 hwdatacard - ok
02:54:59.0599 0x04b8 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
02:54:59.0601 0x04b8 hwpolicy - ok
02:54:59.0678 0x04b8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
02:54:59.0682 0x04b8 i8042prt - ok
02:54:59.0739 0x04b8 [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
02:54:59.0750 0x04b8 iaStor - ok
02:54:59.0908 0x04b8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
02:54:59.0943 0x04b8 iaStorV - ok
02:55:00.0108 0x04b8 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:55:00.0124 0x04b8 idsvc - ok
02:55:00.0173 0x04b8 IEEtwCollectorService - ok
02:55:00.0364 0x04b8 [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
02:55:00.0559 0x04b8 igfx - ok
02:55:00.0599 0x04b8 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
02:55:00.0601 0x04b8 iirsp - ok
02:55:00.0682 0x04b8 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
02:55:00.0699 0x04b8 IKEEXT - ok
02:55:00.0803 0x04b8 [ 895C6DD2A3CAB8C2BAEDB201DD1A7D40, 21C5969011FCF3878F0AD122B32623D966F358056B6B6EF16583996A3591860F ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
02:55:00.0851 0x04b8 IntcAzAudAddService - ok
02:55:00.0899 0x04b8 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
02:55:00.0901 0x04b8 intelide - ok
02:55:00.0920 0x04b8 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
02:55:00.0921 0x04b8 intelppm - ok
02:55:00.0961 0x04b8 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
02:55:00.0964 0x04b8 IPBusEnum - ok
02:55:01.0021 0x04b8 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
02:55:01.0029 0x04b8 IpFilterDriver - ok
02:55:01.0117 0x04b8 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
02:55:01.0131 0x04b8 iphlpsvc - ok
02:55:01.0201 0x04b8 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
02:55:01.0203 0x04b8 IPMIDRV - ok
02:55:01.0208 0x04b8 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
02:55:01.0212 0x04b8 IPNAT - ok
02:55:01.0336 0x04b8 [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
02:55:01.0347 0x04b8 iPod Service - ok
02:55:01.0412 0x04b8 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
02:55:01.0416 0x04b8 IRENUM - ok
02:55:01.0461 0x04b8 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
02:55:01.0465 0x04b8 isapnp - ok
02:55:01.0532 0x04b8 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
02:55:01.0544 0x04b8 iScsiPrt - ok
02:55:01.0603 0x04b8 [ 3926C8C55A2CD2C94888BE39B4BEB629, 75777C6EBC1D415248B84C19895F2BDF5AAFC1511CEF6A0ABE14540D7E1151B5 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
02:55:01.0610 0x04b8 JMCR - ok
02:55:01.0642 0x04b8 [ CEE38AB6627CB2F8A97DD7D5A8449944, 6C41BF6D5EE2BB72FF1F4167825BB71AD375F4BE01DEC773B54E35532E9CF70A ] JmUsbCcgp C:\windows\system32\DRIVERS\jmccgp.sys
02:55:01.0644 0x04b8 JmUsbCcgp - ok
02:55:01.0677 0x04b8 [ C21332D7A3C4A9AC93A531F0530ADAE4, 26379784B04D7233D85B49368F5900308B5B9BD7D6DC3802D7BD1633B501BD29 ] JmUsbVideo C:\windows\system32\Drivers\jmcam.sys
02:55:01.0680 0x04b8 JmUsbVideo - ok
02:55:01.0695 0x04b8 [ 02CFB0C078551F61AE7417CA793A0021, 03BEBB523BCBAD510362F7025B2B6AF3E195FD5F3237EA1905F2306E2C57FAE5 ] JmUsbVideo2 C:\windows\system32\Drivers\jmcam_lo.sys
02:55:01.0697 0x04b8 JmUsbVideo2 - ok
02:55:01.0757 0x04b8 [ 12E27942DBB7C91880163634B0D8A776, DEE56DB8993A915E8FC32F9F50FAEED591799B0694655926C4F260EBFB99FC7E ] k57nd60a C:\windows\system32\DRIVERS\k57nd60a.sys
02:55:01.0772 0x04b8 k57nd60a - ok
02:55:01.0828 0x04b8 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
02:55:01.0833 0x04b8 kbdclass - ok
02:55:01.0881 0x04b8 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
02:55:01.0886 0x04b8 kbdhid - ok
02:55:01.0905 0x04b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\windows\system32\lsass.exe
02:55:01.0910 0x04b8 KeyIso - ok
02:55:01.0972 0x04b8 [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
02:55:01.0980 0x04b8 KSecDD - ok
02:55:02.0011 0x04b8 [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
02:55:02.0022 0x04b8 KSecPkg - ok
02:55:02.0037 0x04b8 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
02:55:02.0039 0x04b8 ksthunk - ok
02:55:02.0078 0x04b8 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
02:55:02.0092 0x04b8 KtmRm - ok
02:55:02.0152 0x04b8 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
02:55:02.0174 0x04b8 LanmanServer - ok
02:55:02.0229 0x04b8 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
02:55:02.0238 0x04b8 LanmanWorkstation - ok
02:55:02.0282 0x04b8 [ BE166935083F9C38EDFDC21B9A7A679B, 89C64DBE58E1B974208AAAA5CC757C599B1439C205C3C48BF16BA054A06DBC94 ] LHDmgr C:\windows\system32\DRIVERS\LhdX64.sys
02:55:02.0284 0x04b8 LHDmgr - ok
02:55:02.0321 0x04b8 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
02:55:02.0326 0x04b8 lltdio - ok
02:55:02.0361 0x04b8 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
02:55:02.0373 0x04b8 lltdsvc - ok
02:55:02.0378 0x04b8 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
02:55:02.0382 0x04b8 lmhosts - ok
02:55:02.0424 0x04b8 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
02:55:02.0433 0x04b8 LSI_FC - ok
02:55:02.0477 0x04b8 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
02:55:02.0487 0x04b8 LSI_SAS - ok
02:55:02.0507 0x04b8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
02:55:02.0514 0x04b8 LSI_SAS2 - ok
02:55:02.0536 0x04b8 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
02:55:02.0542 0x04b8 LSI_SCSI - ok
02:55:02.0565 0x04b8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
02:55:02.0571 0x04b8 luafv - ok
02:55:02.0576 0x04b8 massfilter - ok
02:55:02.0625 0x04b8 [ 22D01516948417C8A224A25694C99ECD, 033FCDA4E423E19B994F54BD4398751B912F7F57DAEB14AF472A59832B029239 ] massfilter_lte C:\windows\system32\drivers\massfilter_lte.sys
02:55:02.0629 0x04b8 massfilter_lte - ok
02:55:02.0666 0x04b8 [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\windows\system32\drivers\mbam.sys
02:55:02.0669 0x04b8 MBAMProtector - ok
02:55:02.0814 0x04b8 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
02:55:02.0846 0x04b8 MBAMScheduler - ok
02:55:02.0897 0x04b8 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
02:55:02.0931 0x04b8 MBAMService - ok
02:55:03.0019 0x04b8 [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\windows\system32\drivers\MBAMSwissArmy.sys
02:55:03.0028 0x04b8 MBAMSwissArmy - ok
02:55:03.0055 0x04b8 [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
02:55:03.0058 0x04b8 MBAMWebAccessControl - ok
02:55:03.0130 0x04b8 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
02:55:03.0140 0x04b8 Mcx2Svc - ok
02:55:03.0148 0x04b8 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
02:55:03.0152 0x04b8 megasas - ok
02:55:03.0181 0x04b8 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
02:55:03.0192 0x04b8 MegaSR - ok
02:55:03.0246 0x04b8 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
02:55:03.0251 0x04b8 MEIx64 - ok
02:55:03.0289 0x04b8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
02:55:03.0298 0x04b8 MMCSS - ok
02:55:03.0323 0x04b8 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
02:55:03.0327 0x04b8 Modem - ok
02:55:03.0386 0x04b8 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
02:55:03.0389 0x04b8 monitor - ok
02:55:03.0412 0x04b8 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
02:55:03.0417 0x04b8 mouclass - ok
02:55:03.0445 0x04b8 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
02:55:03.0449 0x04b8 mouhid - ok
02:55:03.0521 0x04b8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
02:55:03.0528 0x04b8 mountmgr - ok
02:55:03.0607 0x04b8 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
02:55:03.0618 0x04b8 mpio - ok
02:55:03.0696 0x04b8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
02:55:03.0707 0x04b8 mpsdrv - ok
02:55:03.0820 0x04b8 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
02:55:03.0858 0x04b8 MpsSvc - ok
02:55:03.0906 0x04b8 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
02:55:03.0912 0x04b8 MRxDAV - ok
02:55:03.0967 0x04b8 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
02:55:03.0979 0x04b8 mrxsmb - ok
02:55:04.0006 0x04b8 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
02:55:04.0023 0x04b8 mrxsmb10 - ok
02:55:04.0078 0x04b8 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
02:55:04.0088 0x04b8 mrxsmb20 - ok
02:55:04.0124 0x04b8 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
02:55:04.0126 0x04b8 msahci - ok
02:55:04.0153 0x04b8 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
02:55:04.0157 0x04b8 msdsm - ok
02:55:04.0180 0x04b8 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
02:55:04.0184 0x04b8 MSDTC - ok
02:55:04.0206 0x04b8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
02:55:04.0208 0x04b8 Msfs - ok
02:55:04.0217 0x04b8 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
02:55:04.0219 0x04b8 mshidkmdf - ok
02:55:04.0258 0x04b8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
02:55:04.0260 0x04b8 msisadrv - ok
02:55:04.0293 0x04b8 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
02:55:04.0306 0x04b8 MSiSCSI - ok
02:55:04.0309 0x04b8 msiserver - ok
02:55:04.0348 0x04b8 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
02:55:04.0351 0x04b8 MSKSSRV - ok
02:55:04.0362 0x04b8 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
02:55:04.0365 0x04b8 MSPCLOCK - ok
02:55:04.0380 0x04b8 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
02:55:04.0383 0x04b8 MSPQM - ok
02:55:04.0456 0x04b8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
02:55:04.0513 0x04b8 MsRPC - ok
02:55:04.0567 0x04b8 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
02:55:04.0569 0x04b8 mssmbios - ok
02:55:04.0718 0x04b8 MSSQL$MSSMLBIZ - ok
02:55:04.0846 0x04b8 [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 C:\Program Files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
02:55:04.0851 0x04b8 MSSQLServerADHelper100 - ok
02:55:04.0870 0x04b8 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
02:55:04.0873 0x04b8 MSTEE - ok
02:55:04.0889 0x04b8 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
02:55:04.0892 0x04b8 MTConfig - ok
02:55:04.0908 0x04b8 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
02:55:04.0914 0x04b8 Mup - ok
02:55:04.0983 0x04b8 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
02:55:05.0001 0x04b8 napagent - ok
02:55:05.0044 0x04b8 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
02:55:05.0053 0x04b8 NativeWifiP - ok
02:55:05.0151 0x04b8 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
02:55:05.0169 0x04b8 NDIS - ok
02:55:05.0272 0x04b8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
02:55:05.0277 0x04b8 NdisCap - ok
02:55:05.0305 0x04b8 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
02:55:05.0308 0x04b8 NdisTapi - ok
02:55:05.0369 0x04b8 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
02:55:05.0375 0x04b8 Ndisuio - ok
02:55:05.0431 0x04b8 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
02:55:05.0444 0x04b8 NdisWan - ok
02:55:05.0509 0x04b8 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
02:55:05.0515 0x04b8 NDProxy - ok
02:55:05.0572 0x04b8 [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl C:\windows\system32\DRIVERS\netaapl64.sys
02:55:05.0576 0x04b8 Netaapl - ok
02:55:05.0594 0x04b8 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
02:55:05.0599 0x04b8 NetBIOS - ok
02:55:05.0657 0x04b8 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
02:55:05.0675 0x04b8 NetBT - ok
02:55:05.0694 0x04b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\windows\system32\lsass.exe
02:55:05.0698 0x04b8 Netlogon - ok
02:55:05.0743 0x04b8 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
02:55:05.0757 0x04b8 Netman - ok
02:55:05.0904 0x04b8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:55:05.0916 0x04b8 NetMsmqActivator - ok
02:55:05.0958 0x04b8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:55:05.0968 0x04b8 NetPipeActivator - ok
02:55:06.0020 0x04b8 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
02:55:06.0040 0x04b8 netprofm - ok
02:55:06.0060 0x04b8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:55:06.0064 0x04b8 NetTcpActivator - ok
02:55:06.0069 0x04b8 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
02:55:06.0072 0x04b8 NetTcpPortSharing - ok
02:55:06.0269 0x04b8 [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64 C:\windows\system32\DRIVERS\netw5v64.sys
02:55:06.0472 0x04b8 netw5v64 - ok
02:55:06.0855 0x04b8 [ 98CF53F7B23F77D082805D5DBBD99A4E, 84285D0192B945262F69FE902C76519741425BD7C674364D6E11F96D2BC38B10 ] NETwNs64 C:\windows\system32\DRIVERS\Netwsw00.sys
02:55:07.0213 0x04b8 NETwNs64 - ok
02:55:07.0254 0x04b8 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
02:55:07.0256 0x04b8 nfrd960 - ok
02:55:07.0330 0x04b8 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
02:55:07.0352 0x04b8 NlaSvc - ok
02:55:07.0367 0x04b8 NPF - ok
02:55:07.0381 0x04b8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
02:55:07.0384 0x04b8 Npfs - ok
02:55:07.0398 0x04b8 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
02:55:07.0401 0x04b8 nsi - ok
02:55:07.0408 0x04b8 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
02:55:07.0409 0x04b8 nsiproxy - ok
02:55:07.0538 0x04b8 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
02:55:07.0599 0x04b8 Ntfs - ok
02:55:07.0611 0x04b8 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
02:55:07.0612 0x04b8 Null - ok
02:55:07.0670 0x04b8 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
02:55:07.0681 0x04b8 nvraid - ok
02:55:07.0706 0x04b8 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
02:55:07.0712 0x04b8 nvstor - ok
02:55:07.0743 0x04b8 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
02:55:07.0750 0x04b8 nv_agp - ok
02:55:07.0797 0x04b8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
02:55:07.0804 0x04b8 ohci1394 - ok
02:55:07.0950 0x04b8 [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:55:07.0960 0x04b8 ose - ok
02:55:08.0212 0x04b8 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:55:08.0302 0x04b8 osppsvc - ok
02:55:08.0373 0x04b8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
02:55:08.0395 0x04b8 p2pimsvc - ok
02:55:08.0419 0x04b8 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
02:55:08.0432 0x04b8 p2psvc - ok
02:55:08.0445 0x04b8 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
02:55:08.0448 0x04b8 Parport - ok
02:55:08.0495 0x04b8 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
02:55:08.0502 0x04b8 partmgr - ok
02:55:08.0525 0x04b8 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
02:55:08.0535 0x04b8 PcaSvc - ok
02:55:08.0559 0x04b8 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
02:55:08.0566 0x04b8 pci - ok
02:55:08.0631 0x04b8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
02:55:08.0635 0x04b8 pciide - ok
02:55:08.0669 0x04b8 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
02:55:08.0687 0x04b8 pcmcia - ok
02:55:08.0709 0x04b8 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
02:55:08.0712 0x04b8 pcw - ok
02:55:08.0751 0x04b8 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
02:55:08.0786 0x04b8 PEAUTH - ok
02:55:08.0919 0x04b8 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
02:55:08.0926 0x04b8 PerfHost - ok
02:55:09.0041 0x04b8 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
02:55:09.0095 0x04b8 pla - ok
02:55:09.0184 0x04b8 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
02:55:09.0235 0x04b8 PlugPlay - ok
02:55:09.0261 0x04b8 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
02:55:09.0271 0x04b8 PNRPAutoReg - ok
02:55:09.0299 0x04b8 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
02:55:09.0315 0x04b8 PNRPsvc - ok
02:55:09.0411 0x04b8 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
02:55:09.0431 0x04b8 PolicyAgent - ok
02:55:09.0476 0x04b8 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
02:55:09.0494 0x04b8 Power - ok
02:55:09.0554 0x04b8 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
02:55:09.0564 0x04b8 PptpMiniport - ok
02:55:09.0604 0x04b8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
02:55:09.0610 0x04b8 Processor - ok
02:55:09.0675 0x04b8 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
02:55:09.0719 0x04b8 ProfSvc - ok
02:55:09.0773 0x04b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\windows\system32\lsass.exe
02:55:09.0780 0x04b8 ProtectedStorage - ok
02:55:09.0848 0x04b8 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
02:55:09.0854 0x04b8 Psched - ok
02:55:09.0918 0x04b8 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
02:55:09.0996 0x04b8 ql2300 - ok
02:55:10.0012 0x04b8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
02:55:10.0016 0x04b8 ql40xx - ok
02:55:10.0038 0x04b8 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
02:55:10.0046 0x04b8 QWAVE - ok
02:55:10.0056 0x04b8 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
02:55:10.0058 0x04b8 QWAVEdrv - ok
02:55:10.0069 0x04b8 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
02:55:10.0071 0x04b8 RasAcd - ok
02:55:10.0109 0x04b8 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
02:55:10.0115 0x04b8 RasAgileVpn - ok
02:55:10.0145 0x04b8 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
02:55:10.0156 0x04b8 RasAuto - ok
02:55:10.0232 0x04b8 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
02:55:10.0243 0x04b8 Rasl2tp - ok
02:55:10.0327 0x04b8 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
02:55:10.0340 0x04b8 RasMan - ok
02:55:10.0358 0x04b8 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
02:55:10.0361 0x04b8 RasPppoe - ok
02:55:10.0375 0x04b8 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
02:55:10.0378 0x04b8 RasSstp - ok
02:55:10.0446 0x04b8 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
02:55:10.0473 0x04b8 rdbss - ok
02:55:10.0488 0x04b8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
02:55:10.0491 0x04b8 rdpbus - ok
02:55:10.0511 0x04b8 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
02:55:10.0514 0x04b8 RDPCDD - ok
02:55:10.0542 0x04b8 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
02:55:10.0544 0x04b8 RDPENCDD - ok
02:55:10.0560 0x04b8 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
02:55:10.0562 0x04b8 RDPREFMP - ok
02:55:10.0643 0x04b8 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
02:55:10.0647 0x04b8 RdpVideoMiniport - ok
02:55:10.0704 0x04b8 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
02:55:10.0725 0x04b8 RDPWD - ok
02:55:10.0814 0x04b8 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
02:55:10.0831 0x04b8 rdyboost - ok
02:55:10.0871 0x04b8 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
02:55:10.0879 0x04b8 RemoteAccess - ok
02:55:10.0898 0x04b8 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
02:55:10.0909 0x04b8 RemoteRegistry - ok
02:55:10.0936 0x04b8 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
02:55:10.0942 0x04b8 RFCOMM - ok
02:55:10.0961 0x04b8 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
02:55:10.0967 0x04b8 RpcEptMapper - ok
02:55:10.0998 0x04b8 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
02:55:11.0004 0x04b8 RpcLocator - ok
02:55:11.0088 0x04b8 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
02:55:11.0105 0x04b8 RpcSs - ok
02:55:11.0130 0x04b8 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
02:55:11.0134 0x04b8 rspndr - ok
02:55:11.0158 0x04b8 [ 116D03E901246AC7AF006121E1E22842, 4C28AE9BDEF84F7E6C800ACD34EA1297E4A59BAE309E213D4C93CC5A2DA522EC ] RTHDMIAzAudService C:\windows\system32\drivers\RtHDMIVX.sys
02:55:11.0165 0x04b8 RTHDMIAzAudService - ok
02:55:11.0183 0x04b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\windows\system32\lsass.exe
02:55:11.0186 0x04b8 SamSs - ok
02:55:11.0250 0x04b8 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
02:55:11.0260 0x04b8 sbp2port - ok
02:55:11.0333 0x04b8 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
02:55:11.0346 0x04b8 SCardSvr - ok
02:55:11.0421 0x04b8 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
02:55:11.0426 0x04b8 scfilter - ok
02:55:11.0541 0x04b8 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
02:55:11.0592 0x04b8 Schedule - ok
02:55:11.0620 0x04b8 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
02:55:11.0622 0x04b8 SCPolicySvc - ok
02:55:11.0699 0x04b8 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\windows\system32\drivers\sdbus.sys
02:55:11.0709 0x04b8 sdbus - ok
02:55:11.0766 0x04b8 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
02:55:11.0779 0x04b8 SDRSVC - ok
02:55:11.0962 0x04b8 [ D777F1417D9BB9F66CD9D9C3B61F730F, 0CBD830EB9D2B0F1946131F20907793B2D68A3BCEEC3EA5416972149F73DC815 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
02:55:11.0993 0x04b8 SDScannerService - ok
02:55:12.0152 0x04b8 [ 68D6C7F99BC73B88954D844FCCBEB2A0, F746861B103C8BE8EA234B9FCFBBDD2412C79FB65F2F1E0F5E6EBC0B34905FF1 ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
02:55:12.0189 0x04b8 SDUpdateService - ok
02:55:12.0263 0x04b8 [ 9B9B368A8FF5CAF91D7A333CF62CD2CC, A4AE7FFBBAF983BFDE15B521ED162CBC4E6FC85BCDB200C75D45878B3FFDFA68 ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
02:55:12.0275 0x04b8 SDWSCService - ok
02:55:12.0300 0x04b8 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
02:55:12.0304 0x04b8 secdrv - ok
02:55:12.0364 0x04b8 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
02:55:12.0374 0x04b8 seclogon - ok
02:55:12.0393 0x04b8 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
02:55:12.0399 0x04b8 SENS - ok
02:55:12.0414 0x04b8 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
02:55:12.0420 0x04b8 SensrSvc - ok
02:55:12.0457 0x04b8 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
02:55:12.0460 0x04b8 Serenum - ok
02:55:12.0500 0x04b8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
02:55:12.0509 0x04b8 Serial - ok
02:55:12.0578 0x04b8 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
02:55:12.0583 0x04b8 sermouse - ok
02:55:12.0654 0x04b8 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
02:55:12.0669 0x04b8 SessionEnv - ok
02:55:12.0713 0x04b8 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
02:55:12.0716 0x04b8 sffdisk - ok
02:55:12.0737 0x04b8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
02:55:12.0741 0x04b8 sffp_mmc - ok
02:55:12.0755 0x04b8 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
02:55:12.0758 0x04b8 sffp_sd - ok
02:55:12.0772 0x04b8 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
02:55:12.0774 0x04b8 sfloppy - ok
02:55:12.0826 0x04b8 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
02:55:12.0847 0x04b8 SharedAccess - ok
02:55:12.0934 0x04b8 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
02:55:12.0950 0x04b8 ShellHWDetection - ok
02:55:12.0963 0x04b8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
02:55:12.0965 0x04b8 SiSRaid2 - ok
02:55:12.0974 0x04b8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
02:55:12.0977 0x04b8 SiSRaid4 - ok
02:55:13.0245 0x04b8 [ 753D254205E0A62100A050BD8B458D06, DFDFCC6FAE853C690DB11EC44E5C105C6B6A0302AFC92ADC62260E727E1987C1 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
02:55:13.0298 0x04b8 Skype C2C Service - ok
02:55:13.0361 0x04b8 [ AD2FA5CB9E9EBF668786CCDAE5CFE458, 8F7A8FB718E4451A07FB55A8C1314E4D73CEAAFD1057A4FFB6A7823F456554CC ] Slidebar Notifier Service C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
02:55:13.0366 0x04b8 Slidebar Notifier Service - ok
02:55:13.0391 0x04b8 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
02:55:13.0397 0x04b8 Smb - ok
02:55:13.0450 0x04b8 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
02:55:13.0457 0x04b8 SNMPTRAP - ok
02:55:13.0472 0x04b8 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
02:55:13.0477 0x04b8 spldr - ok
02:55:13.0563 0x04b8 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
02:55:13.0582 0x04b8 Spooler - ok
02:55:13.0745 0x04b8 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
02:55:13.0808 0x04b8 sppsvc - ok
02:55:13.0830 0x04b8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
02:55:13.0835 0x04b8 sppuinotify - ok
02:55:14.0047 0x04b8 [ 944B774D2B296E21C32FDADF255A83EB, C84A529D188815BC73F9EDF2CA877FE149C80569103040B8F5B3D04C54975CEA ] SQLAgent$MSSMLBIZ C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE
02:55:14.0083 0x04b8 SQLAgent$MSSMLBIZ - ok
02:55:14.0228 0x04b8 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB, EE66162AEAF6A583A04BB5AF1220318C9ADD3A62987CDCEE0505C6FF37AB30FF ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
02:55:14.0273 0x04b8 SQLBrowser - ok
02:55:14.0352 0x04b8 [ F92E5F93BE572B512DA3C016B675EDE0, 3BBE8B952A329E4BCD6F0C8D6225F809B99217A196301B6FE543B26C3689A37B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
02:55:14.0362 0x04b8 SQLWriter - ok
02:55:14.0444 0x04b8 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
02:55:14.0458 0x04b8 srv - ok
02:55:14.0530 0x04b8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
02:55:14.0546 0x04b8 srv2 - ok
02:55:14.0605 0x04b8 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
02:55:14.0613 0x04b8 srvnet - ok
02:55:14.0650 0x04b8 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
02:55:14.0660 0x04b8 SSDPSRV - ok
02:55:14.0678 0x04b8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
02:55:14.0686 0x04b8 SstpSvc - ok
02:55:14.0774 0x04b8 [ 91310683D7B6B292B746D60734B59322, 2C56C3E4AA7356FB544B52F80ABDA39A80473390CB2059C69BDCCAD40FE56325 ] ssudmdm C:\windows\system32\DRIVERS\ssudmdm.sys
02:55:14.0794 0x04b8 ssudmdm - ok
02:55:14.0860 0x04b8 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
02:55:14.0864 0x04b8 stexstor - ok
02:55:14.0939 0x04b8 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
02:55:14.0961 0x04b8 stisvc - ok
02:55:15.0013 0x04b8 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
02:55:15.0014 0x04b8 swenum - ok
02:55:15.0092 0x04b8 [ 9F0A0C3EE91FD7CB709F7D0D97207F7E, 192450C511CF117599306458131AEC90525C010E0F567DD18252A011997920EF ] swg3kser00 C:\windows\system32\DRIVERS\swg3kser00.sys
02:55:15.0143 0x04b8 swg3kser00 - ok
02:55:15.0210 0x04b8 [ C6A7E54A31803E6F95E23D1B5D967D57, ED13636C81CE61550750A2AF7EAF96BE7B925A103D25ED37EF9D8120622121C9 ] swiwdmbx C:\windows\system32\DRIVERS\swiwdmbx64.sys
02:55:15.0213 0x04b8 swiwdmbx - ok
02:55:15.0228 0x04b8 swmsflt - ok
02:55:15.0285 0x04b8 [ 8DB7EF3FBE3ECA6D90938E77AEC1A440, 2D953C5964551CBBC9BD4C5AA0121E38B6C0D098A3C806C66B58D124A17D13EA ] SWNC8UA3 C:\windows\system32\DRIVERS\swnc8ua3.sys
02:55:15.0314 0x04b8 SWNC8UA3 - ok
02:55:15.0374 0x04b8 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
02:55:15.0386 0x04b8 swprv - ok
02:55:15.0390 0x04b8 SWUMX20 - ok
02:55:15.0450 0x04b8 [ 6149B0691BEB390A0BDA3A8E90787FD4, D67B239B27148D828BAE325E95B9068CA8F5CDDC9BF4BF3067FE0CF41522333F ] SWUMXA3 C:\windows\system32\DRIVERS\swumxa3.sys
02:55:15.0464 0x04b8 SWUMXA3 - ok
02:55:15.0577 0x04b8 [ 4A89869318F1BBE4448EC8A4471E972F, EF15202B9F4C24101F690244FC3438ED9880C3CFF251B619FAF4C9C1C0CC9487 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
02:55:15.0604 0x04b8 SynTP - ok
02:55:15.0691 0x04b8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
02:55:15.0816 0x04b8 SysMain - ok
02:55:15.0872 0x04b8 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
02:55:15.0885 0x04b8 TabletInputService - ok
02:55:16.0017 0x04b8 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
02:55:16.0038 0x04b8 TapiSrv - ok
02:55:16.0104 0x04b8 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
02:55:16.0116 0x04b8 TBS - ok
02:55:16.0423 0x04b8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
02:55:16.0457 0x04b8 Tcpip - ok
02:55:16.0518 0x04b8 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
02:55:16.0551 0x04b8 TCPIP6 - ok
02:55:16.0627 0x04b8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
02:55:16.0629 0x04b8 tcpipreg - ok
02:55:16.0653 0x04b8 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
02:55:16.0654 0x04b8 TDPIPE - ok
02:55:16.0702 0x04b8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
02:55:16.0734 0x04b8 TDTCP - ok
02:55:16.0798 0x04b8 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
02:55:16.0808 0x04b8 tdx - ok
02:55:16.0893 0x04b8 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
02:55:16.0899 0x04b8 TermDD - ok
02:55:17.0018 0x04b8 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
02:55:17.0037 0x04b8 TermService - ok
02:55:17.0079 0x04b8 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
02:55:17.0083 0x04b8 Themes - ok
02:55:17.0131 0x04b8 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
02:55:17.0134 0x04b8 THREADORDER - ok
02:55:17.0287 0x04b8 [ 0A03E85A641F2672796D34F506066594, B2AA139CC53F25DB1709844483D404A8FA1D010167BCF164B4A31A029C606F7D ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
02:55:17.0291 0x04b8 TomTomHOMEService - ok
02:55:17.0310 0x04b8 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
02:55:17.0321 0x04b8 TrkWks - ok
02:55:17.0408 0x04b8 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
02:55:17.0420 0x04b8 TrustedInstaller - ok
02:55:17.0498 0x04b8 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
02:55:17.0503 0x04b8 tssecsrv - ok
02:55:17.0560 0x04b8 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
02:55:17.0566 0x04b8 TsUsbFlt - ok
02:55:17.0646 0x04b8 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
02:55:17.0655 0x04b8 tunnel - ok
02:55:17.0693 0x04b8 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
02:55:17.0699 0x04b8 uagp35 - ok
02:55:17.0771 0x04b8 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
02:55:17.0828 0x04b8 udfs - ok
02:55:17.0890 0x04b8 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
02:55:17.0897 0x04b8 UI0Detect - ok
02:55:17.0930 0x04b8 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
02:55:17.0936 0x04b8 uliagpkx - ok
02:55:18.0005 0x04b8 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
02:55:18.0010 0x04b8 umbus - ok
02:55:18.0038 0x04b8 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
02:55:18.0041 0x04b8 UmPass - ok
02:55:18.0078 0x04b8 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
02:55:18.0093 0x04b8 upnphost - ok
02:55:18.0134 0x04b8 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
02:55:18.0140 0x04b8 USBAAPL64 - ok
02:55:18.0218 0x04b8 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
02:55:18.0227 0x04b8 usbccgp - ok
02:55:18.0310 0x04b8 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
02:55:18.0318 0x04b8 usbcir - ok
02:55:18.0418 0x04b8 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
02:55:18.0424 0x04b8 usbehci - ok
02:55:18.0490 0x04b8 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
02:55:18.0626 0x04b8 usbhub - ok
02:55:18.0855 0x04b8 [ F9B3054339A71F16430F6585EBC8BE96, F3EA2CE52504CEC03DBD274C40F2A01BFD52960D52454B4CB0614BC203FD0DB7 ] USBMULCD C:\windows\system32\drivers\CM10664.sys
02:55:18.0887 0x04b8 USBMULCD - ok
02:55:18.0953 0x04b8 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
02:55:18.0958 0x04b8 usbohci - ok
02:55:19.0002 0x04b8 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
02:55:19.0005 0x04b8 usbprint - ok
02:55:19.0076 0x04b8 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
02:55:19.0082 0x04b8 usbscan - ok
02:55:19.0131 0x04b8 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
02:55:19.0134 0x04b8 USBSTOR - ok
02:55:19.0148 0x04b8 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
02:55:19.0150 0x04b8 usbuhci - ok
02:55:19.0178 0x04b8 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
02:55:19.0184 0x04b8 usbvideo - ok
02:55:19.0209 0x04b8 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
02:55:19.0213 0x04b8 UxSms - ok
02:55:19.0227 0x04b8 [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\windows\system32\lsass.exe
02:55:19.0229 0x04b8 VaultSvc - ok
02:55:19.0265 0x04b8 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
02:55:19.0270 0x04b8 vdrvroot - ok
02:55:19.0474 0x04b8 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
02:55:19.0498 0x04b8 vds - ok
02:55:19.0544 0x04b8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
02:55:19.0549 0x04b8 vga - ok
02:55:19.0574 0x04b8 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
02:55:19.0594 0x04b8 VgaSave - ok
02:55:19.0652 0x04b8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
02:55:19.0671 0x04b8 vhdmp - ok
02:55:19.0771 0x04b8 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
02:55:19.0788 0x04b8 viaide - ok
02:55:19.0812 0x04b8 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
02:55:19.0819 0x04b8 volmgr - ok
02:55:19.0901 0x04b8 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
02:55:19.0979 0x04b8 volmgrx - ok
02:55:20.0069 0x04b8 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
02:55:20.0075 0x04b8 volsnap - ok
02:55:20.0110 0x04b8 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
02:55:20.0115 0x04b8 vsmraid - ok
02:55:20.0591 0x04b8 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
02:55:20.0623 0x04b8 VSS - ok
02:55:20.0645 0x04b8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
02:55:20.0647 0x04b8 vwifibus - ok
02:55:20.0662 0x04b8 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
02:55:20.0665 0x04b8 vwififlt - ok
02:55:20.0700 0x04b8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
02:55:20.0702 0x04b8 vwifimp - ok
02:55:20.0768 0x04b8 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
02:55:20.0778 0x04b8 W32Time - ok
02:55:20.0802 0x04b8 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
02:55:20.0804 0x04b8 WacomPen - ok
02:55:20.0884 0x04b8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
02:55:20.0893 0x04b8 WANARP - ok
02:55:20.0902 0x04b8 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
02:55:20.0908 0x04b8 Wanarpv6 - ok
02:55:21.0063 0x04b8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
02:55:21.0087 0x04b8 WatAdminSvc - ok
02:55:21.0438 0x04b8 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
02:55:21.0481 0x04b8 wbengine - ok
02:55:21.0543 0x04b8 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
02:55:21.0558 0x04b8 WbioSrvc - ok
02:55:21.0618 0x04b8 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
02:55:21.0631 0x04b8 wcncsvc - ok
02:55:21.0660 0x04b8 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
02:55:21.0665 0x04b8 WcsPlugInService - ok
02:55:21.0715 0x04b8 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
02:55:21.0720 0x04b8 Wd - ok
02:55:21.0842 0x04b8 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
02:55:21.0864 0x04b8 Wdf01000 - ok
02:55:21.0895 0x04b8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
02:55:21.0900 0x04b8 WdiServiceHost - ok
02:55:21.0905 0x04b8 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
02:55:21.0910 0x04b8 WdiSystemHost - ok
02:55:22.0027 0x04b8 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
02:55:22.0042 0x04b8 WebClient - ok
02:55:22.0091 0x04b8 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
02:55:22.0104 0x04b8 Wecsvc - ok
02:55:22.0132 0x04b8 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
02:55:22.0139 0x04b8 wercplsupport - ok
02:55:22.0172 0x04b8 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
02:55:22.0179 0x04b8 WerSvc - ok
02:55:22.0205 0x04b8 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
02:55:22.0207 0x04b8 WfpLwf - ok
02:55:22.0237 0x04b8 [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr C:\windows\system32\DRIVERS\wimfltr.sys
02:55:22.0242 0x04b8 WimFltr - ok
02:55:22.0254 0x04b8 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
02:55:22.0256 0x04b8 WIMMount - ok
02:55:22.0281 0x04b8 WinDefend - ok
02:55:22.0309 0x04b8 WinHttpAutoProxySvc - ok
02:55:22.0382 0x04b8 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
02:55:22.0397 0x04b8 Winmgmt - ok
02:55:22.0599 0x04b8 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
02:55:22.0639 0x04b8 WinRM - ok
02:55:22.0720 0x04b8 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
02:55:22.0725 0x04b8 WinUsb - ok
02:55:22.0773 0x04b8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
02:55:22.0808 0x04b8 Wlansvc - ok
02:55:23.0116 0x04b8 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:55:23.0157 0x04b8 wlidsvc - ok
02:55:23.0242 0x04b8 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
02:55:23.0245 0x04b8 WmiAcpi - ok
02:55:23.0290 0x04b8 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
02:55:23.0299 0x04b8 wmiApSrv - ok
02:55:23.0371 0x04b8 WMPNetworkSvc - ok
02:55:23.0466 0x04b8 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
02:55:23.0477 0x04b8 WPCSvc - ok
02:55:23.0510 0x04b8 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
02:55:23.0523 0x04b8 WPDBusEnum - ok
02:55:23.0539 0x04b8 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
02:55:23.0541 0x04b8 ws2ifsl - ok
02:55:23.0575 0x04b8 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
02:55:23.0588 0x04b8 wscsvc - ok
02:55:23.0595 0x04b8 WSearch - ok
02:55:23.0662 0x04b8 [ 83575C43B2BFE9AB0661A7F957E843C0, 6FCE62721902A4F35F1A4CED8AF60A0346CFAB657ED92DE4CEFF19BDB830D32D ] wsvd C:\windows\system32\DRIVERS\wsvd.sys
02:55:23.0673 0x04b8 wsvd - ok
02:55:23.0916 0x04b8 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\windows\system32\wuaueng.dll
02:55:23.0962 0x04b8 wuauserv - ok
02:55:23.0988 0x04b8 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
02:55:23.0991 0x04b8 WudfPf - ok
02:55:24.0051 0x04b8 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
02:55:24.0061 0x04b8 WUDFRd - ok
02:55:24.0084 0x04b8 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
02:55:24.0090 0x04b8 wudfsvc - ok
02:55:24.0144 0x04b8 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
02:55:24.0151 0x04b8 WwanSvc - ok
02:55:24.0407 0x04b8 [ B31BCF1893140E86AEE416A6D049B197, 52C534B3B004149880F7927BF33676ABAD55EAED64ED5D54494925B3FC543AB2 ] ZGtfxyv C:\ProgramData\myXaturuft\ZGtfxyv.exe
02:55:24.0448 0x04b8 ZGtfxyv - ok
02:55:24.0575 0x04b8 ================ Scan global ===============================
02:55:24.0607 0x04b8 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
02:55:24.0674 0x04b8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
02:55:24.0699 0x04b8 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
02:55:24.0789 0x04b8 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
02:55:24.0865 0x04b8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
02:55:24.0935 0x04b8 [ Global ] - ok
02:55:24.0936 0x04b8 ================ Scan MBR ==================================
02:55:24.0953 0x04b8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
02:55:25.0324 0x04b8 \Device\Harddisk0\DR0 - ok
02:55:25.0579 0x04b8 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
02:55:25.0604 0x04b8 \Device\Harddisk1\DR1 - ok
02:55:25.0605 0x04b8 ================ Scan VBR ==================================
02:55:25.0610 0x04b8 [ D6BA636F4099CEBFC5CA1015EDF18CB2 ] \Device\Harddisk0\DR0\Partition1
02:55:25.0615 0x04b8 \Device\Harddisk0\DR0\Partition1 - ok
02:55:25.0620 0x04b8 [ 4D3DC9A246BCAD1646EF7C1AAF627775 ] \Device\Harddisk0\DR0\Partition2
02:55:25.0624 0x04b8 \Device\Harddisk0\DR0\Partition2 - ok
02:55:25.0676 0x04b8 [ 02A21DD51A97CB1D2DFE303B32AD199E ] \Device\Harddisk0\DR0\Partition3
02:55:25.0680 0x04b8 \Device\Harddisk0\DR0\Partition3 - ok
02:55:25.0686 0x04b8 [ 955EBA4DC0D0CCFC87A7E723CD9A54B7 ] \Device\Harddisk1\DR1\Partition1
02:55:25.0691 0x04b8 \Device\Harddisk1\DR1\Partition1 - ok
02:55:25.0691 0x04b8 ================ Scan generic autorun ======================
02:55:26.0685 0x04b8 [ 492916D95898A5209F8458C5D5749F42, 66C28E391D29E69072079E7F3F5E31CC531790C700834D53CCB1E84AA8908D6B ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
02:55:26.0890 0x04b8 RtHDVCpl - ok
02:55:27.0184 0x04b8 [ 935A5A35D6042188F55B90808E9A6154, 5BA04B4CDC86C84E40C71B636C3779B97EE993C7694072B1D2109D8B5A0FA22F ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
02:55:27.0223 0x04b8 RtHDVBg - ok
02:55:27.0225 0x04b8 SynTPEnh - ok
02:55:27.0227 0x04b8 SynBtnAsst - ok
02:55:27.0381 0x04b8 [ 3C00F6A3533EE15A4131613CCEF47F3E, BB741C16312BA95132716FE543619FA7D052403F0B85B04FD345783A856EF9B0 ] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
02:55:27.0395 0x04b8 OnekeyStudio - ok
02:55:28.0090 0x04b8 [ 5B744B1AD212D10B362B3111EC5206B2, 73CD25F7E7CC94579E9E3C96DB2A7F52139F15D5D91676AA05112989233B2FD4 ] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
02:55:28.0170 0x04b8 EnergyUtility - ok
02:55:28.0475 0x04b8 [ D84DBB6B60567DC9AC2A2A202B9E4DF9, C60440D252DC7C9D9A3E309CC2998A601C5DE43F52BF91810562355925EDDB71 ] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
02:55:28.0597 0x04b8 Energy Management - ok
02:55:28.0679 0x04b8 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\windows\syswow64\RunDll32.exe
02:55:28.0682 0x04b8 Cm106Sound - ok
02:55:28.0761 0x04b8 [ 906B5E44666619B044A21D3E9ACCBFA6, 0DA3CC61EA11D8CE1BA6DA22FEDEFF10FAF56B95C1071CA962F583B1AA481B8C ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
02:55:28.0769 0x04b8 StartCCC - ok
02:55:28.0837 0x04b8 [ D3BA2D9CA8905B07907024A394D1BE8B, 384EC5984DCD62724261F1A465036F8B68727D69BAB9690F7B28D7CED22FA493 ] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
02:55:28.0849 0x04b8 MuteSync - ok
02:55:28.0928 0x04b8 [ A01FB0B0C58319FB350A53EDAA947D36, F096607CEA3EB1D569B9767B98C1409F54332A97B78848BC3CBEB92FDFAAB787 ] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe
02:55:28.0941 0x04b8 UpdateP2GShortCut - ok
02:55:29.0393 0x04b8 [ 046E8CB31743FC5D73A36F23DD2268F8, 229A39BAA4DBA8537FA641B513BEEDEA40F8BEAF5AA89D0A335E70843167C27F ] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
02:55:29.0403 0x04b8 Lenovo SlideNav2 - ok
02:55:29.0484 0x04b8 [ A43625D9BC48DD439053E3F1CE9028C0, 81466418A3A50398AEF649D9F7D91D11F82147873F198C0B21AD56482FB40A00 ] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe
02:55:29.0504 0x04b8 Lenovo SplitScreen - ok
02:55:29.0624 0x04b8 [ 4EFCDF3DB1BBA69C09622991280C4ACB, A86D4694BCFFF3C0FAF07C56A410A8317A953FB581CDCDBED5CAF735A0E2AC0D ] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe
02:55:29.0638 0x04b8 UCam_Menu - ok
02:55:30.0111 0x04b8 [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
02:55:30.0183 0x04b8 AvastUI.exe - ok
02:55:30.0551 0x04b8 [ 7EE68A122ED08E4AAD8DA551E34D2515, B3C9AB270AF595D3DBAFBF4A312B96CBF00C16F0A03CCC86BE56825CD1EB7143 ] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
02:55:30.0622 0x04b8 SDTray - ok
02:55:30.0799 0x04b8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
02:55:30.0820 0x04b8 Sidebar - ok
02:55:30.0882 0x04b8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
02:55:30.0889 0x04b8 mctadmin - ok
02:55:30.0980 0x04b8 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
02:55:31.0000 0x04b8 Sidebar - ok
02:55:31.0059 0x04b8 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
02:55:31.0069 0x04b8 mctadmin - ok
02:55:31.0136 0x04b8 [ D72D08898E2BA14B8FD6E9533C714385, F4337D46BBB5886ED654157C3BB1B2779376E919F1C5D8E5FF2F8C6B7306F8C4 ] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
02:55:31.0142 0x04b8 FileHippo.com - ok
02:55:31.0376 0x04b8 [ 48C3EBD6D5E52AFCB1A0FA9B7F9802FA, 4F2E27AA8305FFC94F65C65C5FDB8462C92ED02A7B37627404382C3CAB65AC59 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
02:55:31.0380 0x04b8 iCloudServices - ok
02:55:31.0443 0x04b8 [ 799BCC829F48F19C5689478179060435, 495C6E363982F7BE1785A46C12ED4AC99E0AF98F340F1CE3C55D39EBE6FE33AA ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
02:55:31.0447 0x04b8 ApplePhotoStreams - ok
02:55:31.0670 0x04b8 [ AC08A03D7E579E2903925736E7AB48F2, B4350DFB5BF153D60C38835FD0D4A13A993B5FCEDE04F98750396EDF0070B3FE ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
02:55:31.0685 0x04b8 GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD - ok
02:55:31.0810 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0822 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64 - ok
02:55:31.0839 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0847 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 - ok
02:55:31.0860 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0866 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64 - ok
02:55:31.0878 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0885 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530_1\amd64 - ok
02:55:31.0898 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0904 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64 - ok
02:55:31.0917 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0924 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64 - ok
02:55:31.0936 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0943 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64 - ok
02:55:31.0955 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0961 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64 - ok
02:55:31.0973 0x04b8 [ 5746BD7E255DD6A8AFA06F7C42C1BA41, DB06C3534964E3FC79D2763144BA53742D7FA250CA336F4A0FE724B75AAFF386 ] C:\windows\system32\cmd.exe
02:55:31.0980 0x04b8 Uninstall C:\Users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64 - ok
02:55:31.0981 0x04b8 Waiting for KSN requests completion. In queue: 111
02:55:32.0981 0x04b8 Waiting for KSN requests completion. In queue: 111
02:55:33.0981 0x04b8 Waiting for KSN requests completion. In queue: 111
02:55:34.0981 0x04b8 Waiting for KSN requests completion. In queue: 111
02:55:36.0038 0x04b8 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x40000 ( disabled : updated )
02:55:36.0125 0x04b8 Win FW state via NFP2: enabled
02:55:39.0107 0x04b8 ============================================================
02:55:39.0107 0x04b8 Scan finished
02:55:39.0107 0x04b8 ============================================================
02:55:39.0123 0x08fc Detected object count: 0
02:55:39.0123 0x08fc Actual detected object count: 0

TheJDawg
2014-09-17, 20:05
Btw thanks for your time and effort to try solve this problem. I think it must be annoying by now - this job.

ken545
2014-09-17, 20:49
No, your far from annoying, dont even go there. I have seen this solved on other forums with the tools we first used, not sure why its still present. TDSSkiller checks for and removes Rootkit type of infections that most times are responsible for popups and redirects but this tool found nothing.

I am going to have you run a couple of more tools.

--RogueKiller--


Download & SAVE to your Desktop RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe) or 32 BIT (http://tigzy.geekstogo.com/Tools/RogueKiller.exe)
Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7, right-click and select "Run as Administrator to start"
For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller+

ken545
2014-09-17, 22:58
Some of the programs that came bundled with Instashare may be the problem


Open notepad (Start --> All Programs --> Accessories --> Notepad).
Please copy the entire contents of the code box below.
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.



Start
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Task: {2E2818CD-D83C-47C2-BEFE-6DBFACC268ED} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {F89B0AAF-30A9-477D-AE3A-E08EAA057CED} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
Task: C:\windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: C:\windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
Hosts:
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Then open FRST or FRST64 and click on fix
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

TheJDawg
2014-09-18, 04:27
RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jonesboy [Admin rights]
Mode : Scan -- Date : 09/18/2014 11:23:10

¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] (SVC) ZGtfxyv -- "C:\ProgramData\myXaturuft\ZGtfxyv.exe"[7] -> ERROR [41c]

¤¤¤ Registry Entries : 30 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ZGtfxyv ("C:\ProgramData\myXaturuft\ZGtfxyv.exe") -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZGtfxyv ("C:\ProgramData\myXaturuft\ZGtfxyv.exe") -> FOUND
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ZGtfxyv ("C:\ProgramData\myXaturuft\ZGtfxyv.exe") -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.138 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF} | NameServer : 198.142.0.51 61.88.88.88 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{44074071-4078-4E67-9DBE-D8430C15E822} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688} | NameServer : 198.142.0.51 61.88.88.88 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F87A9338-CDD1-4582-A2C5-4B60D3BCFE22} | DhcpNameServer : 10.0.0.138 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF} | NameServer : 198.142.0.51 61.88.88.88 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{44074071-4078-4E67-9DBE-D8430C15E822} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688} | NameServer : 198.142.0.51 61.88.88.88 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F87A9338-CDD1-4582-A2C5-4B60D3BCFE22} | DhcpNameServer : 10.0.0.138 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF} | NameServer : 198.142.0.51 61.88.88.88 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{44074071-4078-4E67-9DBE-D8430C15E822} | DhcpNameServer : 172.20.10.1 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688} | NameServer : 198.142.0.51 61.88.88.88 -> FOUND
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{F87A9338-CDD1-4582-A2C5-4B60D3BCFE22} | DhcpNameServer : 10.0.0.138 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.theage.com.au/ -> FOUND
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.theage.com.au/ -> FOUND
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> FOUND
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01 -> FOUND

¤¤¤ Scheduled tasks : 3 ¤¤¤
[Suspicious.Path] ROC_JAN2013_TB_rmv.job -- C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe (--uninstall=1) -> FOUND
[Suspicious.Path] \\Launch HTC Sync Loader -- C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (-startup) -> FOUND
[Suspicious.Path] \\ROC_JAN2013_TB_rmv -- C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe (--uninstall=1) -> FOUND

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT1 +++++
--- User ---
[MBR] ff86612a32a406881e80b5d7882149fd
[BSP] d9b68f08053ff116c356b7fcfe921ade : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 668670 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1369847808 | Size: 31425 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 MB
User = LL1 ... OK
User = LL2 ... OK

ken545
2014-09-18, 04:30
Go ahead and run the fix with FRST and we can go from there

TheJDawg
2014-09-18, 04:40
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Jonesboy at 2014-09-18 11:30:52 Run:2
Running from C:\Users\Jonesboy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
Task: {2E2818CD-D83C-47C2-BEFE-6DBFACC268ED} - System32\Tasks\SpeedUpMyPC => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: {81754E45-FFF8-4866-9A32-B2FDA551E27D} - System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [2012-11-23] (FileHippo.com)
Task: {F89B0AAF-30A9-477D-AE3A-E08EAA057CED} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
Task: C:\windows\Tasks\SpeedUpMyPC.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\sump.exe <==== ATTENTION
Task: C:\windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
Hosts:
EmptyTemp:
End
*****************

[6108] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe => Process closed successfully.
HKU\S-1-5-21-3601747211-198960775-3737481478-1001\Software\Microsoft\Windows\CurrentVersion\Run\\FileHippo.com => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value not found.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
FileHippo Update Checker Packages (HKCU\...\FileHippo Update Checker Packages) (Version: - ) <==== ATTENTION => Error: No automatic fix found for this entry.
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - ) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E2818CD-D83C-47C2-BEFE-6DBFACC268ED}" => Key not found.
C:\Windows\System32\Tasks\SpeedUpMyPC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpeedUpMyPC" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{81754E45-FFF8-4866-9A32-B2FDA551E27D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{81754E45-FFF8-4866-9A32-B2FDA551E27D}" => Key deleted successfully.
C:\Windows\System32\Tasks\{E90617FB-07C0-4AB6-9D0E-10E6146971EE} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E90617FB-07C0-4AB6-9D0E-10E6146971EE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F89B0AAF-30A9-477D-AE3A-E08EAA057CED}" => Key not found.
C:\Windows\System32\Tasks\spmonitor not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\spmonitor" => Key not found.
C:\windows\Tasks\SpeedUpMyPC.job not found.
C:\windows\Tasks\spmonitor.job not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 401.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

ken545
2014-09-18, 04:46
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.

C:\ProgramData\myXaturuft\ZGtfxyv.exe <-- This file

If the site is busy you can try this one
http://virusscan.jotti.org/en

TheJDawg
2014-09-18, 05:03
SHA256: 52c534b3b004149880f7927bf33676abad55eaed64ed5d54494925b3fc543ab2
File name: ZGtfxyv.exe
Detection ratio: 3 / 55
Analysis date: 2014-09-18 02:00:50 UTC ( 0 minutes ago )
0 0
Analysis
File detail
Additional information
Comments
Votes
Behavioural information
Antivirus Result Update
Baidu-International Adware.MSIL.PullUpdate.bE 20140917
Comodo ApplicUnwnt 20140917
ESET-NOD32 a variant of MSIL/Adware.PullUpdate.E 20140918
AVG 20140917
AVware 20140918
Ad-Aware 20140918
AegisLab 20140918
Agnitum 20140917
AhnLab-V3 20140917
Antiy-AVL 20140918
Avast 20140918
Avira 20140918
BitDefender 20140918
Bkav 20140916
ByteHero 20140918
CAT-QuickHeal 20140917
CMC 20140917
ClamAV 20140917
Cyren 20140918
DrWeb 20140918
Emsisoft 20140918
F-Prot 20140918
F-Secure 20140918
Fortinet 20140918
GData 20140918
Ikarus 20140918
Jiangmin 20140917
K7AntiVirus 20140917
K7GW 20140917
Kaspersky 20140918
Kingsoft 20140918
Malwarebytes 20140918
McAfee 20140918
McAfee-GW-Edition 20140917
MicroWorld-eScan 20140918
Microsoft 20140917
NANO-Antivirus 20140918
Norman 20140917
Panda 20140917
Qihoo-360 20140918
Rising 20140917
SUPERAntiSpyware 20140918
Sophos 20140918
Symantec 20140918
Tencent 20140918
TheHacker 20140917
TotalDefense 20140917
TrendMicro 20140918
TrendMicro-HouseCall 20140918
VBA32 20140917
VIPRE 20140918
ViRobot 20140918
Zillya 20140917
Zoner 20140916
nProtect 20140917

TheJDawg
2014-09-18, 05:13
File already analysed
This file was last analysed by VirusTotal on 2014-09-18 02:00:50 UTC, it was first analysed by VirusTotal on 2014-09-10 15:01:26 UTC.

Detection ratio: 3/55

You can take a look at the last analysis or analyse it again now.

TheJDawg
2014-09-18, 05:18
Filename: ZGtfxyv.exe
Status:
Scan finished. 1 out of 22 scanners reported malware.
Scan taken on: Thu 18 Sep 2014 04:17:23 (CET) Permalink

TheJDawg
2014-09-18, 05:19
http://virusscan.jotti.org/en/scanresult/3214f9140acd7888d7b7236e782b40704a376266

TheJDawg
2014-09-18, 05:23
https://www.virustotal.com/en/file/52c534b3b004149880f7927bf33676abad55eaed64ed5d54494925b3fc543ab2/analysis/1411006923/

ken545
2014-09-18, 13:18
Lets try one more file scanner to be sure

http://virusscan.jotti.org/en

C:\ProgramData\myXaturuft\ZGtfxyv.exe

TheJDawg
2014-09-18, 16:30
http://virusscan.jotti.org/en/scanresult/78b6324881b236cb971e2d9d657619690675ad72

ken545
2014-09-18, 16:54
Not convinced that is ok, whenever I google a file and it gets no hits its mostly bad

You need to run the 64bit version
Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:dir
Xaturuft
:file
ZGtfxyv.exe

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

TheJDawg
2014-09-18, 17:04
SystemLook 30.07.11 by jpshortstuff
Log created at 00:04 on 19/09/2014 by Jonesboy
Administrator - Elevation successful

========== dir ==========

Xaturuft - Unable to find folder.

========== file ==========

ZGtfxyv.exe - Unable to find/read file.

-= EOF =-

ken545
2014-09-18, 17:09
Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

TheJDawg
2014-09-18, 18:14
ComboFix 14-09-18.01 - Jonesboy 19/09/2014 0:51.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8173.5568 [GMT 10:00]
Running from: c:\users\Jonesboy\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Setup.exe
c:\users\Jonesboy\AppData\Roaming\.#
c:\windows\MICROSOFT
c:\windows\MICROSOFT\sogr\BaseLibrary.dll
c:\windows\MICROSOFT\sogr\ConfigurationData.dll
c:\windows\MICROSOFT\sogr\InstallerLibrary.dll
c:\windows\MICROSOFT\sogr\Ionic.Zip.dll
c:\windows\MICROSOFT\sogr\LinqBridge.dll
c:\windows\MICROSOFT\sogr\NetServ.Net.Json.dll
c:\windows\MICROSOFT\sogr\SQLite.Interop.dll
c:\windows\MICROSOFT\sogr\System.Data.SQLite.dll
c:\windows\MICROSOFT\UpdatingService\ConfigurationData.dll
c:\windows\MICROSOFT\UpdatingService\InstallerLibrary.dll
c:\windows\MICROSOFT\UpdatingService\LinqBridge.dll
c:\windows\MICROSOFT\UpdatingService\NetServ.Net.Json.dll
c:\windows\MICROSOFT\UpdatingService\NewVersionDownloader.exe
c:\windows\MICROSOFT\UpdatingService\SQLite.Interop.dll
c:\windows\MICROSOFT\UpdatingService\System.Data.SQLite.dll
c:\windows\s.bat
c:\windows\system\fltr106.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_DCService.exe
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-08-18 to 2014-09-18 )))))))))))))))))))))))))))))))
.
.
2014-09-18 01:15 . 2014-09-18 01:15 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-18 01:15 . 2014-09-18 01:15 -------- d-----w- c:\programdata\RogueKiller
2014-09-16 14:43 . 2014-09-16 14:43 -------- d-----w- C:\InstaShare
2014-09-15 22:59 . 2014-09-15 22:59 -------- d-----w- c:\windows\ERUNT
2014-09-15 22:50 . 2014-09-15 22:50 -------- d-----w- c:\programdata\Browser
2014-09-15 22:39 . 2010-08-29 22:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-15 22:38 . 2014-09-15 22:43 -------- d-----w- C:\AdwCleaner
2014-09-15 11:25 . 2014-09-18 01:31 -------- d-----w- C:\FRST
2014-09-15 11:23 . 2014-09-15 11:23 -------- d-----w- C:\RegBackup
2014-09-15 11:23 . 2014-09-15 11:23 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-09-15 10:59 . 2014-09-15 11:14 -------- d-----w- c:\programdata\HitmanPro
2014-09-15 09:26 . 2014-09-15 09:26 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-09-15 07:02 . 2014-09-15 07:02 -------- d-----w- c:\users\Jonesboy\AppData\Local\speed browser
2014-09-14 07:03 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D66A2EE9-B543-4035-A695-E6FF56F4A392}\mpengine.dll
2014-09-13 22:41 . 2014-09-13 22:42 -------- d-----w- c:\users\Jonesboy\AppData\Local\CutePDF Writer
2014-09-13 22:32 . 2014-09-13 22:32 -------- d-----w- c:\program files (x86)\GPLGS
2014-09-13 22:30 . 2014-09-15 09:03 -------- d-----w- c:\program files (x86)\Acro Software
2014-09-13 22:30 . 2014-09-15 09:14 -------- d-----w- c:\program files\Common Files\PicRec
2014-09-13 22:30 . 2014-08-25 02:14 49880 ----a-w- c:\windows\system32\drivers\netmon_wfp.sys
2014-09-13 22:29 . 2014-09-18 14:34 -------- d-----w- c:\users\Jonesboy\AppData\Local\InstaShare
2014-09-13 22:29 . 2014-09-13 22:29 -------- d-----w- c:\programdata\myXaturuft
2014-09-13 07:52 . 2014-09-13 07:52 -------- d-----w- c:\users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-09-13 07:51 . 2014-09-13 07:51 -------- d-----w- c:\program files\iPod
2014-09-13 07:51 . 2014-09-13 07:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 07:51 . 2014-09-13 07:52 -------- d-----w- c:\program files\iTunes
2014-09-13 07:51 . 2014-09-13 07:52 -------- d-----w- c:\program files (x86)\iTunes
2014-09-10 05:53 . 2014-08-18 23:02 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-09-10 05:43 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 05:43 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 05:41 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 05:41 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 05:41 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 05:41 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 05:41 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 05:41 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 05:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 05:41 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 05:41 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 05:40 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 05:40 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-03 23:13 . 2014-09-03 23:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-29 02:38 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 02:38 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-29 02:38 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-23 12:17 . 2014-08-23 12:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-21 15:54 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-21 15:54 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-21 15:54 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-21 15:54 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 15:53 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-21 15:53 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-21 15:53 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-21 15:53 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-21 15:53 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 15:53 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 15:53 . 2014-05-14 02:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 15:53 . 2014-05-14 02:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-21 15:53 . 2014-05-14 02:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 15:53 . 2014-05-14 02:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-18 15:06 . 2014-05-25 12:18 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 09:36 . 2012-04-02 11:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 09:36 . 2012-03-05 12:07 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 05:44 . 2012-02-15 06:56 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-29 02:59 . 2012-07-17 04:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-27 00:46 . 2014-06-21 17:07 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-23 12:20 . 2013-10-17 15:15 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-06 15:01 . 2014-08-06 15:01 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-08-04 23:20 . 2012-04-26 03:14 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-31 12:44 . 2014-07-31 12:44 321448 ----a-w- c:\windows\system32\javaws.exe
2014-07-31 12:44 . 2014-03-29 03:55 191400 ----a-w- c:\windows\system32\javaw.exe
2014-07-31 12:44 . 2014-03-29 03:55 190888 ----a-w- c:\windows\system32\java.exe
2014-07-25 05:55 . 2014-08-10 14:40 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-24 16:35 . 2014-07-24 16:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 13:47 . 2014-07-24 13:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-13 02:15 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 02:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 02:15 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 02:15 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 02:15 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 02:15 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 02:15 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-05 02:52 . 2013-11-07 09:27 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-04 08:20 . 2014-01-03 10:23 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-04 08:20 . 2013-03-06 15:13 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-04 08:20 . 2012-03-10 13:29 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-04 08:20 . 2014-04-30 14:42 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-04 08:20 . 2013-03-06 15:13 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 08:20 . 2012-03-10 13:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-04 08:20 . 2012-03-10 13:29 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 08:20 . 2012-03-10 13:29 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-04 08:20 . 2014-07-04 08:20 43152 ----a-w- c:\windows\avastSS.scr
2014-06-30 22:24 . 2014-08-13 06:42 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 06:42 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-13 02:15 14175744 ----a-w- c:\windows\system32\shell32.dll
2013-03-06 15:54 . 2013-03-06 15:13 4096000 ----a-w- c:\program files (x86)\GUTD3D4.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-08 01:55 233128 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-08 01:55 233128 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-08 01:55 233128 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-27 00:49 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-27 00:49 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-27 00:49 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-09-04 852808]
"Viber"="c:\users\Jonesboy\AppData\Local\Viber\Viber.exe" [2014-06-10 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" [2010-06-23 778592]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys;c:\windows\SYSNATIVE\drivers\massfilter_lte.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kser00.sys [x]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx64.sys;c:\windows\SYSNATIVE\DRIVERS\swiwdmbx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys;c:\windows\SYSNATIVE\DRIVERS\swumxa3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 ZGtfxyv;ZGtfxyv;c:\programdata\myXaturuft\ZGtfxyv.exe;c:\programdata\myXaturuft\ZGtfxyv.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 06:36 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:36]
.
2013-07-07 c:\windows\Tasks\BCK1 7 July 2013.job
- c:\program files (x86)\AceBIT\AceBackup 3\AceBackup.exe [2013-07-07 08:00]
.
2013-07-13 c:\windows\Tasks\BCK2 13 07 13.job
- c:\program files (x86)\AceBIT\AceBackup 3\AceBackup.exe [2013-07-07 08:00]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 11:17]
.
2014-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 11:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-08 01:55 260776 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-08 01:55 260776 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-08 01:55 260776 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-27 00:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-27 00:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-27 00:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-04 08:20 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-03-15 789920]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-23 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-09-15 7069088]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2008-09-05 7700480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.theage.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = localhost:8080
Trusted Zone: incrediblecharts.com\*
Trusted Zone: incrediblecharts.com\*
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF}: NameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688}: NameServer = 198.142.0.51 61.88.88.88
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///F:/activeX/DCP.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynBtnAsst - c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\photostage.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD YouTube Downloader & Converter\uninstall.exe
AddRemove-MyFreeCodec - c:\program files (x86)\MyFree Codec\1.0b beta\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
.
**************************************************************************
.
Completion time: 2014-09-19 01:12:47 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-18 15:12
.
Pre-Run: 73,596,338,176 bytes free
Post-Run: 72,739,139,584 bytes free
.
- - End Of File - - 1B91C5FC12CE192FB1424934DE5F37E7

TheJDawg
2014-09-18, 18:36
Trying not to get too excited. But we may have had a win!:)

ken545
2014-09-18, 19:25
Working on a fix but will be gone for a few hours, first before I add it for removal did you set this proxy ?

uInternet Settings,ProxyServer = localhost:8080

TheJDawg
2014-09-19, 03:22
Insta share is back but was missing for a short time after i ran the combo fix.

any way no I haven't set that proxy.

thanks

ken545
2014-09-19, 03:58
OK, lets do this

Download MiniToolBox (http://download.bleepingcomputer.com/farbar/MiniToolBox.exe) and save it to your desktop and run it.

Checkmark following checkboxes:

Flush DNS
Reset IE Proxy Settings


Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.




=========================================================



Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::




Driver::
ZGtfxyv

File::
c:\programdata\myXaturuft\ZGtfxyv.exe

Folder::
c:\users\Jonesboy\AppData\Local\speed browser
c:\users\Jonesboy\AppData\Local\InstaShare
c:\programdata\myXaturuft

Registry::
[-HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ZGtfxyv]
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ZGtfxyv]
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ZGtfxyv]


Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

http://i24.photobucket.com/albums/c30/ken545/CFScriptB-4.gif


This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

TheJDawg
2014-09-19, 07:20
MiniToolBox by Farbar Version: 21-07-2014
Ran by Jonesboy (administrator) on 19-09-2014 at 14:19:43
Running from "C:\Users\Jonesboy\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****

TheJDawg
2014-09-19, 07:57
ComboFix 14-09-18.01 - Jonesboy 19/09/2014 14:25:14.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.8173.5732 [GMT 10:00]
Running from: c:\users\Jonesboy\Desktop\ComboFix.exe
Command switches used :: c:\users\Jonesboy\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\myXaturuft\ZGtfxyv.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\myXaturuft
c:\programdata\myXaturuft\dat\CfIpFKLj.dll
c:\programdata\myXaturuft\dat\CmSivVvT.exe
c:\programdata\myXaturuft\dat\CmSivVvT.exe.config
c:\programdata\myXaturuft\dat\CpgMFjEDfFN.exe
c:\programdata\myXaturuft\dat\CpgMFjEDfFN.exe.config
c:\programdata\myXaturuft\dat\jLAwgsKO.dll
c:\programdata\myXaturuft\dat\YdkOGvFnTaa.dll
c:\programdata\myXaturuft\info.dat
c:\programdata\myXaturuft\ZGtfxyv.dat
c:\programdata\myXaturuft\ZGtfxyv.exe
c:\programdata\myXaturuft\ZGtfxyv.exe.config
c:\users\Jonesboy\AppData\Local\InstaShare
c:\users\Jonesboy\AppData\Local\InstaShare\data2.dat
c:\users\Jonesboy\AppData\Local\speed browser
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Archived History-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Archived History
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Bookmarks
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\data_0
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\data_1
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\data_2
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\data_3
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000001
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000002
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000003
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000004
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000005
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000006
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000007
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000008
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_000009
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_00000a
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_00000b
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_00000c
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\f_00000d
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cache\index
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cookies-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Cookies
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Current Session
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension Cookies-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension Cookies
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension State\000003.log
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension State\CURRENT
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension State\LOCK
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension State\LOG
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extension State\MANIFEST-000002
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\bg\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ca\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\cs\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\da\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\de\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\el\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\en_GB\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\es_419\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\et\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fi\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fil\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\fr\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hi\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hr\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\hu\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\id\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\it\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ja\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ko\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lt\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\lv\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nb\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\nl\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pl\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_BR\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\pt_PT\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ro\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\ru\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sk\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sl\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sr\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\sv\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\th\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\tr\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\uk\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\vi\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_CN\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_locales\zh_TW\messages.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\_metadata\verified_contents.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_background.js
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\craw_window.js
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\css\craw_window.css
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\html\craw_window.html
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\flapper.gif
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_128.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\icon_16.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_close.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_hover.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_maximize.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\images\topbar_floating_button_pressed.png
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\manifest.json
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Favicons-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Favicons
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Google Profile.ico
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\GPUCache\data_0
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\GPUCache\data_1
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\GPUCache\data_2
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\GPUCache\data_3
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\GPUCache\index
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\History-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\History Provider Cache
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\History
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\JumpListIcons\7E5E.tmp
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\JumpListIcons\7E5F.tmp
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\JumpListIconsOld\92B.tmp
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\JumpListIconsOld\92C.tmp
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_igjjkeeamkpihpncmmbgdkhdnjpcfmfb_0.localstorage
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Network Action Predictor-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Network Action Predictor
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Origin Bound Certs-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Origin Bound Certs
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Preferences
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\README
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Session Storage\000003.log
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Session Storage\CURRENT
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Session Storage\LOCK
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Session Storage\LOG
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Session Storage\MANIFEST-000002
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Shortcuts-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Shortcuts
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Top Sites-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Top Sites
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Visited Links
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Web Data-journal
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Default\Web Data
c:\users\Jonesboy\AppData\Local\speed browser\User Data\Local State
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ZGtfxyv
.
.
((((((((((((((((((((((((( Files Created from 2014-08-19 to 2014-09-19 )))))))))))))))))))))))))))))))
.
.
2014-09-19 04:35 . 2014-09-19 04:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-09-19 04:35 . 2014-09-19 04:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-18 01:15 . 2014-09-18 01:15 36456 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-18 01:15 . 2014-09-18 01:15 -------- d-----w- c:\programdata\RogueKiller
2014-09-16 14:43 . 2014-09-16 14:43 -------- d-----w- C:\InstaShare
2014-09-15 22:59 . 2014-09-15 22:59 -------- d-----w- c:\windows\ERUNT
2014-09-15 22:50 . 2014-09-15 22:50 -------- d-----w- c:\programdata\Browser
2014-09-15 22:39 . 2010-08-29 22:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-15 22:38 . 2014-09-15 22:43 -------- d-----w- C:\AdwCleaner
2014-09-15 11:25 . 2014-09-18 01:31 -------- d-----w- C:\FRST
2014-09-15 11:23 . 2014-09-15 11:23 -------- d-----w- C:\RegBackup
2014-09-15 11:23 . 2014-09-15 11:23 -------- d-----w- c:\program files (x86)\Tweaking.com
2014-09-15 10:59 . 2014-09-15 11:14 -------- d-----w- c:\programdata\HitmanPro
2014-09-15 09:26 . 2014-09-15 09:26 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-09-13 22:41 . 2014-09-13 22:42 -------- d-----w- c:\users\Jonesboy\AppData\Local\CutePDF Writer
2014-09-13 22:32 . 2014-09-13 22:32 -------- d-----w- c:\program files (x86)\GPLGS
2014-09-13 22:30 . 2014-09-15 09:03 -------- d-----w- c:\program files (x86)\Acro Software
2014-09-13 22:30 . 2014-09-15 09:14 -------- d-----w- c:\program files\Common Files\PicRec
2014-09-13 22:30 . 2014-08-25 02:14 49880 ----a-w- c:\windows\system32\drivers\netmon_wfp.sys
2014-09-13 07:52 . 2014-09-13 07:52 -------- d-----w- c:\users\Jonesboy\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-09-13 07:51 . 2014-09-13 07:51 -------- d-----w- c:\program files\iPod
2014-09-13 07:51 . 2014-09-13 07:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 07:51 . 2014-09-13 07:52 -------- d-----w- c:\program files\iTunes
2014-09-13 07:51 . 2014-09-13 07:52 -------- d-----w- c:\program files (x86)\iTunes
2014-09-10 05:53 . 2014-08-18 23:02 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-09-10 05:43 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 05:43 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 05:41 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 05:41 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 05:41 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 05:41 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 05:41 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 05:41 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 05:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 05:41 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 05:41 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 05:40 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 05:40 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-03 23:13 . 2014-09-03 23:13 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-29 02:38 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-29 02:38 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-29 02:38 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-23 12:17 . 2014-08-23 12:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-21 15:54 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-21 15:54 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-21 15:54 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-21 15:54 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-21 15:53 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-21 15:53 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-21 15:53 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-21 15:53 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-21 15:53 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-21 15:53 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-21 15:53 . 2014-05-14 02:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-21 15:53 . 2014-05-14 02:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-21 15:53 . 2014-05-14 02:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-21 15:53 . 2014-05-14 02:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-19 04:42 . 2014-05-25 12:18 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-10 09:36 . 2012-04-02 11:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 09:36 . 2012-03-05 12:07 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-10 05:44 . 2012-02-15 06:56 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-09 02:05 . 2014-09-19 00:52 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04522554-3A5D-46F6-A6F4-E52F6E331509}\mpengine.dll
2014-08-29 02:59 . 2012-07-17 04:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-27 00:46 . 2014-06-21 17:07 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-24 20:53 . 2012-04-26 03:14 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 12:20 . 2013-10-17 15:15 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-08-06 15:01 . 2014-08-06 15:01 122584 ----a-w- c:\windows\system32\drivers\48230029.sys
2014-07-31 12:44 . 2014-07-31 12:44 321448 ----a-w- c:\windows\system32\javaws.exe
2014-07-31 12:44 . 2014-03-29 03:55 191400 ----a-w- c:\windows\system32\javaw.exe
2014-07-31 12:44 . 2014-03-29 03:55 190888 ----a-w- c:\windows\system32\java.exe
2014-07-25 05:55 . 2014-08-10 14:40 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-24 16:35 . 2014-07-24 16:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 13:47 . 2014-07-24 13:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-13 02:15 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-13 02:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-13 02:15 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-13 02:15 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-13 02:15 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-13 02:15 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-13 02:15 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-13 02:15 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-07-05 02:52 . 2013-11-07 09:27 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-04 08:20 . 2014-01-03 10:23 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-04 08:20 . 2013-03-06 15:13 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-04 08:20 . 2012-03-10 13:29 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-04 08:20 . 2014-04-30 14:42 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-04 08:20 . 2013-03-06 15:13 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-04 08:20 . 2012-03-10 13:29 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-04 08:20 . 2012-03-10 13:29 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-04 08:20 . 2012-03-10 13:29 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-04 08:20 . 2014-07-04 08:20 43152 ----a-w- c:\windows\avastSS.scr
2014-06-30 22:24 . 2014-08-13 06:42 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-13 06:42 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-13 02:15 14175744 ----a-w- c:\windows\system32\shell32.dll
2013-03-06 15:54 . 2013-03-06 15:13 4096000 ----a-w- c:\program files (x86)\GUTD3D4.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-08 01:55 233128 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-08 01:55 233128 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-08 01:55 233128 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-27 00:49 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-27 00:49 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-27 00:49 1730256 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"GoogleChromeAutoLaunch_7A6E0EABF593F225B7774D26E405CDFD"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-09-04 852808]
"Viber"="c:\users\Jonesboy\AppData\Local\Viber\Viber.exe" [2014-06-10 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-27 98304]
"MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]
"UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504]
"Lenovo SlideNav2"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" [2009-12-30 318400]
"Lenovo SplitScreen"="c:\program files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" [2010-06-23 778592]
"UCam_Menu"="c:\program files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbPort_7.0.41409.0.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys;c:\windows\SYSNATIVE\drivers\massfilter_lte.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 swg3kser00;Sierra Wireless QMI USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\swg3kser00.sys;c:\windows\SYSNATIVE\DRIVERS\swg3kser00.sys [x]
R3 swiwdmbx;Sierra Wireless USB Bus Service;c:\windows\system32\DRIVERS\swiwdmbx64.sys;c:\windows\SYSNATIVE\DRIVERS\swiwdmbx64.sys [x]
R3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\DRIVERS\swnc8ua3.sys;c:\windows\SYSNATIVE\DRIVERS\swnc8ua3.sys [x]
R3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\DRIVERS\swumxa3.sys;c:\windows\SYSNATIVE\DRIVERS\swumxa3.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE;c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Slidebar Notifier Service;Slidebar Notifier Service;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe;c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsbIo_x64_7.2.47157.0.sys [x]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys;c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JmUsbCcgp;JMicron USB Composite Device Lower Filter Driver;c:\windows\system32\DRIVERS\jmccgp.sys;c:\windows\SYSNATIVE\DRIVERS\jmccgp.sys [x]
S3 JmUsbVideo;JMicron 31x Upper Filter Driver;c:\windows\system32\Drivers\jmcam.sys;c:\windows\SYSNATIVE\Drivers\jmcam.sys [x]
S3 JmUsbVideo2;JMicron 31x Lower Filter Driver;c:\windows\system32\Drivers\jmcam_lo.sys;c:\windows\SYSNATIVE\Drivers\jmcam_lo.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-13 06:36 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:36]
.
2013-07-07 c:\windows\Tasks\BCK1 7 July 2013.job
- c:\program files (x86)\AceBIT\AceBackup 3\AceBackup.exe [2013-07-07 08:00]
.
2013-07-13 c:\windows\Tasks\BCK2 13 07 13.job
- c:\program files (x86)\AceBIT\AceBackup 3\AceBackup.exe [2013-07-07 08:00]
.
2014-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 11:17]
.
2014-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15 11:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-08 01:55 260776 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-08 01:55 260776 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-08 01:55 260776 ----a-w- c:\users\Jonesboy\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-27 00:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-27 00:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-27 00:49 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-04 08:20 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Jonesboy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-09 11663976]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-10 2186856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynBtnAsst"="c:\program files (x86)\Synaptics\SynTP\SynBtnAsst.exe" [BU]
"OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-03-15 789920]
"EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\utility.exe" [2010-04-23 4462496]
"Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2010-09-15 7069088]
"Cm106Sound"="c:\windows\Syswow64\cm106.dll" [2008-09-05 7700480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.theage.com.au/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: incrediblecharts.com\*
Trusted Zone: incrediblecharts.com\*
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{34375D8E-2FCE-430B-A5D5-23777D7BACBF}: NameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{8D2B2EC0-232F-416C-9E7E-477645E64688}: NameServer = 198.142.0.51 61.88.88.88
DPF: {12193C65-F0E1-4DD1-AD4E-DB73C6911011} - file:///F:/activeX/DCP.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-PhotoStage - c:\program files (x86)\NCH Software\PhotoStage\photostage.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD YouTube Downloader & Converter\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
.
**************************************************************************
.
Completion time: 2014-09-19 14:47:54 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-19 04:47
ComboFix2.txt 2014-09-18 15:12
.
Pre-Run: 72,229,388,288 bytes free
Post-Run: 71,646,175,232 bytes free
.
- - End Of File - - 2789EE7CFAF10505355349C5228C00F4

ken545
2014-09-19, 13:07
C:\InstaShare <--See if you can delete this folder, everything else looks fine, how are things running now ?

TheJDawg
2014-09-19, 21:16
:eek:All seems to be running fine now. I've deleted that folder.
Not sure if this was a difficult one or not but a big Thanks for your persistence and perseverance. You assistance has been much appreciated.

ken545
2014-09-19, 22:14
Well, been at this for a long time and most times before I reply to a user I research what they're infected with, I have cleaned dozens and dozens of systems with the rogue toolbars like conduit and a host of others and from what I read about instashare the basic tools that we ran at first should have gotten rid of it, but for some reason yours was imbedded a bit deeper. It was a long hard ride but we got there in the end, thanks for sticking with me through the cleaning process.

Double click on AdwCleaner.exe to run the tool again.

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.



==========================================================


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.


Double-click DelFix.exe to run the program.
Place a checkmark next to the following items:

*Activate UAC
*Remove disinfection tools
*Create registry backup
*Reset System Settings


Click the Run button

This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



==========================================================




How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

TheJDawg
2014-09-20, 06:04
Hi Ken, all done, thanks again for all your help and time. Greatly appreciated!
Steve
:thanks:

ken545
2014-09-20, 14:08
Your more than welcome Steve

Take care my friend

Ken :)