1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. Welcome to iHelpForum - the place to get help from knowledgeable techs in all areas of Tech, Home and Auto help. Consider checking out our Guides or Registering an account to post on our forums today.

    Dismiss Notice

Solved Slow Computer

Discussion in 'Virus, Spyware and Malware Removal Help' started by brewster393, May 20, 2015.

  1. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    I am posting your Combofix log for you so it is easier for me to research, please copy and paste all logs into your replies from now on. :)

    ComboFix 15-05-19.01 - Brewster 24/05/2015 12:19:15.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.3328.2239 [GMT 1:00]
    Running from: c:\users\Brewster\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Brewster\AppData\Roaming\vso_ts_preview.xml
    c:\users\Brewster\Documents\CCleaner\CCleaner.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_pcCMService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-04-24 to 2015-05-24 )))))))))))))))))))))))))))))))
    .
    .
    2015-05-23 12:26 . 2015-05-23 12:26 -------- d-----w- c:\program files\ESET
    2015-05-23 11:15 . 2015-05-23 11:32 -------- d-----w- c:\users\Brewster\AppData\Roaming\ZHP
    2015-05-23 10:17 . 2015-05-23 10:18 290304 ----a-w- c:\windows\system32\subinacl.exe
    2015-05-23 10:17 . 2015-05-23 10:17 -------- d-----w- c:\program files\Adware-Removal-Tool
    2015-05-23 10:17 . 2015-05-23 10:17 -------- d-----w- c:\program files\Common Files\Microsoft
    2015-05-23 10:11 . 2015-05-23 10:13 -------- d-----w- C:\logs for Malnutrition
    2015-05-22 11:27 . 2015-05-22 11:27 -------- d-----w- C:\RegBackup
    2015-05-22 10:47 . 2015-05-03 03:42 9265072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A362D8EF-5159-4908-AF0E-E67A42E98583}\mpengine.dll
    2015-05-22 10:27 . 2015-05-22 10:26 291312 ----a-w- c:\windows\system32\aswBoot.exe
    2015-05-22 10:26 . 2015-05-22 10:26 43112 ----a-w- c:\windows\avastSS.scr
    2015-05-21 18:35 . 2015-05-21 18:35 96512 ----a-w- c:\windows\system32\drivers\zam32.sys
    2015-05-21 18:35 . 2015-05-21 18:35 -------- d-----w- c:\program files\Zemana AntiMalware
    2015-05-21 18:35 . 2015-05-21 18:35 96512 ----a-w- c:\windows\system32\drivers\zamguard32.sys
    2015-05-21 18:35 . 2015-05-21 18:35 -------- d-----w- c:\users\Brewster\AppData\Local\Zemana
    2015-05-21 16:08 . 2015-05-21 16:08 -------- d---a-w- c:\windows\VDLL.DLL
    2015-05-21 16:08 . 2015-05-21 16:08 -------- d---a-w- c:\windows\system32\runouce.exe
    2015-05-21 16:08 . 2015-05-21 16:08 -------- d---a-w- c:\windows\rundll16.exe
    2015-05-21 16:08 . 2015-05-21 16:08 -------- d---a-w- c:\windows\RUNDL132.EXE
    2015-05-21 16:08 . 2015-05-21 16:08 -------- d---a-w- c:\windows\logo1_.exe
    2015-05-21 16:08 . 2015-05-21 16:08 -------- d---a-w- c:\windows\logo_1.exe
    2015-05-21 15:53 . 2015-05-21 15:53 343456 ----a-w- c:\windows\system32\drivers\trufos.sys
    2015-05-21 15:53 . 2015-05-21 15:53 632064 ----a-w- c:\windows\system32\msvcr80.dll
    2015-05-21 15:53 . 2015-05-21 15:53 554240 ----a-w- c:\windows\system32\msvcp80.dll
    2015-05-21 15:53 . 2015-05-21 15:53 572928 ----a-w- c:\windows\system32\msvcp90.dll
    2015-05-21 15:53 . 2015-05-21 15:53 655872 ----a-w- c:\windows\system32\msvcr90.dll
    2015-05-21 15:53 . 2015-05-21 15:53 156392 ----a-w- c:\windows\system32\eEmpty.exe
    2015-05-21 15:53 . 2015-05-21 15:53 -------- d-----w- c:\program files\Common Files\MicroWorld
    2015-05-21 15:53 . 2015-05-21 15:53 -------- d-----w- c:\programdata\MicroWorld
    2015-05-21 14:59 . 2015-05-21 14:59 -------- d-----w- c:\program files\CCleaner
    2015-05-21 14:07 . 2015-05-21 14:20 -------- d-----w- c:\program files\System Ninja
    2015-05-21 13:31 . 2015-05-22 17:25 -------- d-----w- c:\users\Brewster\AppData\Roaming\Wipe
    2015-05-21 13:31 . 2015-05-21 13:31 -------- d-----w- c:\program files\Wipe
    2015-05-19 15:19 . 2013-06-20 08:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2015-05-19 15:19 . 2013-06-20 08:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2015-05-19 15:18 . 2012-06-09 17:21 178688 ----a-w- c:\windows\system32\unrar.dll
    2015-05-19 15:18 . 2015-05-21 14:20 -------- d-----w- c:\program files\K-Lite Codec Pack
    2015-05-19 15:17 . 2015-05-19 15:17 -------- d-----w- c:\program files\Leawo
    2015-05-19 10:22 . 2015-04-24 11:10 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2015-05-13 18:41 . 2015-05-01 13:16 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 18:10 . 2015-05-13 18:10 -------- d-----w- c:\users\Default
    2015-05-13 16:12 . 2015-04-20 02:56 909312 ----a-w- c:\windows\system32\FntCache.dll
    2015-05-13 16:12 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\system32\DWrite.dll
    2015-05-13 16:12 . 2015-04-20 02:03 2382336 ----a-w- c:\windows\system32\win32k.sys
    2015-05-13 16:12 . 2015-05-05 01:12 248832 ----a-w- c:\windows\system32\schannel.dll
    2015-05-13 16:12 . 2015-04-18 02:56 342016 ----a-w- c:\windows\system32\certcli.dll
    2015-05-13 16:10 . 2015-03-04 04:11 5120 ----a-w- c:\windows\system32\shimeng.dll
    2015-05-04 14:56 . 2015-05-11 10:46 -------- d-----w- c:\users\Brewster\AppData\Roaming\HP Photo Creations
    2015-05-04 14:56 . 2015-05-04 14:57 -------- d-----w- c:\users\Brewster\AppData\Roaming\Visan
    2015-05-04 10:01 . 2015-05-04 10:01 -------- d-----w- c:\program files\Auslogics
    2015-05-01 18:10 . 2015-05-01 18:10 229608 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2015-05-01 18:10 . 2015-05-01 18:10 229608 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-05-22 10:27 . 2014-04-06 15:41 106912 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-05-22 10:27 . 2014-04-06 15:41 209048 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-05-22 10:27 . 2014-04-06 15:41 427992 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-05-22 10:27 . 2014-05-07 11:10 24144 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-05-22 10:27 . 2014-04-06 15:41 49904 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-05-22 10:27 . 2014-04-06 15:41 81728 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-05-22 10:27 . 2014-04-06 15:41 74976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-05-22 10:26 . 2014-04-06 15:41 787760 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-05-21 15:58 . 2015-05-21 15:56 11119633 ----a-w- c:\windows\REGBK00.ZIP
    2015-05-19 10:20 . 2014-04-07 13:33 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2015-05-19 10:20 . 2014-04-07 13:33 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2015-05-17 12:32 . 2014-11-28 16:09 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-04-14 08:37 . 2014-11-28 16:09 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-04-14 08:37 . 2014-11-28 16:09 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-04-14 08:37 . 2014-11-28 16:09 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-03-25 03:00 . 2015-04-16 11:27 92672 ----a-w- c:\windows\system32\wudriver.dll
    2015-03-25 03:00 . 2015-04-16 11:27 566784 ----a-w- c:\windows\system32\wuapi.dll
    2015-03-25 03:00 . 2015-04-16 11:27 35328 ----a-w- c:\windows\system32\wups2.dll
    2015-03-25 03:00 . 2015-04-16 11:27 3088384 ----a-w- c:\windows\system32\wucltux.dll
    2015-03-25 03:00 . 2015-04-16 11:27 29696 ----a-w- c:\windows\system32\wups.dll
    2015-03-25 03:00 . 2015-04-16 11:27 173056 ----a-w- c:\windows\system32\wuwebv.dll
    2015-03-25 03:00 . 2015-04-16 11:27 2020864 ----a-w- c:\windows\system32\wuaueng.dll
    2015-03-25 03:00 . 2015-04-16 11:27 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
    2015-03-25 03:00 . 2015-04-16 11:27 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2015-03-25 03:00 . 2015-04-16 11:27 33792 ----a-w- c:\windows\system32\wuapp.exe
    2015-03-25 03:00 . 2015-04-16 11:27 131584 ----a-w- c:\windows\system32\wuauclt.exe
    2015-03-23 03:06 . 2015-04-16 11:28 576000 ----a-w- c:\windows\system32\generaltel.dll
    2015-03-23 03:06 . 2015-04-16 11:28 630784 ----a-w- c:\windows\system32\invagent.dll
    2015-03-23 03:06 . 2015-04-16 11:28 331264 ----a-w- c:\windows\system32\devinv.dll
    2015-03-23 03:06 . 2015-04-16 11:28 860160 ----a-w- c:\windows\system32\appraiser.dll
    2015-03-23 03:06 . 2015-04-16 11:28 26112 ----a-w- c:\windows\system32\acmigration.dll
    2015-03-23 03:06 . 2015-04-16 11:28 202752 ----a-w- c:\windows\system32\aepdu.dll
    2015-03-23 03:06 . 2015-04-16 11:28 159744 ----a-w- c:\windows\system32\aepic.dll
    2015-03-23 02:59 . 2015-04-16 11:28 896000 ----a-w- c:\windows\system32\aeinv.dll
    2015-03-10 03:08 . 2015-04-16 11:27 1237504 ----a-w- c:\windows\system32\msxml3.dll
    2015-03-10 03:05 . 2015-04-16 11:27 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-03-05 04:06 . 2015-04-16 11:28 305152 ----a-w- c:\windows\system32\gdi32.dll
    2015-03-04 15:32 . 2015-03-04 16:25 24064 ----a-w- c:\windows\zoek-delete.exe
    2015-03-04 04:16 . 2015-04-16 11:27 249784 ----a-w- c:\windows\system32\clfs.sys
    2015-03-04 04:10 . 2015-04-16 11:27 58880 ----a-w- c:\windows\system32\clfsw32.dll
    2015-03-04 04:10 . 2015-05-13 16:10 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2015-03-04 04:10 . 2015-05-13 16:10 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
    2015-03-04 04:06 . 2015-05-13 16:10 2560 ----a-w- c:\windows\apppatch\AcRes.dll
    2015-02-25 03:03 . 2015-04-16 11:27 514560 ----a-w- c:\windows\system32\drivers\http.sys
    2015-02-24 03:23 . 2014-04-08 11:54 246920 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-05-22 10:26 645144 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2015-04-23 6278424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-22 5515496]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2014-04-11 15:46 14232 ----a-w- c:\program files\Citrix\GoToAssist\896\g2awinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk
    backup=c:\windows\pss\FAH.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Brewster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk]
    path=c:\users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
    backup=c:\windows\pss\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Brewster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerProInstaller.lnk]
    path=c:\users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
    backup=c:\windows\pss\OptimizerProInstaller.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Brewster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk]
    path=c:\users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wipe Tray Agent.lnk
    backup=c:\windows\pss\Wipe Tray Agent.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
    2013-11-11 22:31 2039096 ----a-w- c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
    2015-04-23 14:56 6278424 ----a-w- c:\program files\CCleaner\CCleaner.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Photosmart 5510 series (NET)]
    2011-05-25 16:23 1801064 ----a-w- c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2013-05-30 13:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iSkysoft Helper Compact.exe]
    2014-10-31 16:41 2066432 ----a-w- c:\program files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2015-02-13 07:55 157480 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2014-10-02 14:23 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]
    2007-09-02 13:58 495616 ----a-w- c:\program files\RocketDock\RocketDock.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2015-04-10 10:57 335232 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2015-05-17 11:17 6714136 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2015-05-08 13:43 1694560 ----a-w- c:\users\Brewster\AppData\Roaming\uTorrent\uTorrent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wipe Maintance]
    2015-05-21 13:31 546456 ----a-w- c:\program files\Wipe\net1.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zemana AntiMalware]
    2015-05-18 12:53 12082544 ----a-w- c:\program files\Zemana AntiMalware\ZAM.exe
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-05-22 106912]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-04-14 1080120]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-04-21 102912]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-04-14 51928]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2014-04-07 47360]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]
    R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-04-06 1343400]
    R4 BT Help Wizard;BT Help Wizard;c:\program files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [2014-04-09 321024]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-05-22 787760]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-05-22 427992]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 ZAM;ZAM Helper Driver;c:\windows\System32\drivers\zam32.sys [2015-05-21 96512]
    S1 ZAM_Guard;ZAM Guard Driver;c:\windows\System32\drivers\zamguard32.sys [2015-05-21 96512]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-10-03 142648]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-05-22 24144]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-05-22 74976]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 Unchecky;Unchecky;c:\program files\Unchecky\bin\unchecky_svc.exe [2015-05-08 164600]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2015-05-22 220752]
    S2 ZAMSvc;ZAM Controller Service;c:\program files\Zemana AntiMalware\ZAM.exe [2015-05-18 12082544]
    S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-07-28 1559552]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-05-22 3207800]
    S3 ctxS51;Creatix V.9X DSP Data Fax Modem;c:\windows\system32\DRIVERS\ctxS51.sys [2006-05-01 1903646]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-04-14 23256]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    utcsvc REG_MULTI_SZ DiagTrack
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-07 10:20]
    .
    2015-05-23 c:\windows\Tasks\HP Photo Creations Communicator.job
    - c:\users\Brewster\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-04-15 09:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    TCP: Interfaces\{BD007F4F-4AED-4B81-80D4-7B9FC772457C}\244575966496D277964786D264F4E4: NameServer = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    MSConfigStartUp- Maintance - c:\program files\\net1.exe
    MSConfigStartUp-ccleaner - c:\users\Brewster\Documents\CCleaner\CCleaner.exe
    MSConfigStartUp-Cmaudio - cmicnfg.cpl
    AddRemove-DivX Setup - c:\programdata\DivX\Setup\DivXSetup.exe
    AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\41.0.2272.118\Installer\setup.exe
    AddRemove-Toolwiz Smart Defrag FREE_is1 - c:\program files\Toolwiz Smart Defrag FREE\unins001.exe
    AddRemove-WinX HD Video Converter Deluxe_is1 - c:\program files\Digiarty\WinX_HD_Video_Converter_Deluxe\unins000.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\\Setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2894854v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2898869 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2901126 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2931368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972107 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2972216 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2978128 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2979578v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3023224 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3035490 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB3037581 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\v4.5.50938\setup.exe
    AddRemove-{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1 - c:\program files\VSO\ConvertX\5\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_188_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(1108)
    c:\program files\RocketDock\RocketDock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Unchecky\bin\Unchecky_bg.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\windows\system32\vssvc.exe
    .
    **************************************************************************
    .
    Completion time: 2015-05-24 12:55:14 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-05-24 11:55
    .
    Pre-Run: 65,247,072,256 bytes free
    Post-Run: 66,764,935,168 bytes free
    .
    - - End Of File - - D1D6E8045F5C0D8D2EC691EA474CEBF1
    A36C5E4F47E84449FF07ED3517B43A31
     
  2. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and Salutations!
    Right you wanted them copy and paste - ok here goes........
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
    Ran by Brewster (administrator) on BREWSTER-PUTER on 25-05-2015 11:41:11
    Running from C:\Users\Brewster\Desktop
    Loaded Profiles: Brewster (Available Profiles: Brewster & Margies)
    Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_svc.exe
    (Zemana Ltd.) C:\Program Files\Zemana AntiMalware\ZAM.exe
    (RaMMicHaeL) C:\Program Files\Unchecky\bin\unchecky_bg.exe
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    () C:\Program Files\RocketDock\RocketDock.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_17_0_0_188.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-22] (Avast Software s.r.o.)
    Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\896\G2AWinLogon.dll [2014-04-11] (Citrix Online, a division of Citrix Systems, Inc.)
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\Run: [RocketDock] => C:\Program Files\RocketDock\RocketDock.exe [495616 2007-09-02] ()
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [878592 2010-11-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2015-05-22] (Avast Software s.r.o.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-24] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-12] (Avast Software s.r.o.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-24] (Oracle Corporation)
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com)
    Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] ()
    FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-24] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-24] (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
    FF Plugin: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
    FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Brewster\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-04-15] (RocketLife, LLP)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File
    FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF Extension: Motive Extension - C:\Program Files\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-03-22]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-06]

    Chrome:
    =======
    CHR Profile: C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-02]
    CHR Extension: (Google Drive) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-02]
    CHR Extension: (YouTube) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-02]
    CHR Extension: (Google Search) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-02]
    CHR Extension: (avast! Online Security) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-06-02]
    CHR Extension: (Google Wallet) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-02]
    CHR Extension: (Gmail) - C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-02]
    CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-12]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-10-03] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-22] (Avast Software s.r.o.)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [3207800 2015-05-22] (Avast Software)
    S4 BT Help Wizard; C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) []
    R2 DiagTrack; C:\Windows\system32\diagtrack.dll [851456 2015-04-27] (Microsoft Corporation)
    S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe [13720 2014-04-11] (Citrix Online, a division of Citrix Systems, Inc.)
    S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
    R2 Unchecky; C:\Program Files\Unchecky\bin\unchecky_svc.exe [164600 2015-05-08] (RaMMicHaeL)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
    R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [12082544 2015-05-18] (Zemana Ltd.)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-05-22] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [74976 2015-05-22] (Avast Software s.r.o.)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-05-22] (Avast Software s.r.o.)
    R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-05-22] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787760 2015-05-22] (Avast Software s.r.o.)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427992 2015-05-22] (Avast Software s.r.o.)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [106912 2015-05-22] (Avast Software s.r.o.)
    R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [209048 2015-05-22] ()
    R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1559552 2010-07-28] (Atheros Communications, Inc.)
    R3 cmuda; C:\Windows\System32\drivers\cmuda.sys [1332544 2005-05-12] (C-Media Inc)
    R3 ctxS51; C:\Windows\System32\DRIVERS\ctxS51.sys [1903646 2006-05-01] (Intel Corporation)
    R3 FETNDIS; C:\Windows\System32\DRIVERS\fetn62.sys [53872 2011-04-08] (VIA Technologies, Inc. )
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
    S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) []
    S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) []
    R3 nvmpu401; C:\Windows\System32\drivers\nvmpu401.sys [10240 2005-04-13] (NVIDIA Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 trufos; C:\Windows\System32\drivers\trufos.sys [343456 2015-05-21] (BitDefender S.R.L.)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [220752 2015-05-22] (Avast Software)
    R1 ZAM; C:\Windows\System32\drivers\zam32.sys [96512 2015-05-21] (Zemana Ltd.)
    R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [96512 2015-05-21] (Zemana Ltd.)
    S3 catchme; \??\C:\Users\Brewster\AppData\Local\Temp\catchme.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-25 11:41 - 2015-05-25 11:41 - 00013190 _____ () C:\Users\Brewster\Desktop\FRST.txt
    2015-05-25 11:40 - 2015-05-25 11:41 - 00000000 ____D () C:\FRST
    2015-05-25 11:38 - 2015-05-25 11:38 - 01146880 _____ (Farbar) C:\Users\Brewster\Desktop\FRST.exe
    2015-05-25 11:25 - 2015-05-25 11:27 - 00014455 _____ () C:\Windows\WindowsUpdate.log
    2015-05-25 11:24 - 2015-05-25 11:24 - 00033069 _____ () C:\Users\Brewster\Desktop\zoek-results.txt
    2015-05-25 11:19 - 2015-05-25 10:29 - 00024064 _____ () C:\Windows\zoek-delete.exe
    2015-05-25 10:31 - 2015-03-04 17:29 - 00027245 _____ () C:\zoek-results2015-03-04-162941.log
    2015-05-24 18:51 - 2015-05-24 18:51 - 10389256 _____ (Zemana) C:\Users\Brewster\Desktop\ZemanaAntiMalware(1).exe
    2015-05-24 15:40 - 2015-05-24 15:40 - 00000000 ____D () C:\Users\Brewster\Downloads\Anthony Beevor - The Second World War
    2015-05-24 15:39 - 2015-05-24 16:30 - 00000000 ____D () C:\Users\Brewster\Downloads\[E-book ENG - epub-mobi-pdf] - Antony Beevor - Berlin. The Downfall, 1945
    2015-05-24 15:37 - 2015-05-24 15:37 - 00000000 ____D () C:\Users\Brewster\Downloads\The Fall Of Berlin 1945 By Antony Beevor (Epub,Mobi) Gooner
    2015-05-24 14:31 - 2015-05-24 14:32 - 00001517 _____ () C:\Users\Brewster\Desktop\ZemanaAntiMalware.exe - Shortcut.lnk
    2015-05-24 14:30 - 2015-05-24 14:31 - 10389256 _____ (Zemana) C:\Users\Brewster\Downloads\ZemanaAntiMalware.exe
    2015-05-24 14:29 - 2015-05-24 14:29 - 00001852 _____ () C:\Users\Public\Desktop\Zemana AntiMalware.lnk
    2015-05-24 14:29 - 2015-05-24 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
    2015-05-24 14:28 - 2015-05-24 14:28 - 04772600 _____ ( ) C:\Users\Brewster\Desktop\Zemana.AntiMalware.Setup.exe
    2015-05-24 13:00 - 2015-05-24 13:00 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Brewster\Desktop\mbar-1.09.1.1004.exe
    2015-05-24 12:55 - 2015-05-24 12:55 - 00024522 _____ () C:\ComboFix.txt
    2015-05-24 12:14 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-05-24 12:14 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-05-24 12:14 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-05-24 12:14 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-05-24 12:14 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-05-24 12:14 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-05-24 12:14 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-05-24 12:14 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-05-24 12:13 - 2015-05-24 12:55 - 00000000 ____D () C:\Qoobox
    2015-05-24 12:13 - 2015-05-24 12:52 - 00000000 ____D () C:\Windows\erdnt
    2015-05-24 12:10 - 2015-05-24 12:10 - 05627500 ____R (Swearware) C:\Users\Brewster\Desktop\ComboFix.exe
    2015-05-23 13:26 - 2015-05-23 13:26 - 00000000 ____D () C:\Program Files\ESET
    2015-05-23 13:22 - 2015-05-23 13:22 - 00001566 _____ () C:\Users\Brewster\Desktop\esetsmartinstaller_enu.exe - Shortcut.lnk
    2015-05-23 13:20 - 2015-05-23 13:21 - 02347384 _____ (ESET) C:\Users\Brewster\Downloads\esetsmartinstaller_enu.exe
    2015-05-23 13:03 - 2015-05-23 13:04 - 00022053 _____ () C:\Users\Brewster\Downloads\Result.txt
    2015-05-23 12:18 - 2015-05-23 12:19 - 00001584 _____ () C:\Users\Brewster\Desktop\ZHPCleaner-2015.5.22.248.exe - Shortcut.lnk
    2015-05-23 12:15 - 2015-05-23 12:32 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\ZHP
    2015-05-23 12:14 - 2015-05-23 12:14 - 01837056 _____ () C:\Users\Brewster\Downloads\ZHPCleaner-2015.5.22.248.exe
    2015-05-23 11:58 - 2015-05-23 11:58 - 00001054 _____ () C:\Users\Brewster\Desktop\SecurityCheck.exe - Shortcut.lnk
    2015-05-23 11:49 - 2015-05-23 11:49 - 00852639 _____ () C:\Users\Brewster\Downloads\SecurityCheck.exe
    2015-05-23 11:17 - 2015-05-23 11:18 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
    2015-05-23 11:17 - 2015-05-23 11:17 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
    2015-05-23 11:16 - 2015-05-23 11:17 - 00001602 _____ () C:\Users\Brewster\Desktop\Adware-Removal-Tool-v3.9.1.exe - Shortcut.lnk
    2015-05-23 11:14 - 2015-05-23 11:14 - 00753184 _____ () C:\Users\Brewster\Downloads\Adware-Removal-Tool-v3.9.1.exe
    2015-05-23 11:11 - 2015-05-25 11:24 - 00000000 ____D () C:\logs for Malnutrition
    2015-05-22 18:02 - 2015-05-22 18:02 - 00000000 ____D () C:\Users\Brewster\Downloads\Peter.Kay's.Car.Share.Complete.Season.1
    2015-05-22 13:43 - 2015-05-22 13:43 - 00021007 _____ () C:\Users\Brewster\Downloads\MWAV.LOG
    2015-05-22 12:58 - 2015-05-22 12:58 - 02223104 _____ () C:\Users\Brewster\Downloads\adwcleaner_4.205.exe
    2015-05-22 12:27 - 2015-05-22 12:27 - 00001385 _____ () C:\Users\Brewster\Desktop\JRT.exe - Shortcut.lnk
    2015-05-22 12:27 - 2015-05-22 12:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BREWSTER-PUTER-Windows-7-Ultimate-(32-bit).dat
    2015-05-22 12:27 - 2015-05-22 12:27 - 00000000 ____D () C:\RegBackup
    2015-05-22 12:19 - 2015-05-22 12:20 - 02720009 _____ (Thisisu) C:\Users\Brewster\Downloads\JRT.exe
    2015-05-22 11:27 - 2015-05-22 11:26 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
    2015-05-22 11:26 - 2015-05-22 11:26 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
    2015-05-21 19:35 - 2015-05-24 15:13 - 00000000 ____D () C:\Program Files\Zemana AntiMalware
    2015-05-21 19:35 - 2015-05-21 19:35 - 00096512 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard32.sys
    2015-05-21 19:35 - 2015-05-21 19:35 - 00096512 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam32.sys
    2015-05-21 19:35 - 2015-05-21 19:35 - 00000000 ____D () C:\Users\Brewster\AppData\Local\Zemana
    2015-05-21 17:08 - 2015-05-21 17:08 - 00000000 ____D () C:\Windows\VDLL.DLL
    2015-05-21 17:08 - 2015-05-21 17:08 - 00000000 ____D () C:\Windows\system32\runouce.exe
    2015-05-21 17:08 - 2015-05-21 17:08 - 00000000 ____D () C:\Windows\rundll16.exe
    2015-05-21 17:08 - 2015-05-21 17:08 - 00000000 ____D () C:\Windows\RUNDL132.EXE
    2015-05-21 17:08 - 2015-05-21 17:08 - 00000000 ____D () C:\Windows\logo1_.exe
    2015-05-21 17:08 - 2015-05-21 17:08 - 00000000 ____D () C:\Windows\logo_1.exe
    2015-05-21 16:56 - 2015-05-21 16:58 - 11119633 _____ () C:\Windows\REGBK00.ZIP
    2015-05-21 16:54 - 2015-05-21 17:08 - 00000056 _____ () C:\Windows\Lic.xxx
    2015-05-21 16:53 - 2015-05-21 16:53 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\msvcr90.dll
    2015-05-21 16:53 - 2015-05-21 16:53 - 00632064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr80.dll
    2015-05-21 16:53 - 2015-05-21 16:53 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\msvcp90.dll
    2015-05-21 16:53 - 2015-05-21 16:53 - 00554240 _____ (Microsoft Corporation) C:\Windows\system32\msvcp80.dll
    2015-05-21 16:53 - 2015-05-21 16:53 - 00343456 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2015-05-21 16:53 - 2015-05-21 16:53 - 00156392 _____ (MicroWorld Technologies Inc.) C:\Windows\system32\eEmpty.exe
    2015-05-21 16:53 - 2015-05-21 16:53 - 00001046 _____ () C:\Users\Brewster\Desktop\MWAVSCAN.lnk
    2015-05-21 16:53 - 2015-05-21 16:53 - 00000000 ____D () C:\ProgramData\MicroWorld
    2015-05-21 16:41 - 2015-05-21 16:45 - 158158304 _____ () C:\Users\Brewster\Downloads\mwav.exe
    2015-05-21 15:59 - 2015-05-21 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-05-21 15:59 - 2015-05-21 15:59 - 00000000 ____D () C:\Program Files\CCleaner
    2015-05-21 15:08 - 2015-05-21 15:08 - 00063544 _____ () C:\Users\Brewster\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-05-21 15:07 - 2015-05-21 15:20 - 00000000 ____D () C:\Program Files\System Ninja
    2015-05-21 15:07 - 2015-05-21 15:07 - 00000977 _____ () C:\Users\Public\Desktop\System Ninja.lnk
    2015-05-21 15:07 - 2015-05-21 15:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja
    2015-05-21 14:31 - 2015-05-22 18:25 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\Wipe
    2015-05-21 14:31 - 2015-05-21 14:31 - 00001723 _____ () C:\Users\Brewster\Desktop\Wipe.lnk
    2015-05-21 14:31 - 2015-05-21 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe
    2015-05-21 14:31 - 2015-05-21 14:31 - 00000000 ____D () C:\Program Files\Wipe
    2015-05-21 14:29 - 2015-05-21 14:29 - 00546456 _____ (www.privacyroot.com) C:\Users\Brewster\Downloads\setup_wipe.exe
    2015-05-21 14:11 - 2015-05-21 14:11 - 00003528 ____N () C:\bootsqm.dat
    2015-05-19 16:19 - 2015-05-19 16:19 - 00000000 ____D () C:\Users\Brewster\Documents\Leawo
    2015-05-19 16:19 - 2015-05-19 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo
    2015-05-19 16:19 - 2013-06-20 09:10 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
    2015-05-19 16:19 - 2013-06-20 09:10 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
    2015-05-19 16:18 - 2015-05-21 15:20 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
    2015-05-19 16:18 - 2015-05-19 16:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
    2015-05-19 16:18 - 2012-06-09 18:21 - 00178688 _____ () C:\Windows\system32\unrar.dll
    2015-05-19 16:17 - 2015-05-19 16:17 - 00000000 ____D () C:\Program Files\Leawo
    2015-05-19 16:15 - 2015-05-19 16:16 - 42643064 _____ (Leawo Software Co.,Ltd. ) C:\Users\Brewster\Downloads\videoconverter_free.exe
    2015-05-19 12:39 - 2015-05-19 12:39 - 00000000 ____D () C:\Users\Brewster\Downloads\Richard Phillips - The Rho Agenda Inception #1, 2 [EPUB] {Ani7Wak}
    2015-05-19 11:24 - 2015-04-24 12:10 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2015-05-19 11:24 - 2015-04-24 12:10 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2015-05-19 11:24 - 2015-04-24 12:10 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2015-05-19 11:22 - 2015-04-24 12:10 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
    2015-05-19 11:19 - 2015-05-19 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2015-05-15 16:08 - 2015-05-15 16:09 - 64577536 _____ () C:\Users\Brewster\Downloads\calibre-2.28.0.msi
    2015-05-14 12:51 - 2015-05-14 12:53 - 00000000 ____D () C:\Users\Brewster\Downloads\Steve Berry
    2015-05-14 12:50 - 2015-05-14 12:53 - 00000000 ____D () C:\Users\Brewster\Downloads\Steve Berry Books (7) Mobi, KK
    2015-05-13 19:41 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 19:10 - 2015-05-13 19:10 - 00000000 ____D () C:\Users\Default
    2015-05-13 17:30 - 2015-05-14 13:21 - 00000000 ____D () C:\Users\Brewster\Downloads\Cotton Malone Collection - Steve Berry [EPUB]
    2015-05-13 17:13 - 2015-04-27 20:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-05-13 17:13 - 2015-04-27 20:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-05-13 17:13 - 2015-04-27 20:11 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-05-13 17:13 - 2015-04-27 20:11 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-05-13 17:13 - 2015-04-27 20:08 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00851456 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-05-13 17:13 - 2015-04-27 20:05 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-05-13 17:13 - 2015-04-27 20:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-05-13 17:13 - 2015-04-27 20:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-05-13 17:13 - 2015-04-27 20:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-05-13 17:13 - 2015-04-27 20:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-05-13 17:13 - 2015-04-27 20:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-05-13 17:13 - 2015-04-27 20:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-05-13 17:13 - 2015-04-27 20:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-05-13 17:13 - 2015-04-27 20:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-05-13 17:13 - 2015-04-27 20:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-05-13 17:13 - 2015-04-27 20:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-05-13 17:13 - 2015-04-27 19:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-05-13 17:13 - 2015-04-27 19:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-05-13 17:13 - 2015-04-27 19:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-05-13 17:13 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-05-13 17:12 - 2015-05-05 02:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-05-13 17:12 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-05-13 17:12 - 2015-04-20 03:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-05-13 17:12 - 2015-04-20 03:03 - 02382336 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-05-13 17:12 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-05-13 17:11 - 2015-04-22 02:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-05-13 17:11 - 2015-04-21 17:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-05-13 17:11 - 2015-04-21 17:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-05-13 17:11 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-05-13 17:11 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-05-13 17:11 - 2015-04-21 17:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-05-13 17:11 - 2015-04-21 17:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-05-13 17:11 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-05-13 17:11 - 2015-04-21 17:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-05-13 17:11 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-05-13 17:11 - 2015-04-21 17:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-05-13 17:11 - 2015-04-21 17:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-05-13 17:11 - 2015-04-21 17:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-05-13 17:11 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-05-13 17:11 - 2015-04-21 16:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-05-13 17:11 - 2015-04-21 16:58 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-05-13 17:11 - 2015-04-21 16:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-05-13 17:11 - 2015-04-21 16:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-05-13 17:11 - 2015-04-21 16:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-05-13 17:11 - 2015-04-21 16:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-05-13 17:11 - 2015-04-21 16:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-05-13 17:11 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-05-13 17:11 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-05-13 17:11 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-05-13 17:11 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-05-13 17:11 - 2015-04-21 16:26 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-05-13 17:11 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-05-13 17:11 - 2015-04-21 16:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-05-13 17:11 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-05-13 17:11 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-05-13 17:11 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-05-13 17:11 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-05-13 17:11 - 2015-04-13 04:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-05-13 17:10 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-05-13 17:10 - 2015-04-08 04:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-05-13 17:10 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-05-13 17:10 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-05-13 17:10 - 2015-03-04 05:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-05-13 17:10 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-05-13 17:10 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-05-10 17:01 - 2015-05-12 18:57 - 00000000 ____D () C:\Users\Brewster\Downloads\The Lost Fleet Beyond the Frontier Steadfast - Jack Campbell
    2015-05-10 17:00 - 2015-05-10 17:00 - 00000000 ____D () C:\Users\Brewster\Downloads\Campbell, Jack - Lost Stars 1-3 mobi
    2015-05-10 16:22 - 2015-05-10 16:22 - 00000000 ____D () C:\Users\Brewster\Downloads\Tarnished Knight by Jack Campbell (The Lost Stars Book 1)
    2015-05-10 16:21 - 2015-05-10 16:21 - 00000000 ____D () C:\Users\Brewster\Downloads\Jack Campbell - The Lost Fleet 08 - Beyond the Frontier 02 - Invincible
    2015-05-10 13:15 - 2015-05-10 13:16 - 00000000 ____D () C:\Users\Brewster\Documents\Marg's Glasses Claim (HSF)
    2015-05-04 15:57 - 2015-05-11 11:47 - 00000000 ___RD () C:\Users\Brewster\Documents\HP Photo Creations
    2015-05-04 15:56 - 2015-05-25 10:59 - 00000420 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
    2015-05-04 15:56 - 2015-05-11 11:46 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\HP Photo Creations
    2015-05-04 15:56 - 2015-05-04 15:57 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\Visan
    2015-05-04 15:56 - 2015-05-04 15:56 - 00002073 _____ () C:\Users\Brewster\Desktop\HP Photo Creations.lnk
    2015-05-04 15:56 - 2015-05-04 15:56 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
    2015-05-04 11:01 - 2015-05-04 11:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-05-04 11:01 - 2015-05-04 11:01 - 00000000 ____D () C:\Program Files\Auslogics
    2015-05-01 13:59 - 2015-05-01 13:59 - 07902295 _____ () C:\Users\Brewster\Downloads\The Emperor Series Omnibus Edition [Books 1 - 5] - Conn Iggulden.epub
    2015-05-01 13:57 - 2015-05-01 13:57 - 00000000 ____D () C:\Users\Brewster\Downloads\Conn Iggulden, Stormbird (Wars of the Roses 1) 2013 epub mobi dovah
    2015-05-01 13:56 - 2015-05-01 13:56 - 00000000 ____D () C:\Users\Brewster\Downloads\The Khan Series 5-Book Bundle
    2015-04-25 16:13 - 2015-04-25 16:19 - 00000000 ____D () C:\Users\Brewster\Downloads\Star Trek Voyager Season 1, 2, 3, 4, 5, 6 & 7 + Extras DVDRip TSV

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-05-25 11:31 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-05-25 11:31 - 2009-07-14 05:34 - 00026576 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-05-25 11:23 - 2015-03-04 16:34 - 00033069 _____ () C:\zoek-results.log
    2015-05-25 11:22 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-05-25 11:08 - 2015-03-04 16:32 - 00000000 ____D () C:\zoek_backup
    2015-05-25 10:03 - 2014-04-07 11:22 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\uTorrent
    2015-05-24 16:52 - 2010-11-20 22:01 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-05-24 13:05 - 2014-11-28 17:09 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-05-24 13:04 - 2014-11-28 17:09 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-05-24 12:55 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
    2015-05-24 12:48 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
    2015-05-24 12:39 - 2014-04-08 17:48 - 00000000 ____D () C:\Users\Brewster\Documents\CCleaner
    2015-05-23 10:51 - 2009-07-14 03:04 - 00002009 _____ () C:\Windows\system32\Drivers\etc\hosts.old
    2015-05-22 13:04 - 2014-05-23 11:18 - 00000000 ____D () C:\AdwCleaner
    2015-05-22 11:27 - 2014-05-07 12:10 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-05-22 11:27 - 2014-04-06 16:41 - 00427992 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
    2015-05-22 11:27 - 2014-04-06 16:41 - 00209048 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-05-22 11:27 - 2014-04-06 16:41 - 00106912 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
    2015-05-22 11:27 - 2014-04-06 16:41 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
    2015-05-22 11:27 - 2014-04-06 16:41 - 00074976 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
    2015-05-22 11:27 - 2014-04-06 16:41 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-05-22 11:26 - 2014-04-06 16:41 - 00787760 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
    2015-05-22 11:20 - 2015-01-18 12:18 - 00000000 ____D () C:\Users\Brewster\AppData\Local\WinZip
    2015-05-21 17:01 - 2009-07-14 03:04 - 00000922 _____ () C:\Windows\win.ini
    2015-05-21 16:02 - 2015-01-20 12:17 - 00000000 ____D () C:\ProgramData\VSO
    2015-05-21 16:00 - 2014-04-06 02:39 - 00000000 ____D () C:\Windows\Panther
    2015-05-21 15:36 - 2015-03-04 15:26 - 00000000 ____D () C:\Windows\pss
    2015-05-21 15:20 - 2015-03-22 13:05 - 00000000 ____D () C:\Program Files\Mozilla Firefox
    2015-05-21 15:19 - 2014-10-08 13:35 - 00000000 ____D () C:\Users\Brewster\AppData\Roaming\dvdcss
    2015-05-20 12:44 - 2015-04-05 18:55 - 00000000 ___SD () C:\Windows\system32\GWX
    2015-05-20 10:47 - 2014-07-07 16:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-05-19 11:20 - 2014-04-07 14:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-05-19 11:20 - 2014-04-07 14:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-05-19 11:19 - 2015-01-18 12:18 - 00002247 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
    2015-05-19 11:19 - 2015-01-18 12:18 - 00002241 _____ () C:\Users\Public\Desktop\WinZip.lnk
    2015-05-19 11:19 - 2015-01-18 12:17 - 00000000 ____D () C:\Program Files\WinZip
    2015-05-18 16:33 - 2014-04-07 15:08 - 00000000 ____D () C:\Users\Brewster\Documents\ConvertXtoDVD
    2015-05-17 16:31 - 2014-04-15 11:48 - 00000000 ____D () C:\Users\Brewster\AppData\Local\Adobe
    2015-05-17 16:23 - 2014-09-05 13:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2015-05-17 16:23 - 2014-06-13 11:57 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2015-05-17 16:19 - 2009-07-14 05:53 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-05-17 13:31 - 2014-11-28 17:09 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-05-17 13:31 - 2014-11-28 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-05-17 13:31 - 2014-07-26 10:33 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2015-05-15 16:12 - 2014-04-07 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2015-05-15 16:12 - 2014-04-07 15:14 - 00000000 ____D () C:\Program Files\Calibre2
    2015-05-15 14:10 - 2014-04-08 14:32 - 00000000 ____D () C:\Users\Brewster\Documents\My Kindle Content
    2015-05-15 13:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
    2015-05-15 12:36 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2015-05-15 12:06 - 2014-04-15 11:52 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-05-14 13:27 - 2010-11-21 01:46 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-05-14 11:10 - 2009-07-14 05:33 - 00287616 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-05-14 11:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
    2015-05-13 19:40 - 2014-04-06 18:29 - 00000000 ____D () C:\Windows\system32\MRT
    2015-05-13 19:20 - 2014-04-06 18:28 - 137310008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2015-05-08 14:00 - 2015-03-04 15:34 - 00000000 ____D () C:\Program Files\Unchecky
    2015-05-04 15:57 - 2014-04-07 17:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-04-26 12:24 - 2014-04-07 11:26 - 00000000 ____D () C:\ProgramData\DVD Shrink

    ==================== Files in the root of some directories =======

    2014-04-07 14:54 - 2015-01-20 12:17 - 0007887 _____ () C:\Users\Brewster\AppData\Roaming\pcouffin.cat
    2014-04-07 14:54 - 2015-01-20 12:17 - 0001144 _____ () C:\Users\Brewster\AppData\Roaming\pcouffin.inf
    2014-04-07 14:54 - 2015-01-20 12:17 - 0047360 _____ (VSO Software) C:\Users\Brewster\AppData\Roaming\pcouffin.sys
    2014-10-02 12:07 - 2015-04-10 13:23 - 0006144 _____ () C:\Users\Brewster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-18 18:22 - 2015-02-18 18:22 - 0234679 _____ () C:\Users\Brewster\AppData\Local\dsi1.dat
    2015-02-18 18:22 - 2015-02-18 18:22 - 0161916 _____ () C:\Users\Brewster\AppData\Local\dsi2.dat
    2014-05-09 13:31 - 2015-02-15 14:17 - 0007606 _____ () C:\Users\Brewster\AppData\Local\Resmon.ResmonCfg
    2014-04-07 17:43 - 2014-04-07 17:43 - 0000057 _____ () C:\ProgramData\Ament.ini

    Some zero byte size files/folders:
    ==========================
    C:\Windows\logo1_.exe
    C:\Windows\logo_1.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\rundll16.exe
    C:\Windows\VDLL.DLL
    C:\Windows\System32\runouce.exe

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-05-15 12:58

    ==================== End of log ============================
    Next
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
    Ran by Brewster at 2015-05-25 11:42:44
    Running from C:\Users\Brewster\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-3299126282-3657997626-4182433575-500 - Administrator - Disabled)
    Brewster (S-1-5-21-3299126282-3657997626-4182433575-1000 - Administrator - Enabled) => C:\Users\Brewster
    Guest (S-1-5-21-3299126282-3657997626-4182433575-501 - Limited - Disabled)
    Margies (S-1-5-21-3299126282-3657997626-4182433575-1001 - Administrator - Enabled) => C:\Users\Margies

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    ******** (HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\uTorrent) (Version: 3.4.3.40298 - ********** Inc.)
    Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
    Amazon Kindle (HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\Amazon Kindle) (Version: - Amazon)
    Apple Application Support (32-bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Audacity 2.0.6 (HKLM\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
    Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.4.0.0 - Auslogics Labs Pty Ltd)
    Avast Free Antivirus (HKLM\...\Avast) (Version: 10.2.2218 - AVAST Software)
    Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
    BT Desktop Help (HKLM\...\BT Desktop Help) (Version: - )
    calibre (HKLM\...\{CF0D492B-12F2-40B0-AF33-0F1BAA0BEF37}) (Version: 2.28.0 - Kovid Goyal)
    CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
    C-Media WDM Audio Driver (HKLM\...\C-Media Audio Driver) (Version: - )
    Cole2k Media - Codec Pack (Advanced) 8.0.2 (HKLM\...\Cole2k Media - Codec Pack) (Version: 8.0.2 - Cole2k Media)
    ConvertXtoDVD 3.3.2.100 (HKLM\...\{76C24F39-B161-498F-BD8B-C64789812D13}_is1) (Version: 3.3.2.100 - )
    Creatix V.9X DSP Data Fax Modem (HKLM\...\Creatix V.9X DSP Data Fax Modem) (Version: - )
    DC-Bass Source 1.3.0 (HKLM\...\DC-Bass Source) (Version: - )
    DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version: - )
    DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version: - DVD Shrink)
    ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )
    ffdshow v1.1.4399 [2012-03-22] (HKLM\...\ffdshow_is1) (Version: 1.1.4399.0 - )
    Free PDF to JPG Converter (HKLM\...\{ECD1BC70-A5FD-42D3-AEBA-B71FE88FDBF2}) (Version: 1.0.0 - Free PDF Solutions)
    Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
    GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
    Haali Media Splitter (HKLM\...\HaaliMkx) (Version: - )
    HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Photo Creations (HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\HP Photo Creations) (Version: 1.0.0.18142 - HP)
    HP Photosmart 5510 series Basic Device Software (HKLM\...\{14AFF408-F4FB-4F71-B9A3-C6A1096802BF}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
    HP Photosmart 5510 series Help (HKLM\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Photosmart 5510 series Product Improvement Study (HKLM\...\{ED696A09-A237-4A29-95FF-95DC4AA8EA1A}) (Version: 24.0.342.0 - Hewlett-Packard Co.)
    HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
    iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
    Java 7 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217065F0}) (Version: 7.0.650 - Oracle)
    Java 7 Update 80 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217080FF}) (Version: 7.0.800 - Oracle)
    Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
    Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
    K-Lite Codec Pack 9.4.0 (Basic) (HKLM\...\KLiteCodecPack_is1) (Version: 9.4.0 - )
    Lagarith Lossless Codec (1.3.27) (HKLM\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
    LAME v3.99.3 (for Windows) (HKLM\...\LAME_is1) (Version: - )
    Leawo Video Converter version 6.0.0.0 (HKLM\...\{331ED3CF-3A1B-467C-9A62-899E2D3B20C4}_is1) (Version: 6.0.0.0 - Leawo Software Co.,Ltd.)
    Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
    Microsoft Office 2000 Premium (HKLM\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 38.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    Nero 6 Ultra Edition (HKLM\...\Nero - Burning Rom!UninstallKey) (Version: - )
    QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    RocketDock 1.3.5 (HKLM\...\RocketDock_is1) (Version: - Punk Software)
    Sigil 0.7.4 (HKLM\...\Sigil_is1) (Version: - John Schember)
    Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
    System Ninja version 3.0.6 (HKLM\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 3.0.6 - SingularLabs)
    TP-LINK Wireless Client Utility (HKLM\...\{1E03C8BE-0848-430F-BECA-7D7709401626}) (Version: 7.0 - TP-LINK)
    TreeSize Free V2.4 (HKLM\...\TreeSize Free_is1) (Version: 2.4 - JAM Software)
    Unchecky v0.3.7.5 (HKLM\...\Unchecky) (Version: 0.3.7.5 - RaMMicHaeL)
    Unknown Device Identifier 8.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.01 - Huntersoft)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
    VIA Rhine Family Fast Ethernet Adapter (HKLM\...\VN_VUIns_Rhine_VIA) (Version: - VIA Technologies, Inc.)
    WinRAR 5.21 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
    WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E6}) (Version: 19.0.11294 - WinZip Computing, S.L. )
    WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E8}) (Version: 19.5.11475 - WinZip Computing, S.L. )
    Wipe (HKLM\...\wipe) (Version: 2015.05 - PrivacyRoot.com)
    Xvid Video Codec (HKLM\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
    Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.14.667 - Zemana Ltd.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> %SystemDrive%\Users\Brewster\AppData\Roaming\Microsoft\MSXML2\msxml4.dll No File
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}\InprocServer32 -> C:\Users\Brewster\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}\InprocServer32 -> C:\Users\Brewster\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
    CustomCLSID: HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}\InprocServer32 -> C:\Users\Brewster\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)

    ==================== Restore Points =========================


    ==================== Hostscontent: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-05-24 12:41 - 2015-05-25 11:22 - 00002010 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
    0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com

    There are 5 more lines.


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {24F8CBBC-666B-4BDA-A488-609A035BADD7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
    Task: {264881F8-72AE-4A51-A464-C97CAAE52FB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
    Task: {27979A2A-8C5B-4F5D-B3DF-E1B1E6F1B8DC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Brewster\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-04-15] ()
    Task: {4E03FDC6-9452-47D4-A38A-C925C57067FE} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
    Task: {533DC729-ABB0-4EAD-B38B-EA6D251804B6} - System32\Tasks\{9431D8AA-4251-4929-A61C-77D7F05763F7} => pcalua.exe -a H:\install.exe -d H:\
    Task: {6315A5ED-A71A-4432-92B5-8C43DA68EE33} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {74D4CD44-98D6-4500-99F9-F0D6983C621A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-22] (Avast Software s.r.o.)
    Task: {7D267275-6939-47CA-80DA-79F3449009E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {82E0EC63-16B7-4BAE-BBE3-810A4E84032A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {AC344371-414A-4CD1-B7AF-E9FCB4CF5481} - \HP Photo Creations Messager No Task File <==== ATTENTION
    Task: {CD831DED-AA3F-4D5C-AF3C-E5B9CEDEDFD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {DA32B882-B8D1-4EC4-9B6C-06800563E02D} - System32\Tasks\{76DA891A-32C0-4E0C-BEA3-4BF381112203} => pcalua.exe -a "C:\Users\Brewster\Downloads\Display Driver Uninstaller.exe" -d C:\Users\Brewster\Downloads

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Brewster\AppData\Roaming\HP Photo Creations\Communicator.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-05-22 11:26 - 2015-05-22 11:26 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-05-22 11:26 - 2015-05-22 11:26 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-05-25 10:00 - 2015-05-25 10:00 - 02931200 _____ () C:\Program Files\AVAST Software\Avast\defs\15052500\algo.dll
    2001-07-31 11:17 - 2001-07-31 11:17 - 00094274 _____ () C:\Windows\System32\HPBHealr.dll
    2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2014-04-07 15:22 - 2007-09-02 14:57 - 00069632 _____ () C:\Program Files\RocketDock\RocketDock.dll
    2015-05-21 19:35 - 2015-05-24 14:29 - 00101744 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
    2015-04-12 11:04 - 2015-04-12 11:04 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-04-07 15:22 - 2007-09-02 14:58 - 00495616 _____ () C:\Program Files\RocketDock\RocketDock.exe
    2015-05-17 16:31 - 2015-05-17 16:31 - 16867504 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.254

    ==================== MSCONFIG/TASK MANAGER Error getting ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FAH.lnk => C:\Windows\pss\FAH.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
    MSCONFIG\startupfolder: C:^Users^Brewster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk => C:\Windows\pss\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Brewster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OptimizerProInstaller.lnk => C:\Windows\pss\OptimizerProInstaller.lnk.Startup
    MSCONFIG\startupfolder: C:^Users^Brewster^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Wipe Tray Agent.lnk => C:\Windows\pss\Wipe Tray Agent.lnk.Startup
    MSCONFIG\startupreg: btbb_McciTrayApp => "C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe"
    MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    MSCONFIG\startupreg: HP Photosmart 5510 series (NET) => "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1610B0LL05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    MSCONFIG\startupreg: RocketDock => "C:\Program Files\RocketDock\RocketDock.exe"
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    MSCONFIG\startupreg: uTorrent => "C:\Users\Brewster\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: Wipe Maintance => "C:\Program Files\Wipe\net1.exe" windowsStartup
    MSCONFIG\startupreg: Zemana AntiMalware => "C:\Program Files\Zemana AntiMalware\ZAM.exe" /minimized

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{C127B65D-17B6-4678-BE60-58A5F0A09098}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [{80330388-6140-430C-A2B3-615F69E42114}] => (Allow) C:\Users\Brewster\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{476172E8-AE42-42E0-964C-F71AD2CC768A}] => (Allow) C:\Users\Brewster\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{553DA81F-0634-48BA-9B63-CF6FEF73FCDD}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe
    FirewallRules: [{818056BC-C971-4E82-8859-1AABF354986D}] => (Allow) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [TCP Query User{D4064183-E747-4358-843B-51349F8EFAD3}C:\windows.old\program files\leawo\video converter\loadingscreen.exe] => (Allow) C:\windows.old\program files\leawo\video converter\loadingscreen.exe
    FirewallRules: [UDP Query User{034143DF-8DB4-4B40-ABCA-5E65EE8BF509}C:\windows.old\program files\leawo\video converter\loadingscreen.exe] => (Allow) C:\windows.old\program files\leawo\video converter\loadingscreen.exe
    FirewallRules: [TCP Query User{BC8E54AD-1AA5-4711-8246-F9D762D01307}C:\users\brewster\documents\leawo\video converter\loadingscreen.exe] => (Allow) C:\users\brewster\documents\leawo\video converter\loadingscreen.exe
    FirewallRules: [UDP Query User{B7EAA2C1-F861-42D0-8468-D7F8B9BC54D0}C:\users\brewster\documents\leawo\video converter\loadingscreen.exe] => (Allow) C:\users\brewster\documents\leawo\video converter\loadingscreen.exe
    FirewallRules: [{2FD4D2A8-31AC-42CB-8CA4-D1EA88F82EDF}] => (Allow) C:\Users\Brewster\AppData\Roaming\uTorrent\updates\3.4.1_30740.exe
    FirewallRules: [{86DF18A6-8F32-4D67-9946-5BE32DA7B6AA}] => (Allow) C:\Users\Brewster\AppData\Roaming\uTorrent\updates\3.4.1_30740.exe
    FirewallRules: [{746F4FB5-7122-454F-900A-D6A5FE761F63}] => (Allow) C:\Users\Brewster\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{D94877E8-3498-4070-814A-3D83192DCB41}] => (Allow) C:\Users\Brewster\AppData\Roaming\uTorrent\uTorrent.exe
    FirewallRules: [{3E8FAD9E-D14A-45FA-A518-FFFFD7E38029}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    FirewallRules: [{8A76CFE8-B76B-4C17-979A-88565BDEC2A1}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe
    FirewallRules: [{287B38B8-BBFF-418C-95AE-35C11F6EB654}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    FirewallRules: [{F43D729A-E8CC-4676-ACA0-62C2E59AD75D}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe
    FirewallRules: [{4F294F09-B976-43E7-A172-975C45D65D55}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    FirewallRules: [{1DBFA4C3-8F5A-4D5E-A9C3-CA4ACCD50D2F}] => (Allow) C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
    FirewallRules: [TCP Query User{CA4CB17E-32AA-4E78-9F49-2DB96441810F}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
    FirewallRules: [UDP Query User{875EAA14-D46E-4B19-8E60-2BA7DA4D0793}C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe] => (Allow) C:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe
    FirewallRules: [TCP Query User{BFD86C7A-F2FD-4801-8ED8-BDF6ED408C22}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [UDP Query User{884DBCD9-199E-4657-8FFF-633186BB8F7D}C:\program files\divx\divx media server\divxmediaserver.exe] => (Allow) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [{A62230A2-9383-4E84-A331-DB8A1A757ED2}] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [{2BB548B4-A7E0-41C6-BA78-70431CD03864}] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [{325DE895-F79C-40A7-A6EB-8D6848833CB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{775E4384-F60B-42F6-BC55-22E9D0B52E22}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{8BA59169-9B07-4AC4-B436-7F6189460E82}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{68175834-3244-4DCE-AB95-8ADFFC9C8DA7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{10FB7EBF-B53D-4213-97A3-29776A4AFA67}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [TCP Query User{81EFD23E-D29A-49D8-9C50-C203F89995C7}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{9D2A17CE-0891-4AEC-9C7E-E774064D14A9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{035C0009-0E76-44F2-9A74-9EF826C033D6}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
    FirewallRules: [TCP Query User{1E62945F-4139-42EB-B2BC-64AB9A841087}C:\program files\leawo\video converter\loadingscreen.exe] => (Allow) C:\program files\leawo\video converter\loadingscreen.exe
    FirewallRules: [UDP Query User{A8B72551-412A-4AFE-BA37-99879EB92ACA}C:\program files\leawo\video converter\loadingscreen.exe] => (Allow) C:\program files\leawo\video converter\loadingscreen.exe
    FirewallRules: [{9DEC3D88-FA23-4444-B6CC-156C2F4C7FDF}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{485BA461-6118-4FA8-B75C-F50B3A83A73A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe

    ==================== Faulty Device Manager Devices =============

    Name: Microsoft Teredo Tunneling Adapter
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/25/2015 11:23:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/25/2015 10:32:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
    Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0xd30
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (05/25/2015 10:01:05 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT AUTHORITY)
    Description: Application or service 'ZAM Controller Service' could not be shut down.

    Error: (05/25/2015 09:58:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 03:16:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 03:12:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Explorer.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 0034B463

    Error: (05/24/2015 00:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 11:53:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/23/2015 01:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
    Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0x91c
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (05/23/2015 00:40:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (05/25/2015 11:22:55 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (05/25/2015 11:22:43 AM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (05/25/2015 11:08:43 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/25/2015 11:08:42 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/25/2015 11:08:41 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/25/2015 11:08:40 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/25/2015 11:08:39 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (05/25/2015 09:57:59 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126

    Error: (05/25/2015 09:57:49 AM) (Source: volsnap) (EventID: 25) (User: )
    Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

    Error: (05/24/2015 03:16:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126


    Microsoft Office:
    =========================
    Error: (05/25/2015 11:23:02 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/25/2015 10:32:29 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa1d3001d096c9e7ae4d24C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllf5e2dc50-02c0-11e5-adce-000c76847797

    Error: (05/25/2015 10:01:05 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: NT AUTHORITY)
    Description: 1C:\Program Files\Zemana AntiMalware\ZAM.exeZAM Controller Service030262161352143003A005C00500072006F006700720061006D002000460069006C00650073005C005A0065006D0061006E006100200041006E00740069004D0061006C0077006100720065005C005A0041004D002E006500780065000000

    Error: (05/25/2015 09:58:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 03:16:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 03:12:41 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
    Description: Application: Explorer.exe
    Framework Version: v4.0.30319
    Description: The process was terminated due to an unhandled exception.
    Exception Info: exception code c0000005, exception address 0034B463

    Error: (05/24/2015 00:47:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/24/2015 11:53:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (05/23/2015 01:03:57 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa191c01d0954de1383dbaC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllc9df8ff2-0143-11e5-935d-000c76847797

    Error: (05/23/2015 00:40:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-25 11:42:34.744
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 11:42:34.121
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 11:42:31.969
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Desktop\ZemanaAntiMalware(1).exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 11:42:31.400
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Desktop\ZemanaAntiMalware(1).exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 10:27:54.514
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 10:27:53.908
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 10:27:53.290
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-25 10:27:52.636
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-24 18:53:08.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Desktop\ZemanaAntiMalware(1).exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-24 18:53:05.742
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Desktop\ZemanaAntiMalware(1).exe because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz
    Percentage of memory in use: 32%
    Total physical RAM: 3327.55 MB
    Available physical RAM: 2260.91 MB
    Total Pagefile: 6651.36 MB
    Available Pagefile: 5569.15 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1897.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:149.04 GB) (Free:62.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive f: () (Fixed) (Total:74.52 GB) (Free:36.33 GB) NTFS
    Drive h: () (Fixed) (Total:931.51 GB) (Free:306.57 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: D2A8D2A8)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: E02AE02A)
    Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 57524F4B)
    Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

    ==================== End of log ============================
    And to Finish With

    Zoek.exe v5.0.0.0 Updated 04-May-2015
    Tool run by Brewster on 25/05/2015 at 10:30:05.51.
    Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Brewster\Desktop\zoek.exe [Scan all users] [Script inserted]

    ==== Older Logs ======================

    C:\zoek-results2015-03-04-162941.log 27245 bytes

    ==== System Restore Info ======================

    25/05/2015 10:31:57 Zoek.exe System Restore Point Created Successfully.

    ==== Reset Hosts File ======================

    # Copyright (c) 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    # 102.54.94.97 rhino.acme.com # source server
    # 38.25.63.10 x.acme.com # x client host
    # localhost name resolution is handled within DNS itself.
    127.0.0.1 localhost
    ::1 localhost

    ==== Empty Folders Check ======================

    C:\Program Files\Common Files\MicroWorld deleted successfully
    C:\PROGRA~2\BlueStacksSetup deleted successfully
    C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) deleted successfully
    C:\PROGRA~2\TP-LINK deleted successfully
    C:\Users\Brewster\AppData\Roaming\Vso deleted successfully
    C:\Users\Brewster\AppData\Local\MigWiz deleted successfully
    C:\Users\Margies\AppData\Local\Google deleted successfully

    ==== Checking Systemdrive for Symlinks ======================

    Volume in drive C has no label.
    Volume Serial Number is E0DB-5195

    Directory of C:\

    14/07/2009 05:53 <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes

    Directory of C:\ProgramData

    14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes

    Directory of C:\ProgramData\Oracle\Java\javapath

    18/05/2015 13:54 <SYMLINK> java.exe [C:\Program Files\Java\jre1.8.0_45\bin\java.exe]
    18/05/2015 13:54 <SYMLINK> javaw.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe]
    18/05/2015 13:54 <SYMLINK> javaws.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe]
    3 File(s) 0 bytes

    Directory of C:\Users

    14/07/2009 05:53 <SYMLINKD> All Users [C:\ProgramData]
    14/07/2009 05:53 <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes

    Directory of C:\Users\All Users

    14/07/2009 05:53 <JUNCTION> Application Data [C:\ProgramData]
    14/07/2009 05:53 <JUNCTION> Desktop [C:\Users\Public\Desktop]
    14/07/2009 05:53 <JUNCTION> Documents [C:\Users\Public\Documents]
    14/07/2009 05:53 <JUNCTION> Favorites [C:\Users\Public\Favorites]
    14/07/2009 05:53 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    14/07/2009 05:53 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes

    Directory of C:\Users\All Users\Oracle\Java\javapath

    18/05/2015 13:54 <SYMLINK> java.exe [C:\Program Files\Java\jre1.8.0_45\bin\java.exe]
    18/05/2015 13:54 <SYMLINK> javaw.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaw.exe]
    18/05/2015 13:54 <SYMLINK> javaws.exe [C:\Program Files\Java\jre1.8.0_45\bin\javaws.exe]
    3 File(s) 0 bytes

    Directory of C:\Users\Brewster

    05/04/2014 18:30 <JUNCTION> Application Data [C:\Users\Brewster\AppData\Roaming]
    05/04/2014 18:30 <JUNCTION> Cookies [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Cookies]
    05/04/2014 18:30 <JUNCTION> Local Settings [C:\Users\Brewster\AppData\Local]
    05/04/2014 18:30 <JUNCTION> My Documents [C:\Users\Brewster\Documents]
    05/04/2014 18:30 <JUNCTION> NetHood [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    05/04/2014 18:30 <JUNCTION> PrintHood [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    05/04/2014 18:30 <JUNCTION> Recent [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Recent]
    05/04/2014 18:30 <JUNCTION> SendTo [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\SendTo]
    05/04/2014 18:30 <JUNCTION> Start Menu [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu]
    05/04/2014 18:30 <JUNCTION> Templates [C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes

    Directory of C:\Users\Brewster\AppData\Local

    05/04/2014 18:30 <JUNCTION> Application Data [C:\Users\Brewster\AppData\Local]
    05/04/2014 18:30 <JUNCTION> History [C:\Users\Brewster\AppData\Local\Microsoft\Windows\History]
    05/04/2014 18:30 <JUNCTION> Temporary Internet Files [C:\Users\Brewster\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes

    Directory of C:\Users\Brewster\AppData\LocalLow

    06/05/2014 20:00 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
    0 File(s) 0 bytes

    Directory of C:\Users\Brewster\Documents

    05/04/2014 18:30 <JUNCTION> My Music [C:\Users\Brewster\Music]
    05/04/2014 18:30 <JUNCTION> My Pictures [C:\Users\Brewster\Pictures]
    05/04/2014 18:30 <JUNCTION> My Videos [C:\Users\Brewster\Videos]
    0 File(s) 0 bytes

    Directory of C:\Users\Margies

    29/05/2014 12:23 <JUNCTION> Application Data [C:\Users\Margies\AppData\Roaming]
    29/05/2014 12:23 <JUNCTION> Cookies [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\Cookies]
    29/05/2014 12:23 <JUNCTION> Local Settings [C:\Users\Margies\AppData\Local]
    29/05/2014 12:23 <JUNCTION> My Documents [C:\Users\Margies\Documents]
    29/05/2014 12:23 <JUNCTION> NetHood [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    29/05/2014 12:23 <JUNCTION> PrintHood [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    29/05/2014 12:23 <JUNCTION> Recent [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\Recent]
    29/05/2014 12:23 <JUNCTION> SendTo [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\SendTo]
    29/05/2014 12:23 <JUNCTION> Start Menu [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\Start Menu]
    29/05/2014 12:23 <JUNCTION> Templates [C:\Users\Margies\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes

    Directory of C:\Users\Margies\AppData\Local

    29/05/2014 12:23 <JUNCTION> Application Data [C:\Users\Margies\AppData\Local]
    29/05/2014 12:23 <JUNCTION> History [C:\Users\Margies\AppData\Local\Microsoft\Windows\History]
    29/05/2014 12:23 <JUNCTION> Temporary Internet Files [C:\Users\Margies\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes

    Directory of C:\Users\Margies\Documents

    29/05/2014 12:23 <JUNCTION> My Music [C:\Users\Margies\Music]
    29/05/2014 12:23 <JUNCTION> My Pictures [C:\Users\Margies\Pictures]
    29/05/2014 12:23 <JUNCTION> My Videos [C:\Users\Margies\Videos]
    0 File(s) 0 bytes

    Directory of C:\Users\Public\Documents

    14/07/2009 05:53 <JUNCTION> My Music [C:\Users\Public\Music]
    14/07/2009 05:53 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    14/07/2009 05:53 <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes

    Directory of C:\Windows\AppPatch

    06/12/2014 17:13 <SYMLINKD> nbin [C:\PROGRA~1\SearchProtect\SearchProtect\bin]
    0 File(s) 0 bytes

    Total Files Listed:
    6 File(s) 0 bytes
    52 Dir(s) 64,980,168,704 bytes free


    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== Batch Command(s) Run By Tool======================


    ==== Deleting Files \ Folders ======================

    C:\PROGRA~2\Malwarebytes' Anti-Malware (portable) not found
    C:\Users\Brewster\AppData\Roaming\calibre deleted
    C:\Windows\system32\Tasks\HP Photo Creations Messager deleted
    C:\Users\Brewster\AppData\Roaming\pcouffin.log deleted
    C:\Windows\system32\config\systemprofile\Searches deleted

    ==== Firefox Start and Search pages ======================

    ProfilePath: C:\Users\Margies\AppData\Roaming\Mozilla\Firefox\Profiles\9nn3l12p.default
    user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
    user_pref("browser.newtab.url", "about:newtab");
    user_pref("browser.search.defaultengine", "Google");
    user_pref("browser.search.defaultenginename", "Google");
    user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [22/05/2015 11:26]

    ==== Firefox Extensions ======================

    AppDir: C:\Program Files\Mozilla Firefox
    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    - Motive Extension - %AppDir%\browser\extensions\mcciwbch@motive.com.xpi

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341
    D937A4645EFF8CB4F123E3C899C052B2 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.7.6
    049BD7AD3B94F24FA274ED1F7FC5871B - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.7.6
    F9DE379CE8A782530A4FA0B731F3A49B - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.7.6
    5D4279248A0E506CF007BD51EBF74CEA - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.7.6
    559E8D42BE485208F1C4BB294D6840A4 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.7.6
    DC26A2A219E08DE10320E8B7D5433690 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat
    E42650C972D21F334EB0D3264941DCD7 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat
    569F3EEB63E784E13F295F13C724243D - C:\Users\Brewster\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll - RocketLife Secure Plug-In Layer
    56ED4DECEB5A1BC5DD3DC93463F66755 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll - Motive Management Plug-in
    5430D02D3385DE9DF80BE0CF267F9B39 - C:\Program Files\Common Files\Motive\npMotive.dll - Motive Plug-in
    D31C4608FDCD9CEB756F45E91DCF64F8 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45
    66F9ADD8A2335EF9870AFDA4F35F492B - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.14
    46A59E6F7F7C1679AC7C4655E055326D - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector
    2E661988463BCFA1B95D4DAAB9B0B6FA - C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll - Shockwave Flash


    ==== Chromium Look ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[12/04/2015 11:03]

    avast Online Security - Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
    undetermined - Brewster\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpleipinonnoibneeejgjnoeekmbopbc

    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    "Search Bar"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://www.google.com/ie"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="about:newtab"
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
    "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={sea...rce}&ie={inputEncoding?}&oe={outputEncoding?}"

    ==== shortcuts on Users Desktops ======================

    C:\Users\Brewster\Desktop\Adware-Removal-Tool-v3.9.1.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\Adware-Removal-Tool-v3.9.1.exe
    C:\Users\Brewster\Desktop\DuplicateFileFinder - Shortcut.lnk - C:\Users\Brewster\Documents\Auslogics\Auslogics Duplicate File Finder\DuplicateFileFinder.exe
    C:\Users\Brewster\Desktop\DVD Decrypter.lnk - C:\Windows.old\Program Files\DVD Decrypter\DVDDecrypter.exe
    C:\Users\Brewster\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe
    C:\Users\Brewster\Desktop\esetsmartinstaller_enu.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\esetsmartinstaller_enu.exe
    C:\Users\Brewster\Desktop\HP Photo Creations.lnk - C:\Users\Brewster\AppData\Roaming\HP Photo Creations\PhotoProduct.exe
    C:\Users\Brewster\Desktop\JRT.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\JRT.exe
    C:\Users\Brewster\Desktop\Kindle.lnk - C:\Users\Brewster\AppData\Local\Amazon\Kindle\application\Kindle.exe
    C:\Users\Brewster\Desktop\MWAVSCAN.lnk - C:\Users\Brewster\AppData\Local\Temp\mwavscan.exe
    C:\Users\Brewster\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
    C:\Users\Brewster\Desktop\RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe
    C:\Users\Brewster\Desktop\SecurityCheck.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\SecurityCheck.exe
    C:\Users\Brewster\Desktop\TCPOptimizer.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\TCPOptimizer.exe
    C:\Users\Brewster\Desktop\TeamViewerQS.lnk - F:\Misc Documents\Ei Systems Drivers\Downloads\TeamViewerQS.exe
    C:\Users\Brewster\Desktop\Unknown Device Identifier.lnk - C:\Program Files\Unknown Device Identifier\UnknownDeviceIdentifier.exe
    C:\Users\Brewster\Desktop\Wipe.lnk - C:\Program Files\Wipe\Wipe.exe
    C:\Users\Brewster\Desktop\ZemanaAntiMalware.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\ZemanaAntiMalware.exe
    C:\Users\Brewster\Desktop\ZHPCleaner-2015.5.22.248.exe - Shortcut.lnk - C:\Users\Brewster\Downloads\ZHPCleaner-2015.5.22.248.exe
    C:\Users\Brewster\Desktop\********.lnk -
    C:\Users\Margies\Desktop\DVD Decrypter.lnk - C:\Windows.old\Program Files\DVD Decrypter\DVDDecrypter.exe
    C:\Users\Margies\Desktop\DVD Shrink 3.2.lnk - C:\Program Files\DVD Shrink\DVD Shrink 3.2.exe

    ==== shortcuts on All Users Desktop ======================

    C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Users\Public\Desktop\Audacity.lnk - C:\Program Files\Audacity\audacity.exe
    C:\Users\Public\Desktop\Avast Free Antivirus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Users\Public\Desktop\BT Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe -APPKEY=btbb -hidden -URL=file://C:\Program Files\BT Broadband Desktop Help\btbb/Start.html
    C:\Users\Public\Desktop\Free PDF to JPG Converter.lnk - C:\Program Files\Free PDF Solutions\Free PDF to JPG Converter\PDF_Converter.exe
    C:\Users\Public\Desktop\HP ePrintCenter - HP Photosmart 5510 series.lnk - C:\Program Files\HP\HP Photosmart 5510 series\ePrintCenterShortcut.url
    C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk - C:\Program Files\HP\HP Photosmart 5510 series\Bin\HP Photosmart 5510 series.exe
    C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files\QuickTime\QuickTimePlayer.exe
    C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5510 series.lnk - C:\Program Files\HP\HP Photosmart 5510 series\Bin\hpqDTSS.exe
    C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy.exe
    C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\Public\Desktop\System Ninja.lnk - C:\Program Files\System Ninja\System Ninja.exe
    C:\Users\Public\Desktop\Unchecky.lnk - C:\Program Files\Unchecky\Unchecky.exe
    C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
    C:\Users\Public\Desktop\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE
    C:\Users\Public\Desktop\Zemana AntiMalware.lnk - C:\Program Files\Zemana AntiMalware\ZAM.exe

    ==== shortcuts in Users Start Menu ======================

    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Kindle.lnk - C:\Users\Brewster\AppData\Local\Amazon\Kindle\application\Kindle.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon\Amazon Kindle\Uninstall Kindle.lnk - C:\Users\Brewster\AppData\Local\Amazon\Kindle\application\uninstall.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk - C:\Users\Brewster\AppData\Roaming\HP Photo Creations\PhotoProduct.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk - C:\Users\Brewster\AppData\Roaming\HP Photo Creations\remove.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm
    C:\Users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

    ==== shortcuts in All Users Start Menu ======================

    C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk - C:\Program Files\WinZip\WINZIP32.EXE
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics\DiskDefrag\Auslogics DiskDefrag.lnk - C:\Program Files\Auslogics\DiskDefrag\DiskDefrag.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\calibre - E-book management.lnk - C:\Program Files\Calibre2\calibre.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\E-book viewer.lnk - C:\Program Files\Calibre2\ebook-viewer.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\Edit E-book.lnk - C:\Program Files\Calibre2\ebook-edit.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management\LRF viewer.lnk - C:\Program Files\Calibre2\lrfviewer.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab about
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe -tab update
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_45\bin\javacpl.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\vsfilter.dll",DirectVobSub
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configureAudio
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax",configure
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavaudio.ax",OpenConfiguration
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavsplitter.ax",OpenConfiguration
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\system32\rundll32.exe "C:\Program Files\K-Lite Codec Pack\Filters\LAV\lavvideo.ax",OpenConfiguration
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files\K-Lite Codec Pack\Tools\CodecTweakTool.exe /resetsettings
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files\K-Lite Codec Pack\Info\faq.htm
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files\K-Lite Codec Pack\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Video Converter\Leawo Video Converter.lnk - C:\Program Files\Leawo\Video Converter\VideoConverter.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Video Converter\Video Converter Uninstall.lnk - C:\Program Files\Leawo\Video Converter\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Video Converter\Xvid\Configure Decoder.lnk - C:\Windows\System32\rundll32.exe xvid.ax,Configure
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo\Video Converter\Xvid\Licence.lnk - C:\Program Files\Leawo\Video Converter\Xvid\License.txt
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja\System Ninja.lnk - C:\Program Files\System Ninja\System Ninja.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Ninja\Uninstall System Ninja.lnk - C:\Program Files\System Ninja\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE\Toolwiz Smart Defrag FREE.lnk - C:\Program Files\Toolwiz Smart Defrag FREE\SmartDefrag.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE\Uninstall.lnk - C:\Program Files\Toolwiz Smart Defrag FREE\unins001.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky\Unchecky.lnk - C:\Program Files\Unchecky\Unchecky.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky\Uninstall.lnk - C:\Program Files\Unchecky\uninstall.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files\WinRAR\Rar.txt
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files\WinRAR\WhatsNew.txt
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files\WinRAR\WinRAR.chm
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip 19.5.lnk - C:\Program Files\WinZip\WINZIP32.EXE
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe\Activation of PRO version.lnk - C:\Program Files\Wipe\net1.exe activate
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe\Search for free updates.lnk - C:\Program Files\Wipe\net1.exe updates
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wipe\Wipe.lnk - C:\Program Files\Wipe\Wipe.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware\Zemana AntiMalware.lnk - C:\Program Files\Zemana AntiMalware\ZAM.exe

    ==== shortcuts in Quick Launch ======================

    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXToDVD 5.lnk - C:\Program Files\VSO\ConvertX\5\ConvertXtoDvd.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDvd.lnk - C:\Program Files\VSO\ConvertX\3\ConvertXtoDvd.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WinX HD Video Converter Deluxe.lnk - C:\Program Files\Digiarty\WinX_HD_Video_Converter_Deluxe\WinX_HD_Video_Converter_Deluxe.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WorldofTanks.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\********.lnk -
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\calibre - E-book management.lnk - C:\Program Files\Calibre2\calibre.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Brewster\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Task Manager.lnk - C:\Windows\System32\taskmgr.exe
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
    C:\Users\Margies\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

    ==== Empty IE Cache ======================

    C:\Users\Brewster\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\Brewster\AppData\Local\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341\cache2 emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\Brewster\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=1126 folders=124 144092790 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Brewster\AppData\Local\temp will be emptied at reboot
    C:\Users\Default\AppData\Local\temp emptied successfully
    C:\Users\Default User\AppData\Local\temp emptied successfully
    C:\Users\Margies\AppData\Local\temp emptied successfully
    C:\Users\Public\AppData\Local\temp emptied successfully
    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\Windows\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\Windows\Temp successfully emptied
    C:\Users\Brewster\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on 25/05/2015 at 11:23:35.09 ===================
     
  3. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Download attached fixlist.txt file and save it to the Desktop.

    NOTE. It's important that both files, FRST/FRST64andfixlist.txt are in the same location or the fix will not work.

    NOTICE:This script was written specifically for this user,for use on that particular machine.Running this on another machine may cause damage to your operating system

    RunFRST/FRST64and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally.After that let the tool complete its run.When finished FRST will generate a log on the Desktop(Fixlog.txt).Please post it to your reply.
     

    Attached Files:

  4. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Then, one final scan. Tell me how things are after that. :)
    http://www.tgsoft.it/english/download_eng.asp

    This is a fully functional free 3 month trial it is really low on resources and can run along side Avast no issue, you can use this to scan your machine for free the next couple of months. Run a full scan with the program.
     
  5. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Fix result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
    Ran by Brewster at 2015-05-25 18:00:55 Run:1
    Running from C:\Users\Brewster\Desktop
    Loaded Profiles: Brewster (Available Profiles: Brewster & Margies)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    c:\windows\pss\OptimizerProInstaller.lnk.Startup
    c:\users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk
    C:\PROGRA~1\SearchProtect\SearchProtect\bin
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Handler: WSISVCUchrome - {78A543EB-3A61-4ED3 - No File
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll No File
    FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
    S3 catchme; \??\C:\Users\Brewster\AppData\Local\Temp\catchme.sys [X]
    C:\Windows\system32\GWX
    2014-04-07 14:54 - 2015-01-20 12:17 - 0007887 _____ () C:\Users\Brewster\AppData\Roaming\pcouffin.cat
    2014-04-07 14:54 - 2015-01-20 12:17 - 0001144 _____ () C:\Users\Brewster\AppData\Roaming\pcouffin.inf
    2014-04-07 14:54 - 2015-01-20 12:17 - 0047360 _____ (VSO Software) C:\Users\Brewster\AppData\Roaming\pcouffin.sys
    2014-10-02 12:07 - 2015-04-10 13:23 - 0006144 _____ () C:\Users\Brewster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-02-18 18:22 - 2015-02-18 18:22 - 0234679 _____ () C:\Users\Brewster\AppData\Local\dsi1.dat
    2015-02-18 18:22 - 2015-02-18 18:22 - 0161916 _____ () C:\Users\Brewster\AppData\Local\dsi2.dat
    2014-05-09 13:31 - 2015-02-15 14:17 - 0007606 _____ () C:\Users\Brewster\AppData\Local\Resmon.ResmonCfg
    2014-04-07 17:43 - 2014-04-07 17:43 - 0000057 _____ () C:\ProgramData\Ament.ini
    C:\Windows\logo1_.exe
    C:\Windows\logo_1.exe
    C:\Windows\RUNDL132.EXE
    C:\Windows\rundll16.exe
    C:\Windows\VDLL.DLL
    C:\Windows\System32\runouce.exe
    Task: {264881F8-72AE-4A51-A464-C97CAAE52FB4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19] (Adobe Systems Incorporated)
    Task: {27979A2A-8C5B-4F5D-B3DF-E1B1E6F1B8DC} - System32\Tasks\HP Photo Creations Communicator => C:\Users\Brewster\AppData\Roaming\HP Photo Creations\Communicator.exe [2011-04-15] ()
    Task: {4E03FDC6-9452-47D4-A38A-C925C57067FE} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2011-05-25] (Hewlett-Packard Co.)
    Task: {533DC729-ABB0-4EAD-B38B-EA6D251804B6} - System32\Tasks\{9431D8AA-4251-4929-A61C-77D7F05763F7} => pcalua.exe -a H:\install.exe -d H:\
    Task: {6315A5ED-A71A-4432-92B5-8C43DA68EE33} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
    Task: {7D267275-6939-47CA-80DA-79F3449009E0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {82E0EC63-16B7-4BAE-BBE3-810A4E84032A} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {AC344371-414A-4CD1-B7AF-E9FCB4CF5481} - \HP Photo Creations Messager No Task File <==== ATTENTION
    Task: {CD831DED-AA3F-4D5C-AF3C-E5B9CEDEDFD4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
    Task: {DA32B882-B8D1-4EC4-9B6C-06800563E02D} - System32\Tasks\{76DA891A-32C0-4E0C-BEA3-4BF381112203} => pcalua.exe -a "C:\Users\Brewster\Downloads\Display Driver Uninstaller.exe" -d C:\Users\Brewster\Downloads
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\Brewster\AppData\Roaming\HP Photo Creations\Communicator.exe
    FirewallRules: [{A62230A2-9383-4E84-A331-DB8A1A757ED2}] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe
    FirewallRules: [{2BB548B4-A7E0-41C6-BA78-70431CD03864}] => (Block) C:\program files\divx\divx media server\divxmediaserver.exe
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state On
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset catalog
    CMD: bitsadmin /reset /allusers
    hosts:
    Emptytemp:
    RemoveProxy:
    reboot:
    end








    *****************

    Restore point was successfully created.
    Processes closed successfully.
    c:\windows\pss\OptimizerProInstaller.lnk.Startup => Moved successfully.
    "c:\users\Brewster\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OptimizerProInstaller.lnk" => File/Folder not found.
    "C:\PROGRA~1\SearchProtect\SearchProtect\bin" => File/Folder not found.
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CCleaner Monitoring => value Removed successfully.
    "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    "HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully.
    HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully.
    "HKCR\PROTOCOLS\Handler\WSISVCUchrome" => key Removed successfully.
    "HKCR\PROTOCOLS\Handler\WSWSVCUchrome" => key Removed successfully.
    "HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key Removed successfully.
    "HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key Removed successfully.
    "HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2" => key Removed successfully.
    catchme => Service Removed successfully.
    C:\Windows\system32\GWX => Moved successfully.
    C:\Users\Brewster\AppData\Roaming\pcouffin.cat => Moved successfully.
    C:\Users\Brewster\AppData\Roaming\pcouffin.inf => Moved successfully.
    C:\Users\Brewster\AppData\Roaming\pcouffin.sys => Moved successfully.
    C:\Users\Brewster\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
    C:\Users\Brewster\AppData\Local\dsi1.dat => Moved successfully.
    C:\Users\Brewster\AppData\Local\dsi2.dat => Moved successfully.
    C:\Users\Brewster\AppData\Local\Resmon.ResmonCfg => Moved successfully.
    C:\ProgramData\Ament.ini => Moved successfully.
    C:\Windows\logo1_.exe => Moved successfully.
    C:\Windows\logo_1.exe => Moved successfully.
    C:\Windows\RUNDL132.EXE => Moved successfully.
    C:\Windows\rundll16.exe => Moved successfully.
    C:\Windows\VDLL.DLL => Moved successfully.
    C:\Windows\System32\runouce.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{264881F8-72AE-4A51-A464-C97CAAE52FB4} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{264881F8-72AE-4A51-A464-C97CAAE52FB4} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\Adobe Flash Player Updater => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27979A2A-8C5B-4F5D-B3DF-E1B1E6F1B8DC} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27979A2A-8C5B-4F5D-B3DF-E1B1E6F1B8DC} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\HP Photo Creations Communicator => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Photo Creations Communicator => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E03FDC6-9452-47D4-A38A-C925C57067FE} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E03FDC6-9452-47D4-A38A-C925C57067FE} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\HPCustParticipation HP Photosmart 5510 series => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPCustParticipation HP Photosmart 5510 series => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{533DC729-ABB0-4EAD-B38B-EA6D251804B6} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{533DC729-ABB0-4EAD-B38B-EA6D251804B6} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\{9431D8AA-4251-4929-A61C-77D7F05763F7} => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{9431D8AA-4251-4929-A61C-77D7F05763F7} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6315A5ED-A71A-4432-92B5-8C43DA68EE33} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6315A5ED-A71A-4432-92B5-8C43DA68EE33} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D267275-6939-47CA-80DA-79F3449009E0} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D267275-6939-47CA-80DA-79F3449009E0} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{82E0EC63-16B7-4BAE-BBE3-810A4E84032A} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82E0EC63-16B7-4BAE-BBE3-810A4E84032A} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC344371-414A-4CD1-B7AF-E9FCB4CF5481} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC344371-414A-4CD1-B7AF-E9FCB4CF5481} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP Photo Creations Messager => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CD831DED-AA3F-4D5C-AF3C-E5B9CEDEDFD4} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD831DED-AA3F-4D5C-AF3C-E5B9CEDEDFD4} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\Adobe Acrobat Update Task => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA32B882-B8D1-4EC4-9B6C-06800563E02D} => key could not remove. Access denied.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA32B882-B8D1-4EC4-9B6C-06800563E02D} => key could not remove. Access denied.
    C:\Windows\System32\Tasks\{76DA891A-32C0-4E0C-BEA3-4BF381112203} => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{76DA891A-32C0-4E0C-BEA3-4BF381112203} => key could not remove. Access denied.
    C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
    C:\Windows\Tasks\HP Photo Creations Communicator.job => Moved successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A62230A2-9383-4E84-A331-DB8A1A757ED2} => value Removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2BB548B4-A7E0-41C6-BA78-70431CD03864} => value Removed successfully.

    ========= netsh advfirewall reset =========

    Ok.


    ========= End of CMD: =========


    ========= netsh advfirewall set allprofiles state On =========

    Ok.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    0 out of 0 jobs canceled.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts restored successfully.

    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully.
    HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully.


    ========= End of RemoveProxy: =========

    EmptyTemp: => Removed 23.1 MB temporary data.


    The system needed a reboot.

    ==== End of Fixlog 18:01:59 ====

    Greetings and Salutations!
    Right then, I'm afraid things haven't changed as such:-
    3 mins from switch on to password entry, and then another 3.48 mins to bring yahoo up and the green circle to stop
    27 secs for ihf to come up and then a 6 - 10 sec delay from keyboard to monitor
    this is repeated for any site on the interwebnet e.g. google, internet explorer, if for instance I bring up a video (F1) it will eventually play without having to freeze with "buffering" and I also have a tablet which is fine so I am assuming the internet connection and download speed is not a problem.
    If I play music, use word, make or type a document, use hp print center, or use any function within the computer the response time is as expected!

    P.S. with the exception of virIT what do you want me to do with all the programmes that I have downloaded?
     
  6. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Can you tell me how the computer is running in safemode with networking?
    http://kb.eset.com/esetkb/index?page=content&id=SOLN2268

    Also a couple of final scans to make sure that nothing else is lurking.

    Please run the hitman pro scan, it is the same as the Zemana file you could not download. (instructions & Program)
    http://www.surfright.nl/en/hitmanpro/

    Also I need to see the following.

    Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center/Action Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.





    • [​IMG]TDSSKiller
    • Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
    • Click here to download RstHosts v2.0
    • Save the file to your desktop.
    • Right Click and Run as Administrator.
    [​IMG]


    9-Lab Scan

    Download 9-Lab Removal Tool. from one of the links below.

    CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

    http://9-lab.com/download/
    Install the program onto your computer, then right click the icon [​IMG] run as administrator.

    Go to the Update tab and update the program.

    [​IMG]

    Now go to the scanner tab and select Full Scan.

    [​IMG]

    Upon Scan Completion Click Show Results.

    [​IMG]

    Now click the Clean button.

    [​IMG]

    Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.
     
  7. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Once we make sure that there is no active rootkit, we can start repairing your machine. :)

    I hope you will stay with me on this one. :)

    Also if safe mode with networking allows you to have normal internet access then maybe avast may be causing issues, we will see. I have plenty of ideas on how to get your machine running correct. :D
     
    Last edited by a moderator: May 26, 2015
    Cameldung likes this.
  8. Belahzur

    Belahzur Freedom Fighter Moderator iHF Regular Security Advisor

    Joined:
    May 6, 2014
    Messages:
    316
    Likes Received:
    98
    Trophy Points:
    38
    Good work Mal, CF shows a few suspicious things there I saw, but you saw them too :)
     
    Malnutrition likes this.
  9. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    By all means, if I missed anything feel free to step in. :)
     
  10. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and Salutations!
    When I ran the computer on safemode and networking, the speed was back to normal, or at least back to normal for this antique!
    Code:
    HitmanPro 3.7.9.241
    www.hitmanpro.com
    
      Computer name . . . . : BREWSTER-PUTER
      Windows . . . . . . . : 6.1.1.7601.X86/2
      User name . . . . . . : Brewster-Puter\Brewster
      UAC . . . . . . . . . : Enabled
      License . . . . . . . : Free
    
      Scan date . . . . . . : 2015-05-27 11:54:20
      Scan mode . . . . . . : Normal
      Scan duration . . . . : 8m 35s
      Disk access mode  . . : Direct disk access (SRB)
      Cloud . . . . . . . . : Internet
      Reboot  . . . . . . . : No
    
      Threats . . . . . . . : 4
      Traces  . . . . . . . : 44
    
      Objects scanned . . . : 1,163,932
      Files scanned . . . . : 19,563
      Remnants scanned  . . : 252,920 files / 891,449 keys
    
    Suspicious files ____________________________________________________________
    
      C:\Users\Brewster\Desktop\FRST.exe
      Size . . . . . . . : 1,146,880 bytes
      Age  . . . . . . . : 2.0 days (2015-05-25 11:38:24)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : C5C56E927257214F0EA734FA82C13A20FCE5936FF25CFD05D806A9F5C24268FD
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
      Program has no publisher information but prompts the user for permission elevation.
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
    
      C:\VEXPLite\viritsvc.exe
      Size . . . . . . . : 106,496 bytes
      Age  . . . . . . . : 114.0 days (2015-02-02 12:19:06)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 6C4A762CA18EB884335932433512474B0CD44EBBEE6CCA6E41CEAD33A6026AEA
      Product  . . . . . : TG Soft viritsvc
      Publisher  . . . . : TG Soft Sas  www.tgsoft.it
      Description  . . . : VirIT eXplorer Service
      Version  . . . . . : 1.36.0.0
      Service  . . . . . : viritsvclite
      LanguageID . . . . : 1040
      Fuzzy  . . . . . . : 26.0
      The file name extension of this program is not common.
      Starts automatically as a service during system bootup.
      Program starts automatically without user intervention.
      Startup
      HKLM\SYSTEM\CurrentControlSet\Services\viritsvclite\
    
      C:\Windows\PEV.exe
      Size . . . . . . . : 256,000 bytes
      Age  . . . . . . . : 3.0 days (2015-05-24 12:14:25)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : AE0F5CC54E4B133DF66A54572A7CE52FAFF11F8FD0CAEAB088AAD3699D6EC924
      Fuzzy  . . . . . . : 22.0
      Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
      The .rsrc (resources) section in this program is set to executable. This is an indication of malware infection.
      Authors name is missing in version info. This is not common to most programs.
      Version control is missing. This file is probably created by an individual. This is not typical for most programs.
      Time indicates that the file appeared recently on this computer.
      The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      Program contains PE structure anomalies. This is not typical for most programs.
      Forensic Cluster
      -0.1s C:\Windows\SWXCACLS.exe
      -0.1s C:\Windows\SWSC.exe
      -0.0s C:\Windows\sed.exe
      -0.0s C:\Windows\grep.exe
      -0.0s C:\Windows\zip.exe
      -0.0s C:\Windows\SWREG.exe
      0.0s C:\Windows\PEV.exe
      0.0s C:\Windows\NIRCMD.exe
      0.0s C:\Windows\MBR.exe
    
    
    Malware remnants ____________________________________________________________
    
      HKLM\SOFTWARE\Classes\m\ (MySearchDial)
      HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SPPD\ (SearchProtect)
      HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPPD\ (SearchProtect)
      HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SPPD\ (SearchProtect)
    
    Potential Unwanted Programs _________________________________________________
    
      HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}\ (GlobalUpdate)
      HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}\ (GlobalUpdate)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)
      HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)
      HKU\.DEFAULT\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
      HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
      HKU\S-1-5-18\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}\ (FLV Player)
      HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
      HKU\S-1-5-21-3299126282-3657997626-4182433575-1000\Software\Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)
      HKU\S-1-5-21-3299126282-3657997626-4182433575-1000_Classes\CLSID\{bebbc426-4f16-4567-8fe1-be198c982027}\ (Speedial)
      HKU\S-1-5-21-3299126282-3657997626-4182433575-1001\Software\PepperZip\ (PepperZip)
    
    Cookies _____________________________________________________________________
    
      C:\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341\cookies.sqlite:atdmt.com
      C:\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341\cookies.sqlite:casalemedia.com
      C:\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341\cookies.sqlite:doubleclick.net
      C:\Users\Brewster\AppData\Roaming\Mozilla\Firefox\Profiles\yabp1zv0.default-1432304493341\cookies.sqlite:statse.webtrendslive.com
      C:\Users\Margies\AppData\Roaming\Mozilla\Firefox\Profiles\9nn3l12p.default\cookies.sqlite:ads.yahoo.com
    
    
    
    Farbar Service Scanner Version: 17-01-2015
    Ran by Brewster (administrator) on 27-05-2015 at 12:20:58
    Running from "C:\Users\Brewster\Desktop"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****

    13:00:23.0178 0x0a0c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
    13:00:26.0150 0x0a0c ============================================================
    13:00:26.0150 0x0a0c Current date / time: 2015/05/27 13:00:26.0150
    13:00:26.0150 0x0a0c SystemInfo:
    13:00:26.0151 0x0a0c
    13:00:26.0151 0x0a0c OS Version: 6.1.7601 ServicePack: 1.0
    13:00:26.0151 0x0a0c Product type: Workstation
    13:00:26.0151 0x0a0c ComputerName: BREWSTER-PUTER
    13:00:26.0152 0x0a0c UserName: Brewster
    13:00:26.0152 0x0a0c Windows directory: C:\Windows
    13:00:26.0152 0x0a0c System windows directory: C:\Windows
    13:00:26.0152 0x0a0c Processor architecture: Intel x86
    13:00:26.0152 0x0a0c Number of processors: 2
    13:00:26.0152 0x0a0c Page size: 0x1000
    13:00:26.0152 0x0a0c Boot type: Normal boot
    13:00:26.0152 0x0a0c ============================================================
    13:00:28.0371 0x0a0c KLMD registered as C:\Windows\system32\drivers\28006067.sys
    13:00:28.0739 0x0a0c System UUID: {46FC82C3-BC4D-348F-57C0-D62BDB996364}
    13:00:29.0602 0x0a0c Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 ( 149.05 Gb ), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:00:29.0602 0x0a0c Drive \Device\Harddisk1\DR1 - Size: 0x12A1F16000 ( 74.53 Gb ), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:00:29.0616 0x0a0c Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    13:00:36.0556 0x0a0c ============================================================
    13:00:36.0556 0x0a0c \Device\Harddisk0\DR0:
    13:00:36.0575 0x0a0c MBR partitions:
    13:00:36.0576 0x0a0c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
    13:00:36.0576 0x0a0c \Device\Harddisk1\DR1:
    13:00:36.0588 0x0a0c MBR partitions:
    13:00:36.0588 0x0a0c \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
    13:00:36.0588 0x0a0c \Device\Harddisk2\DR2:
    13:00:36.0588 0x0a0c MBR partitions:
    13:00:36.0588 0x0a0c \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    13:00:36.0589 0x0a0c ============================================================
    13:00:36.0599 0x0a0c C: <-> \Device\Harddisk0\DR0\Partition1
    13:00:36.0606 0x0a0c F: <-> \Device\Harddisk1\DR1\Partition1
    13:00:36.0636 0x0a0c H: <-> \Device\Harddisk2\DR2\Partition1
    13:00:36.0636 0x0a0c ============================================================
    13:00:36.0637 0x0a0c Initialize success
    13:00:36.0637 0x0a0c ============================================================
    13:00:38.0519 0x0f70 ============================================================
    13:00:38.0519 0x0f70 Scan started
    13:00:38.0519 0x0f70 Mode: Manual;
    13:00:38.0520 0x0f70 ============================================================
    13:00:38.0520 0x0f70 KSN ping started
    13:00:41.0011 0x0f70 KSN ping finished: true
    13:00:42.0651 0x0f70 ================ Scan system memory ========================
    13:00:42.0651 0x0f70 System memory - ok
    13:00:42.0651 0x0f70 ================ Scan services =============================
    13:00:42.0802 0x0f70 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    13:00:42.0808 0x0f70 !SASCORE - ok
    13:00:43.0135 0x0f70 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    13:00:43.0142 0x0f70 1394ohci - ok
    13:00:43.0190 0x0f70 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
    13:00:43.0201 0x0f70 ACPI - ok
    13:00:43.0236 0x0f70 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    13:00:43.0238 0x0f70 AcpiPmi - ok
    13:00:43.0352 0x0f70 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    13:00:43.0356 0x0f70 AdobeARMservice - ok
    13:00:43.0447 0x0f70 [ 00CC35F515079F5F94FABC3AC5C7D363, 7CE8B1715009602059DEDD6CBCA9C18EF079EDA344E7809813D6C0A395622B82 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    13:00:43.0457 0x0f70 AdobeFlashPlayerUpdateSvc - ok
    13:00:43.0535 0x0f70 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    13:00:43.0556 0x0f70 adp94xx - ok
    13:00:43.0606 0x0f70 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
    13:00:43.0617 0x0f70 adpahci - ok
    13:00:43.0680 0x0f70 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    13:00:43.0687 0x0f70 adpu320 - ok
    13:00:43.0739 0x0f70 [ 12E6A172D72AFC626727B8635DD17E39, 33B3D109C39DF6EA86AFC3C89A93657906E981D3D22FF854401BC7326990CC08 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    13:00:43.0742 0x0f70 AeLookupSvc - ok
    13:00:43.0822 0x0f70 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
    13:00:43.0833 0x0f70 AFD - ok
    13:00:43.0895 0x0f70 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
    13:00:43.0898 0x0f70 agp440 - ok
    13:00:43.0955 0x0f70 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
    13:00:43.0958 0x0f70 aic78xx - ok
    13:00:44.0016 0x0f70 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
    13:00:44.0019 0x0f70 ALG - ok
    13:00:44.0071 0x0f70 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
    13:00:44.0073 0x0f70 aliide - ok
    13:00:44.0128 0x0f70 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
    13:00:44.0131 0x0f70 amdagp - ok
    13:00:44.0154 0x0f70 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
    13:00:44.0156 0x0f70 amdide - ok
    13:00:44.0213 0x0f70 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    13:00:44.0216 0x0f70 AmdK8 - ok
    13:00:44.0238 0x0f70 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    13:00:44.0241 0x0f70 AmdPPM - ok
    13:00:44.0309 0x0f70 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    13:00:44.0313 0x0f70 amdsata - ok
    13:00:44.0378 0x0f70 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    13:00:44.0385 0x0f70 amdsbs - ok
    13:00:44.0441 0x0f70 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    13:00:44.0443 0x0f70 amdxata - ok
    13:00:44.0497 0x0f70 [ 81F97D8F8B3FB94A451CC6F7CF8B2965, 8DEBA4E47E1016D69740C0BB7CDD23852D86E0D42C1C1EA5A847ECB115C38CB1 ] AppID C:\Windows\system32\drivers\appid.sys
    13:00:44.0500 0x0f70 AppID - ok
    13:00:44.0536 0x0f70 [ F5090F8FA6757C58E17BAEAA86093636, 5E14CF3032DF5801240F45C59AA93962EA41AA5648A0C6458D16D9B9D95A131F ] AppIDSvc C:\Windows\System32\appidsvc.dll
    13:00:44.0539 0x0f70 AppIDSvc - ok
    13:00:44.0617 0x0f70 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
    13:00:44.0621 0x0f70 Appinfo - ok
    13:00:44.0706 0x0f70 [ D2B87FC03BE28CD0B33C2B5C1119FD8E, 97EB74CB7F62C0D06D45CB250E3A90657A0F107C2FC20738FF6B2C87B0240080 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:00:44.0710 0x0f70 Apple Mobile Device - ok
    13:00:44.0777 0x0f70 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
    13:00:44.0784 0x0f70 AppMgmt - ok
    13:00:44.0841 0x0f70 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
    13:00:44.0845 0x0f70 arc - ok
    13:00:44.0876 0x0f70 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
    13:00:44.0882 0x0f70 arcsas - ok
    13:00:45.0065 0x0f70 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    13:00:45.0069 0x0f70 aspnet_state - ok
    13:00:45.0131 0x0f70 [ EFDEF61C488A193986D4672658E91532, B2E97542F7C608937005A2ABFA10F7FD8F3E8F1AB3FBE621772E41048BBDDDBE ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
    13:00:45.0133 0x0f70 aswHwid - ok
    13:00:45.0170 0x0f70 [ 91AAF4792987B43C0653D74516F092C8, DFFB5D0BA6537E2B6A45292B8A2B566F848D54A2FB54017711236E2D3BCBEBBE ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    13:00:45.0174 0x0f70 aswMonFlt - ok
    13:00:45.0195 0x0f70 [ 8C8FEC9F50898BB814BDFB5F5B2D566C, C72472C413550144E10A995A1CF28EB68519B147BD7AE6DF195512014083F9A8 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
    13:00:45.0200 0x0f70 aswRdr - ok
    13:00:45.0218 0x0f70 [ 2DB91CE80C367ACDD1331DE9B1E3EAEF, 7AF35FBA1DB6A44928A6DF554E9428C3E21191B376756718832FCD66F9F9D07C ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
    13:00:45.0223 0x0f70 aswRvrt - ok
    13:00:45.0302 0x0f70 [ 83DF5B3DE1C6527972946CDB328446F7, F4CA80903EE6FCB7E5A7B0E989692B6B5177CE03D3BFFE6A93D53C8B364EE833 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    13:00:45.0331 0x0f70 aswSnx - ok
    13:00:45.0382 0x0f70 [ CB2B9FBFF7A3104A6AA60E797156800F, CFFA414258FB793CB34344A5B398335554F4A1BB22B26C843939D58CF53F3DB5 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    13:00:45.0397 0x0f70 aswSP - ok
    13:00:45.0429 0x0f70 [ A5F0A2EB182C8A137E2C43CB4109EC1E, 0A95F497FCB51CC1F36D740833FD4766A42C287A34A8E0FA9078F1533AD9D75E ] aswStm C:\Windows\system32\drivers\aswStm.sys
    13:00:45.0435 0x0f70 aswStm - ok
    13:00:45.0487 0x0f70 [ D45875D018F9FB9BF19B976AD8791DE9, 9AA70417A9AAFF5515C6B1FFADD563FBDC0BC62AA0B9FDA8A771E67203C12270 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
    13:00:45.0495 0x0f70 aswVmm - ok
    13:00:45.0549 0x0f70 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    13:00:45.0551 0x0f70 AsyncMac - ok
    13:00:45.0602 0x0f70 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
    13:00:45.0604 0x0f70 atapi - ok
    13:00:45.0750 0x0f70 [ 257C58CDDBCB02FD38675ED6DF76037D, 09BF2AF62EE042978D17E847F64848DD0357DA8C7BD62E0A0878E96EF348B976 ] athur C:\Windows\system32\DRIVERS\athur.sys
    13:00:45.0802 0x0f70 athur - ok
    13:00:45.0895 0x0f70 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    13:00:45.0914 0x0f70 AudioEndpointBuilder - ok
    13:00:45.0954 0x0f70 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
    13:00:45.0973 0x0f70 Audiosrv - ok
    13:00:46.0065 0x0f70 [ 54236E79A44F909612391C8A2D70D512, B0DF5BCC4F90AF087D0306F8D81F90B2CAE0176813E3AA6A7D5460F7878677CD ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    13:00:46.0078 0x0f70 avast! Antivirus - ok
    13:00:46.0338 0x0f70 [ E5CA07C1A5A4C7095FC8937D84B37243, A881B253767305ED181DB0A270C3D6CFC5FA2293F1BB050793289DD86B1C20BB ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    13:00:46.0446 0x0f70 AvastVBoxSvc - ok
    13:00:46.0531 0x0f70 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
    13:00:46.0536 0x0f70 AxInstSV - ok
    13:00:46.0620 0x0f70 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
    13:00:46.0635 0x0f70 b06bdrv - ok
    13:00:46.0703 0x0f70 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
    13:00:46.0711 0x0f70 b57nd60x - ok
    13:00:46.0775 0x0f70 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
    13:00:46.0780 0x0f70 BDESVC - ok
    13:00:46.0833 0x0f70 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
    13:00:46.0834 0x0f70 Beep - ok
    13:00:46.0924 0x0f70 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
    13:00:46.0943 0x0f70 BFE - ok
    13:00:47.0020 0x0f70 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\system32\qmgr.dll
    13:00:47.0045 0x0f70 BITS - ok
    13:00:47.0106 0x0f70 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    13:00:47.0108 0x0f70 blbdrive - ok
    13:00:47.0199 0x0f70 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    13:00:47.0214 0x0f70 Bonjour Service - ok
    13:00:47.0266 0x0f70 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    13:00:47.0271 0x0f70 bowser - ok
    13:00:47.0300 0x0f70 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    13:00:47.0302 0x0f70 BrFiltLo - ok
    13:00:47.0353 0x0f70 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    13:00:47.0355 0x0f70 BrFiltUp - ok
    13:00:47.0413 0x0f70 [ 77361D72A04F18809D0EFB6CCEB74D4B, 55E7DB65BB29FF421F138CDFF05E5ECFFC7C8862FAA68F6179A3BA9D6B69AE64 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    13:00:47.0417 0x0f70 BridgeMP - ok
    13:00:47.0481 0x0f70 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
    13:00:47.0487 0x0f70 Browser - ok
    13:00:47.0564 0x0f70 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    13:00:47.0578 0x0f70 Brserid - ok
    13:00:47.0619 0x0f70 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    13:00:47.0624 0x0f70 BrSerWdm - ok
    13:00:47.0658 0x0f70 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    13:00:47.0662 0x0f70 BrUsbMdm - ok
    13:00:47.0692 0x0f70 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    13:00:47.0695 0x0f70 BrUsbSer - ok
    13:00:47.0839 0x0f70 [ DEAC404F82D2B6391278296027506AAC, DB8E1A497BE1B9E91C5E874D125687F7C845AEBDDE91247262BDF73BDED79F5E ] BT Help Wizard C:\Program Files\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
    13:00:47.0850 0x0f70 BT Help Wizard - ok
    13:00:47.0880 0x0f70 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    13:00:47.0883 0x0f70 BTHMODEM - ok
    13:00:47.0949 0x0f70 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
    13:00:47.0953 0x0f70 bthserv - ok
    13:00:48.0011 0x0f70 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    13:00:48.0017 0x0f70 cdfs - ok
    13:00:48.0081 0x0f70 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    13:00:48.0085 0x0f70 cdrom - ok
    13:00:48.0145 0x0f70 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
    13:00:48.0150 0x0f70 CertPropSvc - ok
    13:00:48.0216 0x0f70 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
    13:00:48.0219 0x0f70 circlass - ok
    13:00:48.0287 0x0f70 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
    13:00:48.0296 0x0f70 CLFS - ok
    13:00:48.0367 0x0f70 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:00:48.0371 0x0f70 clr_optimization_v2.0.50727_32 - ok
    13:00:48.0440 0x0f70 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    13:00:48.0445 0x0f70 clr_optimization_v4.0.30319_32 - ok
    13:00:48.0499 0x0f70 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    13:00:48.0500 0x0f70 CmBatt - ok
    13:00:48.0526 0x0f70 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    13:00:48.0528 0x0f70 cmdide - ok
    13:00:48.0651 0x0f70 [ E5ADEEF2C0DB43964223F408F1FCC97E, BD223D19DA8B8F22AE503E65C33447BE86E9145E49E69B8A267FD738622D7523 ] cmuda C:\Windows\system32\drivers\cmuda.sys
    13:00:48.0700 0x0f70 cmuda - ok
    13:00:48.0783 0x0f70 [ 3051724F223EA48968B19567DE2A81F4, DCC27DE1B2B35866FC6DBDE95A368E7D0D346B6C3F31D0BACA63DD39B0A8874E ] CNG C:\Windows\system32\Drivers\cng.sys
    13:00:48.0796 0x0f70 CNG - ok
    13:00:48.0854 0x0f70 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    13:00:48.0856 0x0f70 Compbatt - ok
    13:00:48.0900 0x0f70 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    13:00:48.0902 0x0f70 CompositeBus - ok
    13:00:48.0928 0x0f70 COMSysApp - ok
    13:00:48.0972 0x0f70 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    13:00:48.0975 0x0f70 crcdisk - ok
    13:00:49.0069 0x0f70 [ 49474B3E37969AF4B5C076F42B623AFF, BDA6B57E9B60EF1B67C74099263D33A367AAA035667239F76AB8B268FD3E8F23 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    13:00:49.0076 0x0f70 CryptSvc - ok
    13:00:49.0140 0x0f70 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
    13:00:49.0157 0x0f70 CSC - ok
    13:00:49.0220 0x0f70 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
    13:00:49.0241 0x0f70 CscService - ok
    13:00:49.0396 0x0f70 [ ED002F233AB7E89B3AD2D47DBD177014, 2CC6C0FEF655F710B558A714F607BB7E4A44C7E6492F7F8917E45DA270A23EE1 ] ctxS51 C:\Windows\system32\DRIVERS\ctxS51.sys
    13:00:49.0460 0x0f70 ctxS51 - ok
    13:00:49.0549 0x0f70 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
    13:00:49.0571 0x0f70 DcomLaunch - ok
    13:00:49.0636 0x0f70 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
    13:00:49.0648 0x0f70 defragsvc - ok
    13:00:49.0709 0x0f70 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    13:00:49.0713 0x0f70 DfsC - ok
    13:00:49.0773 0x0f70 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
    13:00:49.0785 0x0f70 Dhcp - ok
    13:00:49.0932 0x0f70 [ E95DE5B790B2D16706DAC8472E51F31A, 9D7A72742D369B9F0E4ACEC9C1850D0D60E975AEBEFF5BA06B954EA3AB3E9FF6 ] DiagTrack C:\Windows\system32\diagtrack.dll
    13:00:49.0964 0x0f70 DiagTrack - ok
    13:00:50.0000 0x0f70 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
    13:00:50.0003 0x0f70 discache - ok
    13:00:50.0060 0x0f70 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
    13:00:50.0063 0x0f70 Disk - ok
    13:00:50.0119 0x0f70 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    13:00:50.0124 0x0f70 dmvsc - ok
    13:00:50.0195 0x0f70 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
    13:00:50.0203 0x0f70 Dnscache - ok
    13:00:50.0268 0x0f70 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
    13:00:50.0281 0x0f70 dot3svc - ok
    13:00:50.0350 0x0f70 [ B5E479EB83707DD698F66953E922042C, 82891A4699F180A20EB25A0EC49A7E008B007A374BAA3279483AC1C95D125FE8 ] dot4 C:\Windows\system32\DRIVERS\Dot4.sys
    13:00:50.0356 0x0f70 dot4 - ok
    13:00:50.0421 0x0f70 [ CAEFD09B6A6249C53A67D55A9A9FCABF, A76C951EA8A830E5BA22D8D393A946BBAEEDB76478539F647E58199B383F786B ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
    13:00:50.0423 0x0f70 Dot4Print - ok
    13:00:50.0472 0x0f70 [ CF491FF38D62143203C065260567E2F7, 4315FD8FC88CF627EBE469A2DF0F280B17C95D3004FC7A93D6F8E47F0D91A037 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
    13:00:50.0477 0x0f70 dot4usb - ok
    13:00:50.0544 0x0f70 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
    13:00:50.0553 0x0f70 DPS - ok
    13:00:50.0628 0x0f70 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    13:00:50.0630 0x0f70 drmkaud - ok
    13:00:50.0718 0x0f70 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    13:00:50.0744 0x0f70 DXGKrnl - ok
    13:00:50.0808 0x0f70 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
    13:00:50.0815 0x0f70 EapHost - ok
    13:00:51.0045 0x0f70 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
    13:00:51.0144 0x0f70 ebdrv - ok
    13:00:51.0225 0x0f70 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] EFS C:\Windows\System32\lsass.exe
    13:00:51.0231 0x0f70 EFS - ok
    13:00:51.0340 0x0f70 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    13:00:51.0359 0x0f70 ehRecvr - ok
    13:00:51.0383 0x0f70 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
    13:00:51.0387 0x0f70 ehSched - ok
    13:00:51.0471 0x0f70 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    13:00:51.0488 0x0f70 elxstor - ok
    13:00:51.0512 0x0f70 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    13:00:51.0514 0x0f70 ErrDev - ok
    13:00:51.0590 0x0f70 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
    13:00:51.0606 0x0f70 EventSystem - ok
    13:00:51.0671 0x0f70 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
    13:00:51.0677 0x0f70 exfat - ok
    13:00:51.0704 0x0f70 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    13:00:51.0709 0x0f70 fastfat - ok
    13:00:51.0799 0x0f70 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
    13:00:51.0823 0x0f70 Fax - ok
    13:00:51.0883 0x0f70 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    13:00:51.0885 0x0f70 fdc - ok
    13:00:51.0931 0x0f70 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
    13:00:51.0936 0x0f70 fdPHost - ok
    13:00:51.0956 0x0f70 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
    13:00:51.0960 0x0f70 FDResPub - ok
    13:00:52.0036 0x0f70 [ 4970BB6D1E2C7C22E8922DE4412DBB60, BD6DC6BA151106940D23CDE3D2CB7EFE54CD7C1E427099DE3C32038E0B718819 ] FETNDIS C:\Windows\system32\DRIVERS\fetn62.sys
    13:00:52.0039 0x0f70 FETNDIS - ok
    13:00:52.0061 0x0f70 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    13:00:52.0067 0x0f70 FileInfo - ok
    13:00:52.0098 0x0f70 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    13:00:52.0102 0x0f70 Filetrace - ok
    13:00:52.0158 0x0f70 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    13:00:52.0161 0x0f70 flpydisk - ok
    13:00:52.0204 0x0f70 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    13:00:52.0211 0x0f70 FltMgr - ok
    13:00:52.0301 0x0f70 [ 6EC244F102C7F129678E5F7309D1366D, C30DA201AC623DA440B0A0716534557C578218C2A591FA8893CCCBD96B4518F9 ] FontCache C:\Windows\system32\FntCache.dll
    13:00:52.0344 0x0f70 FontCache - ok
    13:00:52.0441 0x0f70 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    13:00:52.0444 0x0f70 FontCache3.0.0.0 - ok
    13:00:52.0495 0x0f70 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    13:00:52.0498 0x0f70 FsDepends - ok
    13:00:52.0554 0x0f70 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    13:00:52.0556 0x0f70 Fs_Rec - ok
    13:00:52.0628 0x0f70 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    13:00:52.0635 0x0f70 fvevol - ok
    13:00:52.0701 0x0f70 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    13:00:52.0704 0x0f70 gagp30kx - ok
    13:00:52.0776 0x0f70 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:00:52.0778 0x0f70 GEARAspiWDM - ok
    13:00:52.0877 0x0f70 [ C6B9F48D46C13389EA2AF2065AE66612, BFB2CFF1B9BFE55E027F01C3714DF9BF8E0C5CFD0EF0BF6B8DA029D98C1288D7 ] GoToAssist C:\Program Files\Citrix\GoToAssist\896\g2aservice.exe
    13:00:52.0881 0x0f70 GoToAssist - ok
    13:00:52.0976 0x0f70 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
    13:00:53.0010 0x0f70 gpsvc - ok
    13:00:53.0073 0x0f70 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    13:00:53.0077 0x0f70 hcw85cir - ok
    13:00:53.0110 0x0f70 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    13:00:53.0118 0x0f70 HDAudBus - ok
    13:00:53.0145 0x0f70 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    13:00:53.0148 0x0f70 HidBatt - ok
    13:00:53.0176 0x0f70 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
    13:00:53.0182 0x0f70 HidBth - ok
    13:00:53.0238 0x0f70 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
    13:00:53.0242 0x0f70 HidIr - ok
    13:00:53.0305 0x0f70 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\System32\hidserv.dll
    13:00:53.0314 0x0f70 hidserv - ok
    13:00:53.0373 0x0f70 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    13:00:53.0376 0x0f70 HidUsb - ok
    13:00:53.0438 0x0f70 [ D8CA09A59B330F0968E2AC4DD957060E, 30A4835BDB2719A117E0506BD3E7DB674C78FE0765DFFAB0C9EE8CDA92ADF3C0 ] hitmanpro37 C:\Windows\system32\drivers\hitmanpro37.sys
    13:00:53.0443 0x0f70 hitmanpro37 - ok
    13:00:53.0509 0x0f70 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
    13:00:53.0523 0x0f70 hkmsvc - ok
    13:00:53.0565 0x0f70 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    13:00:53.0584 0x0f70 HomeGroupListener - ok
    13:00:53.0653 0x0f70 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    13:00:53.0675 0x0f70 HomeGroupProvider - ok
    13:00:53.0755 0x0f70 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    13:00:53.0761 0x0f70 HpSAMD - ok
    13:00:53.0848 0x0f70 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
    13:00:53.0875 0x0f70 HTTP - ok
    13:00:53.0912 0x0f70 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    13:00:53.0916 0x0f70 hwpolicy - ok
    13:00:53.0981 0x0f70 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    13:00:53.0987 0x0f70 i8042prt - ok
    13:00:54.0065 0x0f70 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    13:00:54.0084 0x0f70 iaStorV - ok
    13:00:54.0222 0x0f70 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:00:54.0268 0x0f70 idsvc - ok
    13:00:54.0312 0x0f70 IEEtwCollectorService - ok
    13:00:54.0380 0x0f70 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
    13:00:54.0384 0x0f70 iirsp - ok
    13:00:54.0491 0x0f70 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
    13:00:54.0529 0x0f70 IKEEXT - ok
    13:00:54.0597 0x0f70 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
    13:00:54.0600 0x0f70 intelide - ok
    13:00:54.0657 0x0f70 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    13:00:54.0663 0x0f70 intelppm - ok
    13:00:54.0719 0x0f70 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    13:00:54.0733 0x0f70 IPBusEnum - ok
    13:00:54.0756 0x0f70 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:00:54.0761 0x0f70 IpFilterDriver - ok
    13:00:54.0862 0x0f70 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    13:00:54.0896 0x0f70 iphlpsvc - ok
    13:00:54.0960 0x0f70 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    13:00:54.0965 0x0f70 IPMIDRV - ok
    13:00:55.0012 0x0f70 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    13:00:55.0020 0x0f70 IPNAT - ok
    13:00:55.0126 0x0f70 [ 1323570D55CE9D70D1F10144A8249D20, 5876576289CCDC994D6BC8D1B8D29EFFF66811EBECC577F8C2F9BDC2E59ADFBC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    13:00:55.0154 0x0f70 iPod Service - ok
    13:00:55.0190 0x0f70 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
    13:00:55.0193 0x0f70 IRENUM - ok
    13:00:55.0248 0x0f70 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
    13:00:55.0250 0x0f70 isapnp - ok
    13:00:55.0312 0x0f70 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    13:00:55.0322 0x0f70 iScsiPrt - ok
    13:00:55.0388 0x0f70 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    13:00:55.0391 0x0f70 kbdclass - ok
    13:00:55.0424 0x0f70 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    13:00:55.0428 0x0f70 kbdhid - ok
    13:00:55.0457 0x0f70 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] KeyIso C:\Windows\system32\lsass.exe
    13:00:55.0463 0x0f70 KeyIso - ok
    13:00:55.0518 0x0f70 [ 6DD2A1064DD8AFBED22E71176E2AF59B, 915F36860DAA72DA89E906A7F6F255A854A2A91EEA536A7C2EDB4A63250F66CC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    13:00:55.0522 0x0f70 KSecDD - ok
    13:00:55.0553 0x0f70 [ 76C0D35167B1369C68388FEDB56A3048, 2788962AB21DBB0A4D130AE5F822E9FDB96D7FF6320E2798714BF18BCB9CAE4F ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    13:00:55.0559 0x0f70 KSecPkg - ok
    13:00:55.0627 0x0f70 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
    13:00:55.0644 0x0f70 KtmRm - ok
    13:00:55.0720 0x0f70 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\System32\srvsvc.dll
    13:00:55.0735 0x0f70 LanmanServer - ok
    13:00:55.0802 0x0f70 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    13:00:55.0814 0x0f70 LanmanWorkstation - ok
    13:00:55.0892 0x0f70 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    13:00:55.0895 0x0f70 lltdio - ok
    13:00:55.0950 0x0f70 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    13:00:55.0961 0x0f70 lltdsvc - ok
    13:00:55.0985 0x0f70 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
    13:00:55.0992 0x0f70 lmhosts - ok
    13:00:56.0041 0x0f70 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    13:00:56.0045 0x0f70 LSI_FC - ok
    13:00:56.0101 0x0f70 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    13:00:56.0105 0x0f70 LSI_SAS - ok
    13:00:56.0141 0x0f70 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    13:00:56.0146 0x0f70 LSI_SAS2 - ok
    13:00:56.0197 0x0f70 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    13:00:56.0201 0x0f70 LSI_SCSI - ok
    13:00:56.0246 0x0f70 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
    13:00:56.0250 0x0f70 luafv - ok
    13:00:56.0306 0x0f70 [ 3C21F7E95FFCA33EF1A83AA33D9663CF, C843116969E1CDBA45AEF98B33BEDBA9200C62CDB52CD7056CE6768A1EF3A637 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    13:00:56.0309 0x0f70 MBAMProtector - ok
    13:00:56.0438 0x0f70 [ 2B983F067AEE3F9EB4DF5E97F45D21D1, 0B9ED0E91FF01A5445927650113E320C3C0EA16F1401AA55A509DDBF704DF22F ] MBAMService C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
    13:00:56.0473 0x0f70 MBAMService - ok
    13:00:56.0527 0x0f70 [ 167BCE00050B19DA25065335645A3C7A, 5CD3EA3E09B4ED318AB6151F56A17B0E4C8CE32DBB77342A39DEF53908F7D2F0 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    13:00:56.0531 0x0f70 MBAMWebAccessControl - ok
    13:00:56.0592 0x0f70 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    13:00:56.0603 0x0f70 Mcx2Svc - ok
    13:00:56.0656 0x0f70 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
    13:00:56.0660 0x0f70 megasas - ok
    13:00:56.0700 0x0f70 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    13:00:56.0708 0x0f70 MegaSR - ok
    13:00:56.0765 0x0f70 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
    13:00:56.0773 0x0f70 MMCSS - ok
    13:00:56.0801 0x0f70 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
    13:00:56.0804 0x0f70 Modem - ok
    13:00:56.0858 0x0f70 [ 25483F9D590D5F00BD951E1181453EC2, 9C88A246B1DF44DA19265CFDEEE7F162B7B11FA1A2C127403D02D0A79BFEC494 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
    13:00:56.0861 0x0f70 MODEMCSA - ok
    13:00:56.0914 0x0f70 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    13:00:56.0916 0x0f70 monitor - ok
    13:00:56.0955 0x0f70 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    13:00:56.0958 0x0f70 mouclass - ok
    13:00:56.0979 0x0f70 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    13:00:56.0982 0x0f70 mouhid - ok
    13:00:57.0041 0x0f70 [ 644905A19D0F37F2233DFCE53BC4BC19, F52CB40AA0FD1EBF8CBF0F3BFB20C47142C637719840877FB93F10D085EB8C2B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    13:00:57.0045 0x0f70 mountmgr - ok
    13:00:57.0165 0x0f70 [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    13:00:57.0170 0x0f70 MozillaMaintenance - ok
    13:00:57.0227 0x0f70 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
    13:00:57.0233 0x0f70 mpio - ok
    13:00:57.0275 0x0f70 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    13:00:57.0279 0x0f70 mpsdrv - ok
    13:00:57.0362 0x0f70 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
    13:00:57.0392 0x0f70 MpsSvc - ok
    13:00:57.0490 0x0f70 [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
    13:00:57.0492 0x0f70 MREMP50 - ok
    13:00:57.0523 0x0f70 [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
    13:00:57.0525 0x0f70 MRESP50 - ok
    13:00:57.0565 0x0f70 [ 03F899F521D2AAED1C55008F734DF252, 4E56A51476A13F5630719018037B1F63DF9ACEA1CFE782AF04E669BD696954C5 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    13:00:57.0572 0x0f70 MRxDAV - ok
    13:00:57.0631 0x0f70 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:00:57.0638 0x0f70 mrxsmb - ok
    13:00:57.0674 0x0f70 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:00:57.0683 0x0f70 mrxsmb10 - ok
    13:00:57.0714 0x0f70 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:00:57.0720 0x0f70 mrxsmb20 - ok
    13:00:57.0770 0x0f70 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
    13:00:57.0774 0x0f70 msahci - ok
    13:00:57.0837 0x0f70 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    13:00:57.0842 0x0f70 msdsm - ok
    13:00:57.0872 0x0f70 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
    13:00:57.0881 0x0f70 MSDTC - ok
    13:00:57.0955 0x0f70 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
    13:00:57.0957 0x0f70 Msfs - ok
    13:00:57.0979 0x0f70 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    13:00:57.0984 0x0f70 mshidkmdf - ok
    13:00:58.0003 0x0f70 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    13:00:58.0005 0x0f70 msisadrv - ok
    13:00:58.0074 0x0f70 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    13:00:58.0083 0x0f70 MSiSCSI - ok
    13:00:58.0100 0x0f70 msiserver - ok
    13:00:58.0165 0x0f70 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    13:00:58.0167 0x0f70 MSKSSRV - ok
    13:00:58.0187 0x0f70 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    13:00:58.0191 0x0f70 MSPCLOCK - ok
    13:00:58.0229 0x0f70 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    13:00:58.0232 0x0f70 MSPQM - ok
    13:00:58.0282 0x0f70 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    13:00:58.0294 0x0f70 MsRPC - ok
    13:00:58.0329 0x0f70 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    13:00:58.0333 0x0f70 mssmbios - ok
    13:00:58.0370 0x0f70 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    13:00:58.0373 0x0f70 MSTEE - ok
    13:00:58.0431 0x0f70 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    13:00:58.0434 0x0f70 MTConfig - ok
    13:00:58.0459 0x0f70 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
    13:00:58.0464 0x0f70 Mup - ok
    13:00:58.0539 0x0f70 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
    13:00:58.0567 0x0f70 napagent - ok
    13:00:58.0651 0x0f70 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    13:00:58.0665 0x0f70 NativeWifiP - ok
    13:00:58.0757 0x0f70 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
    13:00:58.0781 0x0f70 NDIS - ok
    13:00:58.0833 0x0f70 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    13:00:58.0836 0x0f70 NdisCap - ok
    13:00:58.0872 0x0f70 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    13:00:58.0874 0x0f70 NdisTapi - ok
    13:00:58.0919 0x0f70 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    13:00:58.0925 0x0f70 Ndisuio - ok
    13:00:58.0953 0x0f70 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    13:00:58.0958 0x0f70 NdisWan - ok
    13:00:58.0981 0x0f70 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    13:00:58.0985 0x0f70 NDProxy - ok
    13:00:59.0015 0x0f70 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    13:00:59.0018 0x0f70 NetBIOS - ok
    13:00:59.0078 0x0f70 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    13:00:59.0085 0x0f70 NetBT - ok
    13:00:59.0107 0x0f70 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] Netlogon C:\Windows\system32\lsass.exe
    13:00:59.0114 0x0f70 Netlogon - ok
    13:00:59.0179 0x0f70 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
    13:00:59.0200 0x0f70 Netman - ok
    13:00:59.0252 0x0f70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:00:59.0259 0x0f70 NetMsmqActivator - ok
    13:00:59.0291 0x0f70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:00:59.0296 0x0f70 NetPipeActivator - ok
    13:00:59.0370 0x0f70 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
    13:00:59.0387 0x0f70 netprofm - ok
    13:00:59.0420 0x0f70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:00:59.0426 0x0f70 NetTcpActivator - ok
    13:00:59.0447 0x0f70 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    13:00:59.0454 0x0f70 NetTcpPortSharing - ok
    13:00:59.0517 0x0f70 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    13:00:59.0521 0x0f70 nfrd960 - ok
    13:00:59.0571 0x0f70 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
    13:00:59.0585 0x0f70 NlaSvc - ok
    13:00:59.0610 0x0f70 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    13:00:59.0613 0x0f70 Npfs - ok
    13:00:59.0662 0x0f70 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
    13:00:59.0669 0x0f70 nsi - ok
    13:00:59.0725 0x0f70 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    13:00:59.0728 0x0f70 nsiproxy - ok
    13:00:59.0852 0x0f70 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    13:00:59.0893 0x0f70 Ntfs - ok
    13:00:59.0957 0x0f70 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
    13:00:59.0958 0x0f70 Null - ok
    13:01:00.0015 0x0f70 [ D509EF6E99D1B55887FDC0CB61FD5A42, 9C2478FB94FD1C47FDE73AB84B829661434F7FA4C2970DD960556DFE92C70D53 ] nvmpu401 C:\Windows\system32\drivers\nvmpu401.sys
    13:01:00.0017 0x0f70 nvmpu401 - ok
    13:01:00.0085 0x0f70 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
    13:01:00.0091 0x0f70 nvraid - ok
    13:01:00.0131 0x0f70 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
    13:01:00.0138 0x0f70 nvstor - ok
    13:01:00.0192 0x0f70 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    13:01:00.0199 0x0f70 nv_agp - ok
    13:01:00.0236 0x0f70 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    13:01:00.0240 0x0f70 ohci1394 - ok
    13:01:00.0303 0x0f70 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    13:01:00.0319 0x0f70 p2pimsvc - ok
    13:01:00.0391 0x0f70 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
    13:01:00.0410 0x0f70 p2psvc - ok
    13:01:00.0479 0x0f70 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
    13:01:00.0484 0x0f70 Parport - ok
    13:01:00.0535 0x0f70 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
    13:01:00.0539 0x0f70 partmgr - ok
    13:01:00.0585 0x0f70 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
    13:01:00.0588 0x0f70 Parvdm - ok
    13:01:00.0648 0x0f70 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
    13:01:00.0663 0x0f70 PcaSvc - ok
    13:01:00.0689 0x0f70 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
    13:01:00.0696 0x0f70 pci - ok
    13:01:00.0756 0x0f70 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
    13:01:00.0758 0x0f70 pciide - ok
    13:01:00.0824 0x0f70 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    13:01:00.0832 0x0f70 pcmcia - ok
    13:01:00.0896 0x0f70 [ 5B6C11DE7E839C05248CED8825470FEF, DB57DFD02C18461B1B383DF759730FFEE9C7FA8577E1679FD4740A590303EE79 ] pcouffin C:\Windows\system32\Drivers\pcouffin.sys
    13:01:00.0899 0x0f70 pcouffin - ok
    13:01:00.0931 0x0f70 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
    13:01:00.0935 0x0f70 pcw - ok
    13:01:01.0030 0x0f70 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    13:01:01.0049 0x0f70 PEAUTH - ok
    13:01:01.0163 0x0f70 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    13:01:01.0203 0x0f70 PeerDistSvc - ok
    13:01:01.0375 0x0f70 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
    13:01:01.0432 0x0f70 pla - ok
    13:01:01.0524 0x0f70 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    13:01:01.0543 0x0f70 PlugPlay - ok
    13:01:01.0569 0x0f70 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    13:01:01.0578 0x0f70 PNRPAutoReg - ok
    13:01:01.0612 0x0f70 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    13:01:01.0627 0x0f70 PNRPsvc - ok
    13:01:01.0703 0x0f70 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    13:01:01.0723 0x0f70 PolicyAgent - ok
    13:01:01.0786 0x0f70 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
    13:01:01.0798 0x0f70 Power - ok
    13:01:01.0856 0x0f70 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    13:01:01.0862 0x0f70 PptpMiniport - ok
    13:01:01.0891 0x0f70 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
    13:01:01.0895 0x0f70 Processor - ok
    13:01:01.0947 0x0f70 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
    13:01:01.0958 0x0f70 ProfSvc - ok
    13:01:01.0981 0x0f70 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] ProtectedStorage C:\Windows\system32\lsass.exe
    13:01:01.0994 0x0f70 ProtectedStorage - ok
    13:01:02.0036 0x0f70 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    13:01:02.0041 0x0f70 Psched - ok
    13:01:02.0166 0x0f70 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    13:01:02.0209 0x0f70 ql2300 - ok
    13:01:02.0250 0x0f70 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    13:01:02.0254 0x0f70 ql40xx - ok
    13:01:02.0320 0x0f70 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
    13:01:02.0334 0x0f70 QWAVE - ok
    13:01:02.0386 0x0f70 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    13:01:02.0389 0x0f70 QWAVEdrv - ok
    13:01:02.0408 0x0f70 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    13:01:02.0414 0x0f70 RasAcd - ok
    13:01:02.0476 0x0f70 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    13:01:02.0479 0x0f70 RasAgileVpn - ok
    13:01:02.0541 0x0f70 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
    13:01:02.0551 0x0f70 RasAuto - ok
    13:01:02.0583 0x0f70 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:01:02.0587 0x0f70 Rasl2tp - ok
    13:01:02.0655 0x0f70 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
    13:01:02.0674 0x0f70 RasMan - ok
    13:01:02.0711 0x0f70 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    13:01:02.0715 0x0f70 RasPppoe - ok
    13:01:02.0765 0x0f70 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    13:01:02.0769 0x0f70 RasSstp - ok
    13:01:02.0802 0x0f70 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    13:01:02.0812 0x0f70 rdbss - ok
    13:01:02.0839 0x0f70 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    13:01:02.0842 0x0f70 rdpbus - ok
    13:01:02.0866 0x0f70 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:01:02.0870 0x0f70 RDPCDD - ok
    13:01:02.0938 0x0f70 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    13:01:02.0944 0x0f70 RDPDR - ok
    13:01:02.0991 0x0f70 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    13:01:02.0996 0x0f70 RDPENCDD - ok
    13:01:03.0066 0x0f70 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    13:01:03.0068 0x0f70 RDPREFMP - ok
    13:01:03.0173 0x0f70 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
    13:01:03.0177 0x0f70 RdpVideoMiniport - ok
    13:01:03.0243 0x0f70 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    13:01:03.0254 0x0f70 RDPWD - ok
    13:01:03.0291 0x0f70 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    13:01:03.0297 0x0f70 rdyboost - ok
    13:01:03.0360 0x0f70 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
    13:01:03.0369 0x0f70 RemoteAccess - ok
    13:01:03.0423 0x0f70 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
    13:01:03.0437 0x0f70 RemoteRegistry - ok
    13:01:03.0468 0x0f70 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    13:01:03.0482 0x0f70 RpcEptMapper - ok
    13:01:03.0539 0x0f70 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
    13:01:03.0544 0x0f70 RpcLocator - ok
    13:01:03.0587 0x0f70 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\System32\rpcss.dll
    13:01:03.0617 0x0f70 RpcSs - ok
    13:01:03.0680 0x0f70 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    13:01:03.0686 0x0f70 rspndr - ok
    13:01:03.0740 0x0f70 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    13:01:03.0743 0x0f70 s3cap - ok
    13:01:03.0764 0x0f70 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] SamSs C:\Windows\system32\lsass.exe
    13:01:03.0778 0x0f70 SamSs - ok
    13:01:03.0875 0x0f70 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    13:01:03.0876 0x0f70 SASDIFSV - ok
    13:01:03.0922 0x0f70 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    13:01:03.0928 0x0f70 SASKUTIL - ok
    13:01:03.0968 0x0f70 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    13:01:03.0973 0x0f70 sbp2port - ok
    13:01:04.0029 0x0f70 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    13:01:04.0047 0x0f70 SCardSvr - ok
    13:01:04.0068 0x0f70 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    13:01:04.0072 0x0f70 scfilter - ok
    13:01:04.0177 0x0f70 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
    13:01:04.0209 0x0f70 Schedule - ok
    13:01:04.0242 0x0f70 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
    13:01:04.0246 0x0f70 SCPolicySvc - ok
    13:01:04.0271 0x0f70 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    13:01:04.0285 0x0f70 SDRSVC - ok
    13:01:04.0351 0x0f70 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    13:01:04.0353 0x0f70 secdrv - ok
    13:01:04.0403 0x0f70 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
    13:01:04.0413 0x0f70 seclogon - ok
    13:01:04.0458 0x0f70 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\system32\sens.dll
    13:01:04.0468 0x0f70 SENS - ok
    13:01:04.0518 0x0f70 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    13:01:04.0527 0x0f70 SensrSvc - ok
    13:01:04.0575 0x0f70 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    13:01:04.0578 0x0f70 Serenum - ok
    13:01:04.0664 0x0f70 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
    13:01:04.0667 0x0f70 Serial - ok
    13:01:04.0689 0x0f70 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
    13:01:04.0691 0x0f70 sermouse - ok
    13:01:04.0773 0x0f70 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
    13:01:04.0786 0x0f70 SessionEnv - ok
    13:01:04.0833 0x0f70 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    13:01:04.0835 0x0f70 sffdisk - ok
    13:01:04.0873 0x0f70 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    13:01:04.0875 0x0f70 sffp_mmc - ok
    13:01:04.0909 0x0f70 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    13:01:04.0912 0x0f70 sffp_sd - ok
    13:01:04.0930 0x0f70 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    13:01:04.0935 0x0f70 sfloppy - ok
    13:01:05.0006 0x0f70 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
    13:01:05.0022 0x0f70 SharedAccess - ok
    13:01:05.0088 0x0f70 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    13:01:05.0108 0x0f70 ShellHWDetection - ok
    13:01:05.0168 0x0f70 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
    13:01:05.0174 0x0f70 sisagp - ok
    13:01:05.0208 0x0f70 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    13:01:05.0211 0x0f70 SiSRaid2 - ok
    13:01:05.0263 0x0f70 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    13:01:05.0268 0x0f70 SiSRaid4 - ok
    13:01:05.0304 0x0f70 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    13:01:05.0308 0x0f70 Smb - ok
    13:01:05.0376 0x0f70 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    13:01:05.0386 0x0f70 SNMPTRAP - ok
    13:01:05.0436 0x0f70 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
    13:01:05.0439 0x0f70 spldr - ok
    13:01:05.0515 0x0f70 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
    13:01:05.0535 0x0f70 Spooler - ok
    13:01:05.0753 0x0f70 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
    13:01:05.0865 0x0f70 sppsvc - ok
    13:01:05.0922 0x0f70 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
    13:01:05.0934 0x0f70 sppuinotify - ok
    13:01:06.0008 0x0f70 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
    13:01:06.0020 0x0f70 srv - ok
    13:01:06.0056 0x0f70 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    13:01:06.0069 0x0f70 srv2 - ok
    13:01:06.0098 0x0f70 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    13:01:06.0105 0x0f70 srvnet - ok
    13:01:06.0165 0x0f70 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    13:01:06.0178 0x0f70 SSDPSRV - ok
    13:01:06.0232 0x0f70 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
    13:01:06.0243 0x0f70 SstpSvc - ok
    13:01:06.0299 0x0f70 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
    13:01:06.0301 0x0f70 stexstor - ok
    13:01:06.0366 0x0f70 [ EDB05BD63148796F23EA78506404A538, 8EBF623D3DEB6CCAC75AAFCF8B23271029A28BE29D459088E40FBF109E80AA17 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    13:01:06.0369 0x0f70 StillCam - ok
    13:01:06.0451 0x0f70 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
    13:01:06.0475 0x0f70 StiSvc - ok
    13:01:06.0535 0x0f70 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    13:01:06.0539 0x0f70 storflt - ok
    13:01:06.0567 0x0f70 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
    13:01:06.0573 0x0f70 storvsc - ok
    13:01:06.0624 0x0f70 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    13:01:06.0626 0x0f70 swenum - ok
    13:01:06.0694 0x0f70 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
    13:01:06.0712 0x0f70 swprv - ok
    13:01:06.0770 0x0f70 [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
    13:01:06.0774 0x0f70 Synth3dVsc - ok
    13:01:06.0883 0x0f70 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
    13:01:06.0932 0x0f70 SysMain - ok
    13:01:06.0969 0x0f70 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
    13:01:06.0981 0x0f70 TabletInputService - ok
    13:01:07.0011 0x0f70 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
    13:01:07.0028 0x0f70 TapiSrv - ok
    13:01:07.0057 0x0f70 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
    13:01:07.0069 0x0f70 TBS - ok
    13:01:07.0186 0x0f70 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    13:01:07.0229 0x0f70 Tcpip - ok
    13:01:07.0325 0x0f70 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    13:01:07.0372 0x0f70 TCPIP6 - ok
    13:01:07.0444 0x0f70 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    13:01:07.0447 0x0f70 tcpipreg - ok
    13:01:07.0507 0x0f70 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    13:01:07.0510 0x0f70 TDPIPE - ok
    13:01:07.0566 0x0f70 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    13:01:07.0570 0x0f70 TDTCP - ok
    13:01:07.0623 0x0f70 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    13:01:07.0626 0x0f70 tdx - ok
    13:01:07.0683 0x0f70 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    13:01:07.0686 0x0f70 TermDD - ok
    13:01:07.0734 0x0f70 [ E951866BAC5A23403F62A349EDBB6EEB, BE6FB3C09D1CF8952B4D041F45B4DEE53D78EE7D27A5135012BC92B2F7CFBEA3 ] terminpt C:\Windows\system32\drivers\terminpt.sys
    13:01:07.0736 0x0f70 terminpt - ok
    13:01:07.0814 0x0f70 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
    13:01:07.0839 0x0f70 TermService - ok
    13:01:07.0891 0x0f70 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
    13:01:07.0907 0x0f70 Themes - ok
    13:01:07.0946 0x0f70 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
    13:01:07.0954 0x0f70 THREADORDER - ok
    13:01:07.0991 0x0f70 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
    13:01:08.0001 0x0f70 TrkWks - ok
    13:01:08.0093 0x0f70 [ F2AEE22231046CAD8D2F94D2C0F9BEFB, 6D4068DD104EB80BA87C142276FA25F71336000ECD2679EE985C0436C162C1B0 ] trufos C:\Windows\system32\drivers\trufos.sys
    13:01:08.0115 0x0f70 trufos - ok
    13:01:08.0214 0x0f70 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    13:01:08.0222 0x0f70 TrustedInstaller - ok
    13:01:08.0284 0x0f70 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:01:08.0289 0x0f70 tssecsrv - ok
    13:01:08.0352 0x0f70 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    13:01:08.0356 0x0f70 TsUsbFlt - ok
    13:01:08.0403 0x0f70 [ 01246F0BAAD7B68EC0F472AA41E33282, 51F975AF029AD015576FFFA3E88F5DBB8B40C7CD30ECDEDE8AFABCB08C954199 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    13:01:08.0406 0x0f70 TsUsbGD - ok
    13:01:08.0452 0x0f70 [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
    13:01:08.0459 0x0f70 tsusbhub - ok
    13:01:08.0519 0x0f70 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    13:01:08.0527 0x0f70 tunnel - ok
    13:01:08.0589 0x0f70 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    13:01:08.0592 0x0f70 uagp35 - ok
    13:01:08.0630 0x0f70 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    13:01:08.0642 0x0f70 udfs - ok
    13:01:08.0720 0x0f70 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
    13:01:08.0732 0x0f70 UI0Detect - ok
    13:01:08.0799 0x0f70 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    13:01:08.0804 0x0f70 uliagpkx - ok
    13:01:08.0852 0x0f70 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    13:01:08.0858 0x0f70 umbus - ok
    13:01:08.0891 0x0f70 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
    13:01:08.0896 0x0f70 UmPass - ok
    13:01:08.0981 0x0f70 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
    13:01:09.0005 0x0f70 UmRdpService - ok
    13:01:09.0105 0x0f70 [ 9DB596995A20B8C636ED8763AD942361, 6D8DA7E8EDA1205082730D1A937E6C4D093044F7456A3D6ABCF9B212F8C01772 ] Unchecky C:\Program Files\Unchecky\bin\unchecky_svc.exe
    13:01:09.0115 0x0f70 Unchecky - ok
    13:01:09.0259 0x0f70 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
    13:01:09.0291 0x0f70 upnphost - ok
    13:01:09.0353 0x0f70 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    13:01:09.0359 0x0f70 usbccgp - ok
    13:01:09.0401 0x0f70 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
    13:01:09.0411 0x0f70 usbcir - ok
    13:01:09.0480 0x0f70 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    13:01:09.0484 0x0f70 usbehci - ok
    13:01:09.0520 0x0f70 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    13:01:09.0530 0x0f70 usbhub - ok
    13:01:09.0578 0x0f70 [ A6FB7957EA7AFB1165991E54CE934B74, 1CE83D9E3276AE380F720C7700A17D58A37A2A77FD72DA69EE0C756B88DB3689 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    13:01:09.0582 0x0f70 usbohci - ok
    13:01:09.0632 0x0f70 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
    13:01:09.0636 0x0f70 usbprint - ok
    13:01:09.0700 0x0f70 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:01:09.0706 0x0f70 USBSTOR - ok
    13:01:09.0754 0x0f70 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    13:01:09.0757 0x0f70 usbuhci - ok
    13:01:09.0804 0x0f70 [ DE014425522610BEDCA3821BB8C0F1D5, D6FEA0DF07F89834AEEE8C02CC7FD41068D758B6CCECE2EEE5CF4B9DB646FA1E ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    13:01:09.0811 0x0f70 usbvideo - ok
    13:01:09.0864 0x0f70 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
    13:01:09.0875 0x0f70 UxSms - ok
    13:01:09.0895 0x0f70 [ 1667D76FBF42B24B9DE3E8B0A7CF06BE, AB9FD4F7B007633FEC552D14932CDEB56DBCE56D152C0EDC91FAFD08E636AADC ] VaultSvc C:\Windows\system32\lsass.exe
    13:01:09.0902 0x0f70 VaultSvc - ok
    13:01:10.0042 0x0f70 [ ACC8107C8CA822972D3E70550DCBF07B, 1FFC80E5FA9B971DF6499ACCC57DB6C07D24991101FE663AFB58A6C07FEFB305 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    13:01:10.0053 0x0f70 VBoxAswDrv - ok
    13:01:10.0111 0x0f70 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    13:01:10.0114 0x0f70 vdrvroot - ok
    13:01:10.0192 0x0f70 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
    13:01:10.0243 0x0f70 vds - ok
    13:01:10.0311 0x0f70 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    13:01:10.0316 0x0f70 vga - ok
    13:01:10.0349 0x0f70 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
    13:01:10.0355 0x0f70 VgaSave - ok
    13:01:10.0395 0x0f70 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    13:01:10.0402 0x0f70 vhdmp - ok
    13:01:10.0460 0x0f70 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
    13:01:10.0464 0x0f70 viaagp - ok
    13:01:10.0497 0x0f70 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
    13:01:10.0500 0x0f70 ViaC7 - ok
    13:01:10.0550 0x0f70 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
    13:01:10.0552 0x0f70 viaide - ok
    13:01:10.0620 0x0f70 [ 3467B0D996251DC56A72FC51A536DD6B, 2B4C7D3820FE08400A7791E2556132B902A9BBADC1942DE57077ECB9D21BF47A ] VIRAGTLT C:\Windows\system32\drivers\VIRAGTLT.SYS
    13:01:10.0625 0x0f70 VIRAGTLT - ok
    13:01:10.0655 0x0f70 [ EA37B43E85D1DE7C39D63700664C26F8, 6C4A762CA18EB884335932433512474B0CD44EBBEE6CCA6E41CEAD33A6026AEA ] viritsvclite C:\VEXPLite\viritsvc.exe
    13:01:10.0662 0x0f70 viritsvclite - ok
    13:01:10.0722 0x0f70 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
    13:01:10.0731 0x0f70 vmbus - ok
    13:01:10.0761 0x0f70 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    13:01:10.0765 0x0f70 VMBusHID - ok
    13:01:10.0822 0x0f70 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    13:01:10.0827 0x0f70 volmgr - ok
    13:01:10.0870 0x0f70 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    13:01:10.0883 0x0f70 volmgrx - ok
    13:01:10.0928 0x0f70 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    13:01:10.0942 0x0f70 volsnap - ok
    13:01:10.0998 0x0f70 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    13:01:11.0007 0x0f70 vsmraid - ok
    13:01:11.0133 0x0f70 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
    13:01:11.0180 0x0f70 VSS - ok
    13:01:11.0237 0x0f70 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    13:01:11.0242 0x0f70 vwifibus - ok
    13:01:11.0307 0x0f70 [ 7090D3436EEB4E7DA3373090A23448F7, 3A130B28F2BFA7DCEC8596C4CE4E187B019F5ECF1AAC8DD1BBDE9CBD2428FEC2 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    13:01:11.0314 0x0f70 vwififlt - ok
    13:01:11.0370 0x0f70 [ A3F04CBEA6C2A10E6CB01F8B47611882, 32AFE18B07FECA30BC95831A5DC94C784E543784DF16165334A777DC84E91EF3 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    13:01:11.0388 0x0f70 vwifimp - ok
    13:01:11.0460 0x0f70 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
    13:01:11.0488 0x0f70 W32Time - ok
    13:01:11.0520 0x0f70 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    13:01:11.0523 0x0f70 WacomPen - ok
    13:01:11.0587 0x0f70 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    13:01:11.0591 0x0f70 WANARP - ok
    13:01:11.0606 0x0f70 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    13:01:11.0613 0x0f70 Wanarpv6 - ok
    13:01:11.0754 0x0f70 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    13:01:11.0855 0x0f70 WatAdminSvc - ok
    13:01:12.0091 0x0f70 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
    13:01:12.0139 0x0f70 wbengine - ok
    13:01:12.0183 0x0f70 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    13:01:12.0199 0x0f70 WbioSrvc - ok
    13:01:12.0237 0x0f70 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
    13:01:12.0262 0x0f70 wcncsvc - ok
    13:01:12.0297 0x0f70 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    13:01:12.0316 0x0f70 WcsPlugInService - ok
    13:01:12.0399 0x0f70 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
    13:01:12.0402 0x0f70 Wd - ok
    13:01:12.0493 0x0f70 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    13:01:12.0518 0x0f70 Wdf01000 - ok
    13:01:12.0592 0x0f70 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
    13:01:12.0606 0x0f70 WdiServiceHost - ok
    13:01:12.0623 0x0f70 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
    13:01:12.0637 0x0f70 WdiSystemHost - ok
    13:01:12.0696 0x0f70 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
    13:01:12.0720 0x0f70 WebClient - ok
    13:01:12.0789 0x0f70 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
    13:01:12.0802 0x0f70 Wecsvc - ok
    13:01:12.0826 0x0f70 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    13:01:12.0853 0x0f70 wercplsupport - ok
    13:01:12.0931 0x0f70 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
    13:01:12.0949 0x0f70 WerSvc - ok
    13:01:13.0013 0x0f70 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    13:01:13.0016 0x0f70 WfpLwf - ok
    13:01:13.0043 0x0f70 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    13:01:13.0046 0x0f70 WIMMount - ok
    13:01:13.0161 0x0f70 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
    13:01:13.0184 0x0f70 WinDefend - ok
    13:01:13.0231 0x0f70 WinHttpAutoProxySvc - ok
    13:01:13.0352 0x0f70 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    13:01:13.0363 0x0f70 Winmgmt - ok
    13:01:13.0494 0x0f70 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
    13:01:13.0541 0x0f70 WinRM - ok
    13:01:13.0690 0x0f70 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
    13:01:13.0734 0x0f70 Wlansvc - ok
    13:01:13.0768 0x0f70 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    13:01:13.0770 0x0f70 WmiAcpi - ok
    13:01:13.0843 0x0f70 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    13:01:13.0855 0x0f70 wmiApSrv - ok
    13:01:14.0006 0x0f70 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
    13:01:14.0054 0x0f70 WMPNetworkSvc - ok
    13:01:14.0125 0x0f70 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
    13:01:14.0136 0x0f70 WPCSvc - ok
    13:01:14.0168 0x0f70 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    13:01:14.0184 0x0f70 WPDBusEnum - ok
    13:01:14.0238 0x0f70 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    13:01:14.0241 0x0f70 ws2ifsl - ok
    13:01:14.0301 0x0f70 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\system32\wscsvc.dll
    13:01:14.0314 0x0f70 wscsvc - ok
    13:01:14.0331 0x0f70 WSearch - ok
    13:01:14.0529 0x0f70 [ 7E5C454A3F986FEBAD075DB8D915917E, 9E9147DDACD075958689523130DB92FC4ED0E38433461D8AB8792BCFBD9376DA ] wuauserv C:\Windows\system32\wuaueng.dll
    13:01:14.0633 0x0f70 wuauserv - ok
    13:01:14.0717 0x0f70 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    13:01:14.0723 0x0f70 WudfPf - ok
    13:01:14.0789 0x0f70 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:01:14.0795 0x0f70 WUDFRd - ok
    13:01:14.0866 0x0f70 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    13:01:14.0878 0x0f70 wudfsvc - ok
    13:01:14.0945 0x0f70 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
    13:01:14.0960 0x0f70 WwanSvc - ok
    13:01:15.0030 0x0f70 [ 1DFDCB780EAECF2D6E69F8476FFDB914, 3947F201CB1921F2FF355576728AE7A397B954544BB16C50940C1F2E18294DCB ] ZAM C:\Windows\System32\drivers\zam32.sys
    13:01:15.0035 0x0f70 ZAM - ok
    13:01:15.0705 0x0f70 [ 04118E7C5122830FF683D54257498F02, 8B368FC920D1E539AC8F2DB70B5D962BD643D251DDD4E8D3650DC7B28A7BC48D ] ZAMSvc C:\Program Files\Zemana AntiMalware\ZAM.exe
    13:01:16.0086 0x0f70 ZAMSvc - ok
    13:01:16.0250 0x0f70 [ 1DFDCB780EAECF2D6E69F8476FFDB914, 3947F201CB1921F2FF355576728AE7A397B954544BB16C50940C1F2E18294DCB ] ZAM_Guard C:\Windows\System32\drivers\zamguard32.sys
    13:01:16.0255 0x0f70 ZAM_Guard - ok
    13:01:16.0299 0x0f70 ================ Scan global ===============================
    13:01:16.0360 0x0f70 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
    13:01:16.0425 0x0f70 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
    13:01:16.0459 0x0f70 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
    13:01:16.0525 0x0f70 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
    13:01:16.0574 0x0f70 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
    13:01:16.0590 0x0f70 [ Global ] - ok
    13:01:16.0591 0x0f70 ================ Scan MBR ==================================
    13:01:16.0609 0x0f70 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    13:01:17.0253 0x0f70 \Device\Harddisk0\DR0 - ok
    13:01:17.0265 0x0f70 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
    13:01:17.0632 0x0f70 \Device\Harddisk1\DR1 - ok
    13:01:17.0643 0x0f70 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
    13:01:17.0660 0x0f70 \Device\Harddisk2\DR2 - ok
    13:01:17.0661 0x0f70 ================ Scan VBR ==================================
    13:01:17.0670 0x0f70 [ 788B8E40C03DF527756EC9EA7260F066 ] \Device\Harddisk0\DR0\Partition1
    13:01:17.0674 0x0f70 \Device\Harddisk0\DR0\Partition1 - ok
    13:01:17.0686 0x0f70 [ 864229DE4915569F2319F11F65A5E893 ] \Device\Harddisk1\DR1\Partition1
    13:01:17.0691 0x0f70 \Device\Harddisk1\DR1\Partition1 - ok
    13:01:17.0696 0x0f70 [ 3637C7442368603A403F1A9B04C38F45 ] \Device\Harddisk2\DR2\Partition1
    13:01:17.0733 0x0f70 \Device\Harddisk2\DR2\Partition1 - ok
    13:01:17.0735 0x0f70 ================ Scan generic autorun ======================
    13:01:18.0044 0x0f70 [ 65C6AA484AD2287D20541C7735989437, 1842787640391F4A4CD9ED0A531298A61F4B2FB09BEC98FEE256313AFB458EDB ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
    13:01:18.0201 0x0f70 AvastUI.exe - ok
    13:01:18.0318 0x0f70 [ 7DFCCC67990B6DE7F30F553A4E4612A4, 9FF98D6FD2539CEFC9F42103A7F72388BED6EE590400559B92BC7430228DA36A ] C:\Program Files\RocketDock\RocketDock.exe
    13:01:18.0333 0x0f70 RocketDock - ok
    13:01:18.0951 0x0f70 [ EE526B0428581B57FFC571FF57309E28, 1CF4DD251E78F2B67C4B1973E3378D6B87C5698EEC398CA4043621842ACC426C ] C:\Program Files\CCleaner\CCleaner.exe
    13:01:19.0141 0x0f70 CCleaner - ok
    13:01:19.0849 0x0f70 [ EE526B0428581B57FFC571FF57309E28, 1CF4DD251E78F2B67C4B1973E3378D6B87C5698EEC398CA4043621842ACC426C ] C:\Program Files\CCleaner\CCleaner.exe
    13:01:20.0048 0x0f70 CCleaner Monitoring - ok
    13:01:20.0079 0x0f70 Waiting for KSN requests completion. In queue: 77
    13:01:21.0079 0x0f70 Waiting for KSN requests completion. In queue: 77
    13:01:22.0079 0x0f70 Waiting for KSN requests completion. In queue: 77
    13:01:23.0114 0x0f70 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.2.2218.942 ), 0x41000 ( enabled : updated )
    13:01:23.0125 0x0f70 Win FW state via NFP2: enabled
    13:01:25.0528 0x0f70 ============================================================
    13:01:25.0528 0x0f70 Scan finished
    13:01:25.0528 0x0f70 ============================================================
    13:01:25.0555 0x08f0 Detected object count: 0
    13:01:25.0555 0x08f0 Actual detected object count: 0
    13:14:08.0215 0x0538 Deinitialize success

    9-lab Removal Tool 1.0.0.34 BETA
    9-lab.com

    Database version: 104.31424

    Windows 7 Service Pack 1 (Version 6.1, Build 7601, 32-bit Edition)
    Internet Explorer 9.11.9600.17801
    Brewster :: BREWSTER-PUTER

    27/05/2015 13:38:32
    9lab-log-2015-05-27 (13-38-32).txt

    Scan type: Full
    Objects scanned: 31669
    Time Elapsed: 48 m 1 s

    Registry Keys detected: 3
    Adware.RPL.Gen.vb [HKEY_CURRENT_USER\Software\OB]
    Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\anset]
    Adware.RPL.Gen.sm [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.google.oneclickctrl.10]


    Files detected: 17
    [254FBCA565E049648B0CCE2CEADF05D2] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\Quarantine]
    [DEAF063B8EF36C646708E2F6E5850B75] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\Tempo.txt]
    [E8A647DFFF18B4A808B5B1B759187BC7] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\ZHPCleaner-[R]-23052015-12_32_48.txt]
    [B089913DEE2ADDB87365BB3BCC2B3364] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\ZHPCleaner--23052015-12_31_59.txt]
    [FCE5D09BE1EDC32A5470F8D825604566] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\ZHPCleaner.txt]
    [F5016F081EB170B4DCFA19C8FCA395BD] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt]
    [D41D8CD98F00B204E9800998ECF8427E] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\ZHPCleaner_Tempo.txt]
    [4124692C660C556C1D031CFC7E7755C2] Trojan.FPL.Rotbrow.vb [c:\users\brewster\appdata\roaming\ZHP\ZHPQ_Files.txt]
    [EA49BE36C0F5EB4E77B66F5F104A04AC] Malware.Win32.Gen.EEF2.sm!ff [F:\Downloads\wireless.exe]
    [DAAB3BCC6FA56354DECC22F4B9104F7F] Malware.Win32.Gen.an [F:\Misc Documents\Ei Systems Drivers\Downloads\RSIT.exe]
    [BD6278EA46883914B02799CDE1463687] Malware.Win32.Gen.sm!s1 [F:\Misc Documents\Gadgy Stick Stuff\TranscendService(JF).exe]
    [53533C5A8C634A0C34C626339AC81ED6] PUP.Win32.Gen.vb!i [F:\My Documents\Downloads\driverscanner.exe]
    [35B304B269C2351542A5C439AA5A5959] Malware.Win32.Gen.sm [C:\Users\Brewster\Desktop\JRT.exe - Shortcut.lnk]
    [0A170D9B50B29C5209248D95417C16DA] Malware.Win32.Gen.sm [C:\Users\Brewster\Desktop\rsthosts_2.0.exe]
    [AD15C31EE146580F4983A80A87286956] Malware.Win32.Gen.sm [C:\Users\Brewster\Downloads\JRT.exe]
    [D6D2481CFC03B0B28E2196C3B38B9E77] Malware.Win32.Gen.954C.sm!ff [C:\Users\Brewster\Downloads\wireless.exe]
    [CC7AA7B42CF418FC3D926913490048F8] Malware.Win32.Gen.sm!s2 [C:\Windows\zoek-delete.exe]

    O.K. matey I think that's the lot for today - until tomorrow........................
     
  11. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Ok, since your machine is working fine in safe mode with networking. I would like you to remove AVAST from your machine. Then reboot, then run the AVAST removal tool.
    https://www.avast.com/en-us/uninstall-utility

    Follow the instructions at the avast removal tool link.

    I would then like you to download and run a full scan with reason core security.
    https://www.reasoncoresecurity.com/download-free.aspx
    Remove any infections found.

    Tell me how the machine is running.

    Also if you are unable to get the machine to work correctly in normal mode then please perform a clean boot.
    https://support.microsoft.com/en-us/kb/929135
     
    driver_ian likes this.
  12. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and Salutations!
    Avast removed - O.K., reason core security run O.K. - no infections found (is this the new anti-virus)
    Machine is unfortunately running the same, After a lot of faffing about finally got the a clean boot done and the machine is still as before.............until the next time!
     
  13. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    1. Download the portable version of Windows Repair (All In One) from here, Windows Repair (All In One). (Make sure you have your computer running in a clean boot state BEFORE running repairs. If you need assistance with performing a clean boot then follow the instructions here, How to perform a clean boot in Windows)

    2. Download the portable zipped folder to your desktop.

    3. Extract the contents of the zipped folder, and then right click on the Repair_Windows.exe file and select run as administrator.

    4. After the program opens, click on the Step 3 tab and click the Do It button to have the program run Check Disk on the file system.


    [​IMG]

    5. After the computer finishes running Check Disk, start the program again and proceed to Step 4.

    6. Click on the Step 4 tab and click on the Do It button to allow the program to run the System File Checker to find and fix any corrupt Windows files.


    [​IMG].
    7. After SFC finishes, proceed to the Step 5 tab.

    8. On the Step 5 tab go ahead and create a new system restore point before starting the repair by clicking on the Create button under the System Restore area.


    [​IMG].
    9. Once that is done click on the Start Repairs tab.

    10. On the Start Repairs tab click on the Start button and select Run when prompted.


    [​IMG]


    11. The Windows Repairs window will open. Now ensure that ONLY the checkboxes in the program are checked as indicated below:


    [​IMG]

    \As far as what you can not see: Make sure and tick the boxes numbered.
    26, 27, 31,33


    12. Then when those checkboxes are selected, click on the checkbox that says Restart System when Finished.

    13. Now click on the Start button to start the repair process.


    14. The process could take some time so please be patient.

    15. After the repair process finishes, the computer will be rebooted.

    16. See if there is any difference after performing the above steps.

    Thanks to Evan Omo for the speech.
     
    driver_ian and Lord Chance like this.
  14. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and Salutations!
    O.K. The start up time is now down to less than a minute, but apart from that there is no change, windows wants me to find an anti-virus, and apparently there is a problem with the sound card (the sound appears to work o.k.)
    ....................until next time!
     
  15. Highlander

    Highlander The Immortal iHF Legend Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    995
    Likes Received:
    477
    Trophy Points:
    73
    Brewster - if you can, please post a copy of your Device Manager.
    If you need guidance, please say so and I'll previde them.
     
  16. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    So at this point we are just dealing with slow internet connection, can you please post a mintoolbox log after this.

    Open your device manager.[​IMG] hit the start button then copy and paste devmgmt.msc into the start search box hit enter.
    Left click the + next to network adapters, right click and un-install your wireless driver and your ethernet driver, make sure and do not tick the box that says delete driver.

    [​IMG]

    Then, click the View menu and select Show hidden devices
    Then click on [​IMG]

    Then scroll down right click and uninstall the drivers listed below, don't worry these will be reinstalled upon reboot by windows.

    • Ancillary Function Driver for Winsock
    • Net BT
    • Http
    • Net Io Legacy Support Driver
    • Tcp/ip Protical Driver
    • Tcp/ip Registry Compatibility
    • NSI proxy Service
    • ide channel
    • Nd Proxy
    • Security Driver
    • Security Processor Loader Driver
    • Windows Firewall Authorization Driver


    Each of these files will request a reboot after uninstall.
    [​IMG]

    Select no until you uninstall the Windows Firewall Authorization Driver then select Yes to reboot your machine.
     
  17. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    I would also like you to create a new agccount if these steps do not help. Along with posting a new minitoolbox log. Also no that will not be your antivirus, I was hoping that Avast was the issue. That software is a one month trial. It will protect you until we figure this out. I want to know also the exact name of your machine. Also can you bypass the router and plug directly into the modem.

    See what happens. We are only dealing with slow connection correct?

    Also a checkdisk please chkdsk /r

     
  18. Highlander

    Highlander The Immortal iHF Legend Advisor WCG Team Member

    Joined:
    May 5, 2014
    Messages:
    995
    Likes Received:
    477
    Trophy Points:
    73
    Mal - isn't your chkdsk the same as the procedure I entered on the third post in this thread that seems to have been ignored?
     
  19. Malnutrition

    Malnutrition Still Hungry iHF Master Craftsman

    Joined:
    May 5, 2014
    Messages:
    1,501
    Likes Received:
    445
    Trophy Points:
    93
    Now after the malware has been removed it would be best to run checkdisk. :)
     
  20. brewster393

    brewster393 Member iHF Regular

    Joined:
    May 14, 2014
    Messages:
    69
    Likes Received:
    7
    Trophy Points:
    18
    Greetings and Salutations!
    MiniToolBox by Farbar Version: 23-01-2014
    Ran by Brewster (administrator) on 30-05-2015 at 13:31:22
    Running from "C:\Users\Brewster\Downloads"
    Microsoft Windows 7 Ultimate Service Pack 1 (X86)
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================


    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================

    ::1 localhost

    0.0.0.0 0.0.0.0 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
    0.0.0.0 media.opencandy.com
    0.0.0.0 cdn.opencandy.com
    0.0.0.0 tracking.opencandy.com
    0.0.0.0 api.opencandy.com
    0.0.0.0 installer.betterinstaller.com
    0.0.0.0 installer.filebulldog.com
    0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
    0.0.0.0 inno.bisrv.com
    0.0.0.0 nsis.bisrv.com
    0.0.0.0 cdn.file2desktop.com
    0.0.0.0 cdn.goateastcach.us
    0.0.0.0 cdn.guttastatdk.us
    0.0.0.0 cdn.inskinmedia.com
    0.0.0.0 cdn.insta.oibundles2.com
    0.0.0.0 cdn.insta.playbryte.com
    0.0.0.0 cdn.llogetfastcach.us
    0.0.0.0 cdn.montiera.com
    0.0.0.0 cdn.msdwnld.com
    0.0.0.0 cdn.mypcbackup.com
    0.0.0.0 cdn.ppdownload.com
    0.0.0.0 cdn.riceateastcach.us
    0.0.0.0 cdn.shyapotato.us
    0.0.0.0 cdn.solimba.com
    0.0.0.0 cdn.tuto4pc.com
    0.0.0.0 cdn.appround.biz
    0.0.0.0 cdn.bigspeedpro.com
    0.0.0.0 cdn.bispd.com
    0.0.0.0 cdn.bisrv.com
    0.0.0.0 cdn.cdndp.com
    0.0.0.0 cdn.download.sweetpacks.com
    0.0.0.0 cdn.dpdownload.com
    0.0.0.0 cdn.visualbee.net

    127.0.0.1 localhost

    ========================= IP Configuration: ================================

    VIA Rhine III Fast Ethernet Adapter = Local Area Connection (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

    Host Name . . . . . . . . . . . . : Brewster-Puter
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : home

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : home
    Description . . . . . . . . . . . : VIA Rhine III Fast Ethernet Adapter
    Physical Address. . . . . . . . . : 00-0C-76-84-77-97
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::ad56:54f5:b4c9:8192%12(Preferred)
    IPv4 Address. . . . . . . . . . . : 192.168.1.72(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : 30 May 2015 13:14:10
    Lease Expires . . . . . . . . . . : 31 May 2015 13:14:10
    Default Gateway . . . . . . . . . : 192.168.1.254
    DHCP Server . . . . . . . . . . . : 192.168.1.254
    DHCPv6 IAID . . . . . . . . . . . : 251661430
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-FB-42-0F-00-0C-76-84-77-97
    DNS Servers . . . . . . . . . . . : 192.168.1.254
    192.168.1.254
    NetBIOS over Tcpip. . . . . . . . : Enabled
    Server: BTHomeHub.home
    Address: 192.168.1.254

    Name: google.com
    Address: 216.58.208.78


    Pinging google.com [216.58.208.78] with 32 bytes of data:
    Reply from 216.58.208.78: bytes=32 time=12ms TTL=54
    Reply from 216.58.208.78: bytes=32 time=12ms TTL=54

    Ping statistics for 216.58.208.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 12ms, Maximum = 12ms, Average = 12ms
    Server: BTHomeHub.home
    Address: 192.168.1.254

    Name: yahoo.com
    Addresses: 206.190.36.45
    98.139.183.24
    98.138.253.109


    Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
    Reply from 206.190.36.45: bytes=32 time=173ms TTL=47
    Reply from 206.190.36.45: bytes=32 time=176ms TTL=47

    Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 173ms, Maximum = 176ms, Average = 174ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
    12...00 0c 76 84 77 97 ......VIA Rhine III Fast Ethernet Adapter
    1...........................Software Loopback Interface 1
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.72 20
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    192.168.1.0 255.255.255.0 On-link 192.168.1.72 276
    192.168.1.72 255.255.255.255 On-link 192.168.1.72 276
    192.168.1.255 255.255.255.255 On-link 192.168.1.72 276
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.1.72 276
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.1.72 276
    ===========================================================================
    Persistent Routes:
    None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
    If Metric Network Destination Gateway
    1 306 ::1/128 On-link
    12 276 fe80::/64 On-link
    12 276 fe80::ad56:54f5:b4c9:8192/128
    On-link
    1 306 ff00::/8 On-link
    12 276 ff00::/8 On-link
    ===========================================================================
    Persistent Routes:
    None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
    Catalog5 07 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
    Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [] ()
    Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [] ()
    Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (05/30/2015 01:31:24 PM) (Source: Application Error) (User: )
    Description: Faulting application name: plugin-container.exe, version: 38.0.1.5611, time stamp: 0x55541a90
    Faulting module name: mozalloc.dll, version: 38.0.1.5611, time stamp: 0x55540a1e
    Exception code: 0x80000003
    Fault offset: 0x00001aa1
    Faulting process id: 0x138
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (05/30/2015 01:14:23 PM) (Source: PerfNet) (User: )
    Description:

    Error: (05/30/2015 11:10:59 AM) (Source: PerfNet) (User: )
    Description:

    Error: (05/30/2015 10:32:00 AM) (Source: PerfNet) (User: )
    Description:

    Error: (05/29/2015 04:29:13 PM) (Source: .NET Runtime) (User: )
    Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3892. Message ID: [0x2509].

    Error: (05/29/2015 04:27:08 PM) (Source: .NET Runtime) (User: )
    Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2212. Message ID: [0x2509].

    Error: (05/29/2015 04:22:35 PM) (Source: .NET Runtime) (User: )
    Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2956. Message ID: [0x2509].

    Error: (05/29/2015 03:36:27 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service has failed to create the new search index. Internal error <4, 0xc0041800, Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects>.

    Error: (05/29/2015 03:36:26 PM) (Source: Windows Search Service) (User: )
    Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

    Context: Windows Application


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)

    Error: (05/29/2015 03:36:26 PM) (Source: Windows Search Service) (User: )
    Description: The search service has detected corrupted data files in the index {id=2801}. The service will attempt to automatically correct this problem by rebuilding the index.

    Context: Windows Application


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)


    System errors:
    =============
    Error: (05/30/2015 01:14:15 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (05/30/2015 01:14:12 PM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (05/30/2015 11:10:46 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (05/30/2015 11:10:43 AM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (05/30/2015 10:57:56 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (05/30/2015 10:57:53 AM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (05/30/2015 10:32:01 AM) (Source: WMPNetworkSvc) (User: )
    Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (05/30/2015 10:31:44 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (05/30/2015 10:31:30 AM) (Source: NETLOGON) (User: )
    Description: This computer is configured as a member of a workgroup, not as
    a member of a domain. The Netlogon service does not need to run in this
    configuration.

    Error: (05/30/2015 10:31:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
    Description: WLAN Extensibility Module has failed to start.

    Module Path: C:\Windows\system32\athExt.dll
    Error Code: 126


    Microsoft Office Sessions:
    =========================
    Error: (05/30/2015 01:31:24 PM) (Source: Application Error)(User: )
    Description: plugin-container.exe38.0.1.561155541a90mozalloc.dll38.0.1.561155540a1e8000000300001aa113801d09ad306f115b7C:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\mozalloc.dllc836f930-06c7-11e5-8fbc-000c76847797

    Error: (05/30/2015 01:14:23 PM) (Source: PerfNet)(User: )
    Description:

    Error: (05/30/2015 11:10:59 AM) (Source: PerfNet)(User: )
    Description:

    Error: (05/30/2015 10:32:00 AM) (Source: PerfNet)(User: )
    Description:

    Error: (05/29/2015 04:29:13 PM) (Source: .NET Runtime)(User: )
    Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 3892. Message ID: [0x2509].

    Error: (05/29/2015 04:27:08 PM) (Source: .NET Runtime)(User: )
    Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2212. Message ID: [0x2509].

    Error: (05/29/2015 04:22:35 PM) (Source: .NET Runtime)(User: )
    Description: .NET Runtime version 4.0.30319.18444 - There was a failure initializing profiling API attach infrastructure. This process will not allow a profiler to attach. HRESULT: 0x80004005. Process ID (decimal): 2956. Message ID: [0x2509].

    Error: (05/29/2015 03:36:27 PM) (Source: Windows Search Service)(User: )
    Description: 40xc0041800Failed to add project: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects

    Error: (05/29/2015 03:36:26 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)
    The catalog is corrupt

    Error: (05/29/2015 03:36:26 PM) (Source: Windows Search Service)(User: )
    Description: Context: Windows Application


    Details:
    The content index catalog is corrupt. 0xc0041801 (0xc0041801)
    2801


    CodeIntegrity Errors:
    ===================================
    Date: 2015-05-29 10:48:35.475
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-29 10:48:35.177
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-29 10:48:34.869
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-29 10:48:34.583
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-29 10:48:34.272
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-29 10:48:33.945
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-28 11:57:32.838
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-28 11:57:32.471
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-27 14:11:46.584
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.

    Date: 2015-05-27 12:53:58.757
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Users\Brewster\Downloads\ZemanaAntiMalware.exe because the set of per-page image hashes could not be found on the system.


    =========================== Installed Programs ============================

    ******** (Version: 3.4.3.40298)
    9-lab Removal Tool
    Adobe Flash Player 17 ActiveX (Version: 17.0.0.188)
    Adobe Flash Player 17 NPAPI (Version: 17.0.0.188)
    Adobe Reader XI (11.0.11) (Version: 11.0.11)
    Adobe Refresh Manager (Version: 1.8.0)
    Amazon Kindle
    Apple Application Support (32-bit) (Version: 3.1.2)
    Apple Mobile Device Support (Version: 8.1.1.3)
    Apple Software Update (Version: 2.1.3.127)
    Audacity 2.0.6 (Version: 2.0.6)
    Auslogics DiskDefrag (Version: 5.4.0.0)
    Bonjour (Version: 3.0.0.10)
    BT Desktop Help
    calibre (Version: 2.29.0)
    CCleaner (Version: 5.06)
    C-Media WDM Audio Driver
    Cole2k Media - Codec Pack (Advanced) 8.0.2 (Version: 8.0.2)
    ConvertXtoDVD 3.3.2.100 (Version: 3.3.2.100)
    Creatix V.9X DSP Data Fax Modem
    DC-Bass Source 1.3.0
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    ESET Online Scanner v3
    ffdshow v1.1.4399 [2012-03-22] (Version: 1.1.4399.0)
    Free PDF to JPG Converter (Version: 1.0.0)
    Google Update Helper (Version: 1.3.25.11)
    GoToAssist Corporate (Version: 10.4.0.896)
    Haali Media Splitter
    HP FWUpdateEDO2 (Version: 1.2.0.0)
    HP Photo Creations (Version: 1.0.0.18142)
    HP Photosmart 5510 series Basic Device Software (Version: 24.0.342.0)
    HP Photosmart 5510 series Help (Version: 140.0.2.2)
    HP Photosmart 5510 series Product Improvement Study (Version: 24.0.342.0)
    HP Update (Version: 5.005.002.002)
    HPDiagnosticAlert (Version: 1.00.0001)
    iTunes (Version: 12.1.1.4)
    Java 7 Update 65 (Version: 7.0.650)
    Java 7 Update 80 (Version: 7.0.800)
    Java 8 Update 31 (Version: 8.0.310)
    Java 8 Update 45 (Version: 8.0.450)
    Java Auto Updater (Version: 2.8.45.14)
    K-Lite Codec Pack 9.4.0 (Basic) (Version: 9.4.0)
    Lagarith Lossless Codec (1.3.27)
    LAME v3.99.3 (for Windows)
    Leawo Video Converter version 6.0.0.0 (Version: 6.0.0.0)
    Malwarebytes Anti-Malware version 2.1.6.1022 (Version: 2.1.6.1022)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
    Microsoft Office 2000 Premium (Version: 9.00.2720)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
    Mozilla Firefox 38.0.1 (x86 en-US) (Version: 38.0.1)
    Mozilla Maintenance Service (Version: 34.0.5)
    Nero 6 Ultra Edition
    QuickTime 7 (Version: 7.76.80.95)
    Reason Core Security (Version: 1.0.7.0)
    Recuva (Version: 1.51)
    Revo Uninstaller 1.95 (Version: 1.95)
    RocketDock 1.3.5
    Sigil 0.7.4
    Speccy (Version: 1.26)
    SUPERAntiSpyware (Version: 5.7.1026)
    System Ninja version 3.0.6 (Version: 3.0.6)
    TP-LINK Wireless Client Utility (Version: 7.0)
    TreeSize Free V2.4 (Version: 2.4)
    Unknown Device Identifier 8.01 (Version: 8.01)
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    VIA Rhine Family Fast Ethernet Adapter
    VirIT eXplorer Lite (Version: 7.9.23)
    WinRAR 5.21 (32-bit) (Version: 5.21.0)
    WinZip 19.0 (Version: 19.0.11294)
    WinZip 19.5 (Version: 19.5.11475)
    Wipe (Version: 2015.05)
    Xvid Video Codec (Version: 1.3.2)
    Zemana AntiMalware (Version: 2.15.206)

    ========================= Memory info: ===================================

    Percentage of memory in use: 21%
    Total physical RAM: 3327.55 MB
    Available physical RAM: 2628.68 MB
    Total Pagefile: 6651.36 MB
    Available Pagefile: 5970.82 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1942.11 MB

    ========================= Partitions: =====================================

    2 Drive c: () (Fixed) (Total:149.04 GB) (Free:66.57 GB) NTFS
    5 Drive f: () (Fixed) (Total:74.52 GB) (Free:36.34 GB) NTFS
    6 Drive h: () (Fixed) (Total:931.51 GB) (Free:306.54 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\BREWSTER-PUTER

    Administrator Brewster Guest
    Margies


    **** End of log ****
    I'm sorry but I'm not sure what you mean when you say "create a new agccount"
    Until further notice I'll be on cable not wireless
    As for the computer name I got the attached file from "speccy" I hope it's what you want,
    I assume from your last missive that the problem looks like being in the connection speed and not the download speed?
     

    Attached Files:

Loading...

Share This Page