# Hidden Rootkit/Malware crippling computer / Freezing click/mouse points on programs



## Walloped (Dec 30, 2014)

Hidden Rootkit/Malware crippling computer / Freezing click/mouse points on programs

Hidden Rootkit/Malware trying to cripple computer- blocking all antivirus/ good firewall. Blocking some malware removers. Freezing computer

I would like to say thanks ahead of time to any help I can get regarding this infuriating malware. i'm writing this in Safe mode

I dont really know when this started but i think it was when I downloaded a piece of youtube/video downloader software form the Softopedia. One was a huge clunky piece of crap that didn't end up working but that kept asking for permissions from Comodo Firewall as I tried to get it to work, and thats probably where the problem started as I'm now realizing.

A week or two later after I tried to uninstall the programs within a few days later I started noticing that Firefox started to freeze. i though it was internet slowdown of the websites or google maps.
The one thing led to the other and was finding it hard to click on the start menu and other parts of software on windows. It stated to totally freeze up until I couldn't use the mouse to click.

I tried to do a restore point and it wouldn't work. It blocked/erased the restore points up to only a few days before. It also started blocking Avast. I was only able to get a restore point from my last back up ...in May. that seemed to work after 2 days of trying different things and different malware programs

Well it seemed like like it worked and I removed all the antivirus and firewall and put in new one and continued using the computer. I knew/ felt that there was still something going on as it the computer sounded weird as if its struggling. . It seemed like everything was fine and I using it but I kept trying different anti malware programs.

none of them would find anything....I tried Comodo Cleaning Essentials today and it found
something in Avast

Program file\Avast\Software\Avast\ng\vbox\VBoxDD2GC.gc

When the program cleaned it the same thing started happening, it stared getting hard to use the mouse and click on programs. it started blocking the anti virus. Tried different malware removers none showed anything. It wiped is\ hiding the restore points and I had to go to the back up to redo everything again

Currently I put in all new anti virus and firewall but its blocking them. It was blocking me from removing old Comodo, and I dont think it s allowing the new one.
Its blocking the Windows Security centre, but I am able to use the Windows firewall.
its blocking avast and comodo from working and stopping some malware removers

What I tried in the past
Sophos antirootkit...- didnt work
superAntimalware - didnt find anthing 
Malware bytes - never seems to find anthing which is strange
Junkware Removal Tool - removed a few registry items

Many others Most of the tools that the average person could use I tried.

I want to try combofix or something like that but don't want to do it on my own PLEASE SOMEONE HELP....
I don't know how long I will have the ability to TYPE THIS freely before I will have to go to a library to respond

Thanks for any help that can be provided

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz, x64 Family 6 Model 45 Stepping 7
Processor Count: 8
RAM: 3526 Mb
Graphics Card: NVIDIA GeForce GTX 660 Ti, -2048 Mb
Hard Drives: C: Total - 317821 MB, Free - 183574 MB; D: Total - 317971 MB, Free - 280270 MB; E: Total - 317972 MB, Free - 208101 MB;
Motherboard: ASUSTeK COMPUTER INC., P9X79
Antivirus: None


----------



## kevinf80 (Mar 21, 2006)

Hello and welcome, run the following from normal mode if possible, or safe mode if not...

Download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Thanks,

Kevin....


----------



## Walloped (Dec 30, 2014)

Thank your for your quick reply. and Happy New Year

I got antivirus going and Comodo firewall. The program says its up and running but not showing in the windows security centre. comodo cleaning essentials found one rootkit and deleted it but there was another that it could not remove remove. When I redid the scan it didnt pick it up

here's the Farbar log
-----------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2014
Ran by MohenDaro (administrator) on MOHENDARO-1 on 31-12-2014 22:51:16
Running from C:\Users\MohenDaro\Desktop\New folder (3)
Loaded Profiles: MohenDaro & UpdatusUser (Available profiles: MohenDaro & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\launcher_service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SuperAnti2\SASCore.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware) C:\Program Files\SuperAnti2\SUPERAntiSpyware.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
(Comodo Security Solutions, Inc.) C:\Program Files\Comodo\GeekBuddy\unit.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310504 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-12-29] (AVAST Software)
HKLM\...\Run: [tvncontrol] => C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243352 2014-12-09] (COMODO)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2014-12-22] (Glarysoft Ltd)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SuperAnti2\SUPERAntiSpyware.exe [6699800 2014-12-15] (SUPERAntiSpyware)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\MountPoints2: {3db38d09-8366-11e2-a741-3085a99733ab} - K:\installer.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3562293704-32423027-4047423185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKU\S-1-5-21-3562293704-32423027-4047423185-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3562293704-32423027-4047423185-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\ija24qlj.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-3562293704-32423027-4047423185-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Bitdefender QuickScan - C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\ija24qlj.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-12-29]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-29]
CHR Extension: (Google Docs) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-29]
CHR Extension: (Google Drive) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-29]
CHR Extension: (YouTube) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-29]
CHR Extension: (Google Search) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-29]
CHR Extension: (Google Sheets) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-29]
CHR Extension: (Avast Online Security) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-29]
CHR Extension: (Google Wallet) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-29]
CHR Extension: (Gmail) - C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SuperAnti2\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
R2 CLPSLauncher; C:\Program Files\Common Files\COMODO\launcher_service.exe [70864 2014-09-17] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2014-12-09] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2014-12-09] (COMODO)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe [182272 2011-08-05] (DTS, Inc)
R2 GeekBuddyRSP; C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [43104 2011-09-21] (Asmedia Technology)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [102888 2011-11-03] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [313832 2011-11-03] (ASMedia Technology Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-29] ()
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [35064 2014-06-26] (Windows (R) Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2014-12-09] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [617536 2014-12-09] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2014-12-09] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-02] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [268968 2011-07-19] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-12-29] (Glarysoft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2014-12-09] (COMODO)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-12-31] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SuperAnti2\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SuperAnti2\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [289352 2014-12-31] (Trend Micro Inc.)
S3 MSICDSetup; \??\F:\CDriver.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 vhjrap; No ImagePath
S0 ysyfer; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 20:58 - 2014-12-31 20:59 - 00289352 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-12-31 20:51 - 2014-12-31 20:51 - 00000056 _____ () C:\Windows\setupact.log
2014-12-31 20:51 - 2014-12-31 20:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-31 19:11 - 2014-12-31 19:11 - 00001870 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-12-31 19:09 - 2014-12-31 19:09 - 00000000 ____D () C:\ProgramData\Shared Space
2014-12-31 19:08 - 2014-12-31 19:08 - 00002013 _____ () C:\Users\Public\Desktop\GeekBuddy.lnk
2014-12-30 22:55 - 2014-05-14 11:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-30 22:55 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-30 22:55 - 2014-05-14 11:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-30 22:55 - 2014-05-14 11:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-30 22:55 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-30 22:55 - 2014-05-14 11:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-30 22:55 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-30 22:54 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-30 22:54 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-30 15:45 - 2014-12-30 15:47 - 226075376 _____ (COMODO) C:\Users\MohenDaro\Downloads\cfw_installer_6106_53.exe
2014-12-30 15:01 - 2014-12-31 22:06 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-30 14:05 - 2014-12-31 21:03 - 00000010 _____ () C:\Users\MohenDaro\AppData\Local\sponge.last.runtime.cache
2014-12-30 14:01 - 2014-12-30 14:01 - 00000036 _____ () C:\Users\MohenDaro\AppData\Local\housecall.guid.cache
2014-12-30 13:41 - 2014-12-31 20:55 - 01300442 _____ () C:\Windows\WindowsUpdate.log
2014-12-29 23:41 - 2014-12-30 14:01 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder (4)
2014-12-29 23:24 - 2014-12-30 13:06 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder
2014-12-29 22:53 - 2014-12-31 22:34 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\QuickScan
2014-12-29 21:09 - 2014-12-29 21:09 - 00509440 _____ (Tech Support Guy System) C:\Users\MohenDaro\Downloads\SysInfo.exe
2014-12-29 20:21 - 2014-12-29 20:21 - 00001907 _____ () C:\Users\MohenDaro\Desktop\SUPERAntiSpyware Professional.lnk
2014-12-29 20:21 - 2014-12-29 20:21 - 00000494 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task af56428c-b3aa-449b-a435-a01377185955.job
2014-12-29 20:21 - 2014-12-29 20:21 - 00000494 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 4732a97f-b5e9-459b-bcd3-1d048cbfb9db.job
2014-12-29 20:21 - 2014-12-29 20:21 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-29 20:20 - 2014-12-31 20:51 - 00000000 ____D () C:\Program Files\SuperAnti2
2014-12-29 20:16 - 2014-12-29 20:16 - 20865992 _____ (SUPERAntiSpyware) C:\Users\MohenDaro\Downloads\SUPERAntiSpyware.exe
2014-12-29 19:32 - 2014-12-30 20:12 - 00000000 ____D () C:\Users\MohenDaro\Desktop\mbar
2014-12-29 19:32 - 2014-12-29 19:33 - 00000000 ____D () C:\Users\MohenDaro\Desktop\bar
2014-12-29 19:26 - 2014-12-29 19:27 - 107098648 _____ (Sophos Limited) C:\Users\MohenDaro\Downloads\Sophos Virus Removal Tool.exe
2014-12-29 19:13 - 2014-12-29 19:13 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\AVAST Software
2014-12-29 19:04 - 2014-12-29 19:04 - 00002201 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-29 19:04 - 2014-12-29 19:04 - 00002117 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-29 19:04 - 2014-12-29 19:04 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-12-29 19:04 - 2014-12-29 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 19:04 - 2014-12-29 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-29 19:03 - 2014-12-31 20:51 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-29 19:03 - 2014-12-29 19:04 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-29 19:03 - 2014-12-29 19:04 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-29 19:03 - 2014-12-29 19:03 - 00291352 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-29 19:03 - 2014-12-29 19:03 - 00206248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-29 19:03 - 2014-12-29 19:03 - 00091496 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-12-29 19:03 - 2014-12-29 19:03 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-29 19:03 - 2014-12-29 19:03 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-29 19:03 - 2014-12-29 19:03 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-29 19:03 - 2014-12-29 19:03 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-29 19:03 - 2014-12-29 19:03 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-29 19:02 - 2014-12-29 19:02 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-29 19:01 - 2014-12-29 19:01 - 05006864 _____ (AVAST Software) C:\Users\MohenDaro\Downloads\avast_free_antivirus_setup_online.exe
2014-12-29 18:52 - 2014-12-31 19:30 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 18:52 - 2014-12-30 20:00 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-29 18:52 - 2014-12-29 18:52 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-29 18:52 - 2014-12-29 18:52 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-29 18:52 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-29 18:52 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-29 18:49 - 2014-12-29 18:49 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-29 18:38 - 2014-12-29 18:41 - 226075376 _____ (COMODO) C:\Users\MohenDaro\Downloads\cfw_installer_6113_52.exe
2014-12-29 18:30 - 2014-12-29 18:30 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-12-29 18:13 - 2014-12-31 21:19 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-12-29 18:13 - 2014-12-29 18:13 - 00017344 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-12-29 18:13 - 2014-12-29 18:13 - 00001050 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-12-29 18:13 - 2014-12-29 18:13 - 00001038 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-12-29 18:13 - 2014-12-29 18:13 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-12-29 18:13 - 2014-12-29 18:13 - 00000238 _____ () C:\Windows\Tasks\GU5SkipUAC.job
2014-12-29 18:13 - 2014-12-29 18:13 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\GlarySoft
2014-12-29 18:13 - 2014-12-29 18:13 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\DiskDefrag
2014-12-29 18:13 - 2014-12-29 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-12-29 18:02 - 2014-12-29 19:12 - 00000000 ____D () C:\Users\MohenDaro\Desktop\programs after 6pm
2014-12-29 17:52 - 2014-12-29 17:52 - 00001222 _____ () C:\Users\MohenDaro\Desktop\Revo Uninstaller.lnk
2014-12-29 17:52 - 2014-12-29 17:52 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-29 17:11 - 2014-12-29 17:11 - 05040384 _____ (AVAST Software) C:\Users\MohenDaro\Desktop\avastclear.exe
2014-12-29 17:04 - 2014-12-29 17:04 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-29 17:04 - 2014-12-29 17:04 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-29 17:03 - 2014-12-29 17:03 - 00244104 _____ () C:\Users\MohenDaro\Downloads\Firefox Setup Stub 34.0.5.exe
2014-12-29 15:00 - 2014-12-31 22:51 - 00000000 ____D () C:\FRST
2014-12-29 14:47 - 2014-12-29 14:47 - 00057295 _____ () C:\Users\MohenDaro\Desktop\bookmarks-2014-12-29 - 2
2014-12-29 14:46 - 2014-12-29 14:46 - 00057295 _____ () C:\Users\MohenDaro\Desktop\bookmarks-2014-12-29.json
2014-12-29 14:19 - 2014-12-29 18:04 - 00002582 _____ () C:\Users\MohenDaro\Desktop\Rkill.txt
2014-12-29 14:17 - 2014-12-29 14:17 - 00000972 _____ () C:\Users\MohenDaro\Desktop\JRT.txt
2014-12-29 14:16 - 2014-12-29 14:16 - 00000000 ____D () C:\Windows\ERUNT
2014-12-29 14:02 - 2014-12-31 22:51 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder (3)
2014-12-29 11:19 - 2014-12-31 09:12 - 00000000 ____D () C:\CCE_Quarantine
2014-12-29 09:13 - 2014-12-31 07:10 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder (2)
2014-12-26 11:42 - 2014-12-26 11:42 - 00000822 _____ () C:\Users\MohenDaro\Desktop\info from geek buddy.txt
2014-12-19 21:56 - 2014-12-19 21:56 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-19 21:56 - 2014-12-19 21:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-18 21:59 - 2014-12-18 21:59 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-18 21:57 - 2014-12-18 21:57 - 00000000 ____D () C:\Program Files\Sophos
2014-12-18 18:53 - 2014-12-29 17:38 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-18 18:35 - 2014-12-29 18:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 18:34 - 2014-12-18 18:35 - 00000000 ____D () C:\Program Files\Malware Bytes 2
2014-12-18 18:23 - 2014-12-29 17:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-18 18:18 - 2014-12-31 19:08 - 00000000 ____D () C:\Program Files\Common Files\COMODO
2014-12-18 13:58 - 2014-12-18 13:58 - 00000000 ____D () C:\Program Files\ESET
2014-12-18 12:54 - 2014-12-18 12:54 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\Comodo
2014-12-18 11:49 - 2014-12-29 19:04 - 00000000 ____D () C:\Program Files\Google
2014-12-18 10:43 - 2014-12-18 18:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-18 10:43 - 2014-12-18 10:43 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\SUPERAntiSpyware.com
2014-12-18 10:43 - 2014-12-18 10:43 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-18 10:17 - 2014-12-18 13:29 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2014-12-17 21:12 - 2014-12-18 18:28 - 00000000 ____D () C:\EEK
2014-12-17 18:50 - 2014-12-29 15:05 - 00000000 ____D () C:\AdwCleaner
2014-12-17 09:30 - 2014-12-17 14:15 - 524288000 _____ () C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar
2014-12-16 23:32 - 2014-12-17 04:17 - 524288000 _____ () C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar
2014-12-16 16:33 - 2014-12-16 21:18 - 524288000 _____ () C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar
2014-12-16 12:25 - 2014-12-16 12:34 - 649376342 _____ () C:\Users\MohenDaro\Desktop\Life Purpose Boot Camp with Dr. Eric Maisel - en_theos Sympo.mp4
2014-12-09 15:57 - 2014-12-09 15:57 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-12-09 13:53 - 2014-12-09 13:58 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-12-09 13:50 - 2014-12-17 21:58 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-09 13:50 - 2014-12-09 13:50 - 00000000 ____D () C:\Program Files\Adobe
2014-12-09 13:02 - 2014-12-09 13:02 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\AbleWord
2014-12-09 12:45 - 2014-12-09 12:50 - 00000000 ____D () C:\Users\MohenDaro\Downloads\Deepak Chopra - The Power of Intuition
2014-12-09 00:20 - 2014-12-09 00:20 - 00617536 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-12-09 00:20 - 2014-12-09 00:20 - 00352272 _____ (COMODO) C:\Windows\system32\guard32.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00286424 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00091200 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-12-09 00:20 - 2014-12-09 00:20 - 00041248 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-12-09 00:20 - 2014-12-09 00:20 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00033520 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-12-09 00:20 - 2014-12-09 00:20 - 00017088 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-12-03 12:49 - 2014-12-03 13:30 - 125197473 _____ () C:\Users\MohenDaro\Desktop\WHITE_NOISE_Bathroom_Fan.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 20:58 - 2009-07-13 23:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 20:58 - 2009-07-13 23:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 20:56 - 2010-11-20 16:01 - 00924088 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-31 20:51 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-31 19:11 - 2013-03-02 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2014-12-30 22:54 - 2013-03-03 21:36 - 00000000 ____D () C:\Users\MohenDaro\AppData\Local\Microsoft Help
2014-12-30 20:12 - 2014-05-26 15:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-30 15:10 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-12-29 21:03 - 2014-05-27 09:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-12-29 19:50 - 2013-03-02 13:41 - 00000000 ____D () C:\Program Files\Comodo
2014-12-29 19:01 - 2013-03-02 14:29 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-29 18:34 - 2013-03-02 13:48 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-29 18:34 - 2013-03-02 13:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-29 18:27 - 2014-07-23 11:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2014-12-29 18:27 - 2013-03-02 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2014-12-29 17:41 - 2011-04-11 21:24 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-12-29 17:41 - 2011-04-11 21:24 - 00000000 ____D () C:\Windows\ShellNew
2014-12-29 17:41 - 2009-07-13 23:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-29 17:41 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\Offline Web Pages
2014-12-29 17:41 - 2009-07-13 23:52 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-12-29 17:41 - 2009-07-13 23:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 __RHD () C:\Users\Public\Libraries
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\TAPI
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\ias
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\rescache
2014-12-29 17:41 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\L2Schemas
2014-12-29 17:40 - 2013-03-03 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2014-12-29 17:40 - 2013-03-03 21:36 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-29 17:40 - 2013-03-02 15:33 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Balabolka
2014-12-29 17:40 - 2013-03-02 15:33 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\Balabolka
2014-12-29 17:40 - 2013-03-02 14:06 - 00000000 ____D () C:\Program Files\HD Tune
2014-12-29 17:40 - 2013-03-02 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-12-29 17:40 - 2013-03-02 13:58 - 00000000 ____D () C:\Program Files\DAEMON Tools Lite
2014-12-29 17:40 - 2013-03-02 13:55 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-12-29 17:40 - 2013-03-02 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-12-29 17:40 - 2013-03-02 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-12-29 17:40 - 2013-03-02 13:48 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-29 17:40 - 2013-03-02 13:18 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 17:40 - 2013-03-02 13:18 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 17:40 - 2013-03-02 13:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-29 17:40 - 2013-03-02 12:55 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-12-29 17:40 - 2013-03-02 12:47 - 00000000 ___RD () C:\Users\MohenDaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 17:40 - 2013-03-02 12:47 - 00000000 ___RD () C:\Users\MohenDaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 17:40 - 2009-07-13 23:52 - 00000000 ____D () C:\Program Files\MSBuild
2014-12-29 17:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\security
2014-12-29 17:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\schemas
2014-12-29 17:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Help
2014-12-29 17:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-29 17:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-29 17:40 - 2009-07-13 21:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-29 17:39 - 2014-06-08 13:45 - 00000000 ____D () C:\Program Files\SlimCleaner
2014-12-29 17:39 - 2014-05-27 21:49 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\vlc
2014-12-29 17:39 - 2013-03-03 21:37 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-29 17:39 - 2013-03-02 15:33 - 00000000 ____D () C:\Program Files\Balabolka
2014-12-29 17:39 - 2013-03-02 13:54 - 00000000 ____D () C:\Program Files\7-Zip
2014-12-29 17:37 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\registration
2014-12-29 17:34 - 2013-03-02 13:42 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-12-29 17:34 - 2013-03-02 13:42 - 00000000 ____D () C:\ProgramData\Comodo
2014-12-29 17:34 - 2013-03-02 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-29 17:34 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\Globalization
2014-12-29 16:48 - 2009-07-13 21:04 - 00002577 _____ () C:\Windows\system32\config.nt
2014-12-29 16:47 - 2013-03-02 13:43 - 00109712 _____ () C:\Users\MohenDaro\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-29 16:46 - 2013-03-02 12:47 - 00000000 ____D () C:\Users\MohenDaro
2014-12-29 16:44 - 2013-03-03 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-29 16:44 - 2011-04-11 21:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-29 16:44 - 2009-07-13 21:37 - 00000000 __RSD () C:\Windows\Media
2014-12-29 16:44 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-12-21 16:02 - 2013-03-02 15:34 - 00000000 ____D () C:\Windows\Panther
2014-12-21 15:32 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-12-18 18:28 - 2014-11-24 17:42 - 00000000 ____D () C:\Users\MohenDaro\Downloads\PowerfulPhrases.DealingDifficultPeople
2014-12-18 18:28 - 2014-08-15 16:02 - 00000000 ____D () C:\Keyboarding Pro 6
2014-12-18 18:28 - 2014-08-11 22:17 - 00000000 ____D () C:\Users\MohenDaro\Downloads\FL Studio Producer Edition 11.0.4+Plugins Bundle R2R [ChingLiu]
2014-12-18 18:28 - 2014-08-04 23:35 - 00000000 ____D () C:\Program Files\Zuma final
2014-12-18 18:28 - 2014-08-04 19:30 - 00000000 ____D () C:\Users\MohenDaro\Downloads\[Zuma & Luxor Collection]
2014-12-18 18:28 - 2014-08-01 18:31 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\uTorrent
2014-12-18 18:28 - 2014-07-30 15:52 - 00000000 ___SD () C:\Users\MohenDaro\Documents\My Data Sources
2014-12-18 18:28 - 2014-06-18 16:27 - 00000000 ____D () C:\Program Files\Common Files\DivX Shared
2014-12-18 18:28 - 2014-06-18 16:24 - 00000000 ____D () C:\ProgramData\DivX
2014-12-18 18:28 - 2014-06-11 18:46 - 00000000 ____D () C:\Program Files\BlueStacks
2014-12-18 18:28 - 2014-06-06 13:30 - 00000000 ____D () C:\Users\MohenDaro\AppData\Local\Adobe
2014-12-18 18:27 - 2014-11-12 20:31 - 00000000 ____D () C:\Windows\softwaredistribution.old
2014-12-18 18:27 - 2014-05-27 14:59 - 00000000 ____D () C:\Windows\system32\CompatTel
2014-12-18 13:29 - 2013-03-02 13:49 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\Adobe
2014-12-18 13:28 - 2014-06-01 12:07 - 00000000 ____D () C:\Program Files\LG Electronics
2014-12-18 11:55 - 2014-05-26 18:17 - 00000000 ____D () C:\Users\MohenDaro\AppData\Local\Google
2014-12-18 09:36 - 2014-11-12 17:58 - 00000000 ____D () C:\Windows\Minidump
2014-12-18 09:36 - 2013-03-02 13:58 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\DAEMON Tools Lite
2014-12-16 14:23 - 2014-07-20 14:20 - 00000000 ____D () C:\Users\MohenDaro\Downloads\New folder
2014-12-14 23:54 - 2014-06-04 13:26 - 00000000 ____D () C:\Users\MohenDaro\Documents\LG PC Suite
2014-12-09 14:15 - 2009-07-13 21:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-09 13:54 - 2014-06-06 13:25 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-09 12:44 - 2014-08-04 20:14 - 00000000 ____D () C:\Users\MohenDaro\Downloads\Utorrent down

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 08:50

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Thanks for the logs and the update, continue please:

Please download *DeFogger* to your *desktop*.
Double click *DeFogger* to run the tool.

 The application window will appear
 Click the *Disable* button to disable your CD Emulation drivers
 Click *Yes* to continue
 A *'Finished!'* message will appear
 Click *OK*
 DeFogger will now ask to reboot the machine - click *OK*
*IMPORTANT!* If you receive an error message while running DeFogger, please post the log *defogger_disable* which will appear on your desktop.
*Do not* re-enable these drivers until otherwise instructed.

Next,

Download attached *fixlist.txt* file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please *Check for Updates* by clicking the *Update Now*... link
When the update completes select > *Settings* > *Detection* and *Protection* > Enable *Scan for rootkit* and Under *Non Malware Protection* set both *PUP* and *PUM* to *Treat detections as malware*.

Click on the *SCAN* button and run a *Threat Scan* with *Malwarebytes Anti-Malware* by clicking the *Scan Now>> button*.

When the scan is complete, if there have been detections, click *Apply Actions* to allow MBAM to clean what was detected.

In most cases, a restart will be required.

*Wait for the prompt to restart the computer to appear*, then click on Yes.

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export" 
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

Next,

Download *AdwCleaner* by Xplode onto your Desktop.

 Double click on Adwcleaner.exe to run the tool.
 Click on Scan
 Once the scan is done, click on the Clean button.
 You will get a prompt asking to close all programs. Click OK.
 Click OK again to reboot your computer.
 A text file will open after the restart. Please post the content of that logfile in your reply.
 You can also find the logfile at C:\AdwCleaner[Sn].txt. Where *n* in the scan reference number

Next,








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Microsoft's " Malicious Software Removal Tool" and save *direct* to the *desktop*
Ensure to get the correct version for your system.... 
32 Bit version:
https://www.microsoft.com/downloads...E0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
64 Bit version:
https://www.microsoft.com/downloads...DE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Right click on the Tool, select Run as Administrator the tool will expand to the options Window
In the "Scan Type" window, select *Quick* Scan
Perform a scan and Click Finish when the scan is done.
Retrieve the MSRT log as follows, and post it in your next reply:

1) Select the Windows key and R key together to open the "Run" function
2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

*notepad c:\windows\debug\mrt.log*

Next,

Please download *RogueKiller* and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/


Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select *Run as Administrator* to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click *Scan* to scan the system.
When the scan completes select "Report", log will open. Close the program > *Don't Fix anything!*
Post back the report which should also be located here:

C:\Programdata\RogueKiller\Logs <-------- W7/8
C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <------XP

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

Happy New Year,

Kevin....


----------



## Walloped (Dec 30, 2014)

hi 
In past recent days a win32:BrowseFox-EU [PUP} was found
Comodo cleaning Essentials found Rootkit.Hiddenfile in
C:\windows\SoftwareDistribution\Download\....(big long number)...6.1.1.0.mum 
I was able to delete this one

C:\windows\System32\Catroot\....(big long number)~~~~6.1.1.1.can
I was NOT able to delete this one, and the program coulnt find it with rescans

So here are the Logs

FIXLOG
=============

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-01-2015
Ran by MohenDaro at 2015-01-02 10:03:18 Run:2
Running from C:\Users\MohenDaro\Desktop\New folder (3)
Loaded Profiles: MohenDaro & UpdatusUser (Available profiles: MohenDaro & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\MountPoints2: {3db38d09-8366-11e2-a741-3085a99733ab} - K:\installer.exe
S3 MSICDSetup; \??\F:\CDriver.sys [X]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S0 vhjrap; No ImagePath
S0 ysyfer; No ImagePath
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Life Purpose Boot Camp with Dr. Eric Maisel - en_theos Sympo.mp4:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule December 1, 2014 - January 4, 2015.docx:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule December 1, 2014 - January 4, 2015.docx:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule January 5th - February 1st, 2015.docx:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule January 5th - February 1st, 2015.docx:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar:$CmdZnID
EmptyTemp:
end

*****************

"HKU\S-1-5-21-3562293704-32423027-4047423185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3db38d09-8366-11e2-a741-3085a99733ab}" => Key deleted successfully.
HKCR\CLSID\{3db38d09-8366-11e2-a741-3085a99733ab} => Key not found. 
MSICDSetup => Service deleted successfully.
rootrepeal => Service deleted successfully.
VGPU => Service deleted successfully.
vhjrap => Service deleted successfully.
ysyfer => Service deleted successfully.
"C:\Windows\system32\Drivers\tmcomm.sys" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Life Purpose Boot Camp with Dr. Eric Maisel - en_theos Sympo.mp4 => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Relief Schedule December 1, 2014 - January 4, 2015.docx" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Relief Schedule December 1, 2014 - January 4, 2015.docx => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Relief Schedule January 5th - February 1st, 2015.docx" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Relief Schedule January 5th - February 1st, 2015.docx => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar => ":$CmdZnID" ADS removed successfully.
EmptyTemp: => Removed 439.3 MB temporary data.

The system needed a reboot.

==== End of Fixlog 10:03:37 ====

AdwCleaner

# AdwCleaner v4.105 - Report created 17/12/2014 at 19:12:44
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : MohenDaro - MOHENDARO-1
# Running from : C:\Users\MohenDaro\Downloads\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : KMService

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files\EnterDigital
Folder Deleted : C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\zrl66eus.default\Extensions\[email protected]
Folder Deleted : C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[x] Not Deleted : C:\Windows\system32\srvany.exe

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v34.0 (x86 en-US)

-\\ Comodo Dragon v

[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&q={searchTerms}
[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.vidohe.com/video-search-results.php?q={searchTerms}&cx=005536796155304041479%3Ahbixpuuu7l8&cof=FORID%3A11&from=os-family
[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [1927 octets] - [17/12/2014 18:50:54]
AdwCleaner[S0].txt - [1871 octets] - [17/12/2014 19:12:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1931 octets] ##########
# AdwCleaner v4.105 - Report created 17/12/2014 at 23:48:35
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : MohenDaro - MOHENDARO-1
# Running from : C:\Users\MohenDaro\Downloads\adwcleaner_4.105.exe
# Option : Clean

***** [ Services ] *****

[x] Not Deleted : KMService

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
[x] Not Deleted : C:\Users\Public\Desktop\GeekBuddy.lnk
[x] Not Deleted : C:\Windows\system32\srvany.exe
[x] Not Deleted : C:\Users\Public\Desktop\GeekBuddy.lnk

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v34.0 (x86 en-US)

-\\ Comodo Dragon v36.1.1.21

[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\MohenDaro\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [3594 octets] - [17/12/2014 18:50:54]
AdwCleaner[S0].txt - [3564 octets] - [17/12/2014 19:12:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3624 octets] ##########
# AdwCleaner v4.106 - Report created 02/01/2015 at 11:25:48
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : MohenDaro - MOHENDARO-1
# Running from : C:\Users\MohenDaro\Desktop\clean jan 2\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

-\\ Google Chrome v39.0.2171.95

[C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\MohenDaro\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6166 octets] - [17/12/2014 18:50:54]
AdwCleaner[R1].txt - [1405 octets] - [29/12/2014 15:04:35]
AdwCleaner[S0].txt - [4796 octets] - [17/12/2014 19:12:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4856 octets] ##########

Malicious Software Removal Tool
========================

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Jan 02 12:20:49 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 02 12:24:50 2015

Return code: 0 (0x0)

RogueKiller
========================

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : MohenDaro [Administrator]
Mode : Scan -- Date : 01/02/2015 12:37:39

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-3562293704-32423027-4047423185-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://us.yahoo.com?fr=fp-comodo -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD1002FAEX-00Z3A0 ATA Device +++++
--- User ---
[MBR] 803fe7a2be15777053bc446901ef38cc
[BSP] 73702872a301e0b2a67852b1ba609983 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 317822 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 651106304 | Size: 317972 MB
3 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1302312960 | Size: 317973 MB
User = LL1 ... OK
User = LL2 ... OK


----------



## kevinf80 (Mar 21, 2006)

Logs are clean, what is the current status of your system, are there any remaining issues or concerns?


----------



## Walloped (Dec 30, 2014)

Thanks for the help

All restore point before the incident are blocked before Dec 30, when I was able to get control of the and install Comodo firewall and get avast working properly. 
the only earlier point are form when I did a back up to a earlier time which was done in march and october

my current comp configuration is from May or March dont remember which restore point I picked when I last did a back up.

the only recent points are from when the rootkit was loosened and I was able to do critical updates from window. and when i was able to install comodo firewall again.

When I go to the System Security in the Control Centre it dosnt show comodo firewall and Avast as wirewall and antivirus as protection like how it used to, even though Both programs are up and running, all it shows is Windows firewall. 

I haven't installed all the windows update improvements to windows 7 so I dont know if this is why. I did all the security updates but not windows components, as I was only going to to that when the computer is a running well as it would be a waste of time if there is still a problem.

I'm still finding that every now and again I have to keep click some thing several times for it execute.. Form hard drive sounds it sounds a bit better, but I have a very noisy power supply which I now wished I had bough one of the expensive brand names


----------



## kevinf80 (Mar 21, 2006)

Do you believe your system is still infected? run the following:

Read the following link before we continue and run Combofix:

*ComboFix usage, Questions, Help? - Look here*

Next,

Download Combofix from either of the following links :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.infospyware.net/antimalware/combofix/


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## Walloped (Dec 30, 2014)

Actually I made a mistake on the stuff I reported, the security programs and firewall are showing up in the security centre in windows i was blind and didnt see the click down arrow to show the rest of the info

and the old restore points arent showing because I went back to a point where there is are only a few restore points.....so all the old restore points for the last 8 months earased as i went nack to a spring May restore point.

.....Does this logic of the restore points make sense? this is how the restore points would work right?

If the logs are clear as you say. I wont use the combo fix and will leave it as is. If anything happens I will repost.

i'll finsh downloading the rest of the windows update and then a good utilities clean out. I think that flushed out some of the flies, when I tried malware scans on my own

thanks for all your help


----------



## kevinf80 (Mar 21, 2006)

Run the following to clean up:

Download *"Delfix by Xplode"* and save it to your desktop.

Or use the following if first link is down:

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Activate UAC
 Remove disinfection tools
 Create registry backup
 Purge System Restore *<<<---- This will clear all old restore points and creat a fresh clean restore point*
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:

C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Any remnant files/logs from tools we have used can be deleted

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

If no remaining issues or concerns hit the "Mark Solved" tab at the top of the thread...

Thanks,

Kevin......


----------



## Walloped (Dec 30, 2014)

Hi I received two blue screens in the last 2 days. think it have been after I downloaded the windows updates

The computer was shut down and rebooting due to some kernel problem

the last one I was able to get this. It said something about the kernel.....
and the report said when the computer rebooted said

---------------------------------------------------------------------------------------
Windows has recoverd from an unexpected shut down

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: 7a
BCP1: C0462ED0
BCP2: C0000185
BCP3: BEC86860
BCP4: 8C5DA9E8
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\010715-24226-01.dmp
C:\Users\MohenDaro\AppData\Local\Temp\WER-38516-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt
---------------------------------------------------------------------------------------


----------



## kevinf80 (Mar 21, 2006)

Please download this program *Blue Screen Viewer* and unzip "Bluescreen View.exe" to your desktop.
Double click on Bluescreen Viewer to run it, Or right click, select "Run as Administrator" accept UAC if applicable. If there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

Next,

Please download VEW by Vino Rosso from HERE and save it to your Desktop.

Double-click VEW.exe. to start, Vista and Windows 7/8 users Right Click and select "Run as Administrator"
Under 'Select log to query...check the boxes for both Application and System.
Under 'Select type to list... select both Error and Critical.
Click the radio button for 'Number of events...Type 10 in the 1 to 20 box.
Then click the Run button.
Notepad will open with the output log. It will take a couple of minutes to generate the log, please be patient.

Please post the Output log in your next reply.

Let me see those logs....

Kevin..


----------



## Walloped (Dec 30, 2014)

BlueScreenView
==================================================
Dump File : 010715-24226-01.dmp
Crash Time : 1/7/2015 2:34:12 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0462ed0
Parameter 2 : 0xc0000185
Parameter 3 : 0xbec86860
Parameter 4 : 0x8c5da9e8
Caused By Driver : ataport.SYS
Caused By Address : ataport.SYS+139e8
File Description : ATAPI Driver Extension
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+debfc
Stack Address 1 : ntkrnlpa.exe+a3187
Stack Address 2 : ntkrnlpa.exe+a6a69
Stack Address 3 : ntkrnlpa.exe+90180
Computer Name : 
Full Path : C:\Windows\Minidump\010715-24226-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 169,608
Dump File Time : 1/7/2015 2:36:26 PM
==================================================


Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 09/01/2015 10:20:23 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/01/2015 6:19:00 PM
Type: Error Category: 0
Event: 8194 Source: VSS
Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. 

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d50f3fe0-a739-4f54-8509-b40e59ce5cec}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/01/2015 7:36:15 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/01/2015 2:15:45 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/01/2015 7:36:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:50 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:49 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

Log: 'System' Date/Time: 07/01/2015 7:36:49 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Log: 'System' Date/Time: 07/01/2015 7:36:47 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

Log: 'System' Date/Time: 07/01/2015 7:36:47 PM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.


----------



## kevinf80 (Mar 21, 2006)

*Please read carefully and follow these steps.*

Download TDSSKiller from here http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

Doubleclick on







to run the application.

The "Ready to scan" window will open, Click on* "Change parameters"*










Place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, (Leave "Service & Drivers" and "Boot Sectors" ticked. Click OK.










Select "Start Scan"










If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.

Kevin...


----------



## Walloped (Dec 30, 2014)

TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20

16:49:17.0052 0x1980 TDSS rootkit removing tool 3.0.0.42 Dec 12 2014 00:35:20
16:49:27.0752 0x1980 ============================================================
16:49:27.0752 0x1980 Current date / time: 2015/01/09 16:49:27.0752
16:49:27.0752 0x1980 SystemInfo:
16:49:27.0752 0x1980 
16:49:27.0752 0x1980 OS Version: 6.1.7601 ServicePack: 1.0
16:49:27.0752 0x1980 Product type: Workstation
16:49:27.0752 0x1980 ComputerName: MOHENDARO-1
16:49:27.0752 0x1980 UserName: MohenDaro
16:49:27.0752 0x1980 Windows directory: C:\Windows
16:49:27.0752 0x1980 System windows directory: C:\Windows
16:49:27.0752 0x1980 Processor architecture: Intel x86
16:49:27.0752 0x1980 Number of processors: 8
16:49:27.0752 0x1980 Page size: 0x1000
16:49:27.0752 0x1980 Boot type: Normal boot
16:49:27.0752 0x1980 ============================================================
16:49:29.0162 0x1980 KLMD registered as C:\Windows\system32\drivers\40093415.sys
16:49:29.0452 0x1980 System UUID: {1AFEEF2D-DC30-B77F-9047-CC0B5763EDD5}
16:49:29.0872 0x1980 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:49:29.0872 0x1980 ============================================================
16:49:29.0872 0x1980 \Device\Harddisk0\DR0:
16:49:29.0872 0x1980 MBR partitions:
16:49:29.0872 0x1980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:49:29.0872 0x1980 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x26CBF000
16:49:29.0872 0x1980 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x26CF1800, BlocksNum 0x26D0A000
16:49:29.0872 0x1980 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x4D9FB800, BlocksNum 0x26D0A800
16:49:29.0872 0x1980 ============================================================
16:49:29.0892 0x1980 C: <-> \Device\Harddisk0\DR0\Partition2
16:49:29.0912 0x1980 D: <-> \Device\Harddisk0\DR0\Partition3
16:49:29.0942 0x1980 E: <-> \Device\Harddisk0\DR0\Partition4
16:49:29.0942 0x1980 ============================================================
16:49:29.0942 0x1980 Initialize success
16:49:29.0942 0x1980 ============================================================
16:51:45.0463 0x16d4 ============================================================
16:51:45.0463 0x16d4 Scan started
16:51:45.0463 0x16d4 Mode: Manual; SigCheck; TDLFS; 
16:51:45.0463 0x16d4 ============================================================
16:51:45.0463 0x16d4 KSN ping started
16:51:48.0123 0x16d4 KSN ping finished: true
16:51:48.0783 0x16d4 ================ Scan system memory ========================
16:51:48.0783 0x16d4 System memory - ok
16:51:48.0783 0x16d4 ================ Scan services =============================
16:51:48.0863 0x16d4 [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE C:\Program Files\SuperAnti2\SASCORE.EXE
16:51:48.0923 0x16d4 !SASCORE - ok
16:51:49.0073 0x16d4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:51:49.0143 0x16d4 1394ohci - ok
16:51:49.0163 0x16d4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:51:49.0193 0x16d4 ACPI - ok
16:51:49.0223 0x16d4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:51:49.0253 0x16d4 AcpiPmi - ok
16:51:49.0283 0x16d4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:51:49.0303 0x16d4 adp94xx - ok
16:51:49.0323 0x16d4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:51:49.0353 0x16d4 adpahci - ok
16:51:49.0373 0x16d4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:51:49.0383 0x16d4 adpu320 - ok
16:51:49.0413 0x16d4 [ 8B5EEFEEC1E6D1A72A06C526628AD161, 026CDF4C96F4D493E7BABF79A14C4B0B5ADCCEF0B081FFFA2E3B243B2414167F ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:51:49.0473 0x16d4 AeLookupSvc - ok
16:51:49.0513 0x16d4 [ D0B388DA1D111A34366E04EB4A5DD156, 60D226F027F4025CC032CAFF73A80FAFB5FA75445654FDCF80CA8C0419C6E938 ] AFD C:\Windows\system32\drivers\afd.sys
16:51:49.0563 0x16d4 AFD - ok
16:51:49.0563 0x16d4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:51:49.0573 0x16d4 agp440 - ok
16:51:49.0613 0x16d4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:51:49.0633 0x16d4 aic78xx - ok
16:51:49.0653 0x16d4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
16:51:49.0693 0x16d4 ALG - ok
16:51:49.0723 0x16d4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
16:51:49.0733 0x16d4 aliide - ok
16:51:49.0743 0x16d4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:51:49.0753 0x16d4 amdagp - ok
16:51:49.0783 0x16d4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
16:51:49.0793 0x16d4 amdide - ok
16:51:49.0803 0x16d4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:51:49.0853 0x16d4 AmdK8 - ok
16:51:49.0863 0x16d4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:51:49.0893 0x16d4 AmdPPM - ok
16:51:49.0913 0x16d4 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:51:49.0923 0x16d4 amdsata - ok
16:51:49.0943 0x16d4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:51:49.0953 0x16d4 amdsbs - ok
16:51:49.0973 0x16d4 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:51:49.0983 0x16d4 amdxata - ok
16:51:50.0013 0x16d4 [ AEA177F783E20150ACE5383EE368DA19, 8FA9EE27AA1F22E8B8FE33A21028CA1E0062BAA95CB132C20D55B98C03B4254F ] AppID C:\Windows\system32\drivers\appid.sys
16:51:50.0033 0x16d4 AppID - ok
16:51:50.0053 0x16d4 [ 62A9C86CB6085E20DB4823E4E97826F5, E0F840B49710022C4FB437002AD06F64B0F6B5D628B32D00F2B66765E6B97E4B ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:51:50.0083 0x16d4 AppIDSvc - ok
16:51:50.0113 0x16d4 [ EACFDF31921F51C097629F1F3C9129B4, 24138755D823E69760579ECBD672421192457CDC9941B2BC499C2D34D83E86C3 ] Appinfo C:\Windows\System32\appinfo.dll
16:51:50.0163 0x16d4 Appinfo - ok
16:51:50.0183 0x16d4 [ A45D184DF6A8803DA13A0B329517A64A, C1D16B60A6D69689AE951DC3D6884ED2E233D144B3FC0B86BC1C50AAAAA01ED2 ] AppMgmt C:\Windows\System32\appmgmts.dll
16:51:50.0223 0x16d4 AppMgmt - ok
16:51:50.0233 0x16d4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\drivers\arc.sys
16:51:50.0273 0x16d4 arc - ok
16:51:50.0283 0x16d4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:51:50.0303 0x16d4 arcsas - ok
16:51:50.0323 0x16d4 [ C62AC9B0BBC8AB0073655ED9F17CB94C, 00560BF9D732036E080530AFC9523944CD012D257CE43B739CE4A0DF738735CC ] asahci32 C:\Windows\system32\DRIVERS\asahci32.sys
16:51:50.0343 0x16d4 asahci32 - ok
16:51:50.0373 0x16d4 [ 9A42FEDA64405201021BE119A55B3D99, A74099F3BC0DC391137B4783FB4C62C4BD0CC00CEBBE10B51696BA26BE80876C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:51:50.0433 0x16d4 asmthub3 - ok
16:51:50.0453 0x16d4 [ F4043F82837E6173EAB69CFA2ECB48AE, D7844B2CDF6FB89D6036A2B135259F79D9F13981E13C3E94AD063E053B02704E ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:51:50.0503 0x16d4 asmtxhci - ok
16:51:50.0763 0x16d4 [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
16:51:50.0833 0x16d4 aspnet_state - ok
16:51:50.0843 0x16d4 [ 9D23DE88C3B18BA87CD4587177CA6CEA, 46DBB867FC73E30320852F744F38B66906DD5B96C4EBB03F504CF33E867A8470 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
16:51:50.0883 0x16d4 aswHwid - ok
16:51:50.0913 0x16d4 [ 73A9014A9C4B19AA093DA05ED4246E27, F03C8433EB00229490BCD293CC97EF72452E156212D56C24BBA95C8E1B207D1A ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
16:51:50.0923 0x16d4 aswMonFlt - ok
16:51:50.0943 0x16d4 [ DE8D7912469E4BC5FAED78D9D1076888, 8545139B7A7D0B672A0225686BFB03EBEA6E7202D93B772CB2F74CA9E4D7F81D ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
16:51:50.0953 0x16d4 aswRdr - ok
16:51:50.0963 0x16d4 [ 6544697080421E62E97AAFBD0A8AA391, BB3F492BF828A147B82FDD1FC9EB9867D96DE0481554A59745D41C6BAB551700 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
16:51:50.0973 0x16d4 aswRvrt - ok
16:51:51.0013 0x16d4 [ E73CBE3420ECFA8FF7D0467E170E335D, B994342C92AE9167908B8CA3D03DC278E919C7073512461AFFD4C25E8D2D8D66 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
16:51:51.0053 0x16d4 aswSnx - ok
16:51:51.0093 0x16d4 [ 1624D5AD126B8AFE2B2E85E5B8364EB6, AB97A74C1CA9921F7753D98516D7E11750D5D3ACD143C83273B0B295625440A0 ] aswSP C:\Windows\system32\drivers\aswSP.sys
16:51:51.0113 0x16d4 aswSP - ok
16:51:51.0123 0x16d4 [ 401E663D9CBAFB580FF37A1A44AC84D9, EFF1DA23A1F316B0FA03467F6C04B83EA39D8484A1A7EDF5FCFF20F1CF8DC2E2 ] aswStm C:\Windows\system32\drivers\aswStm.sys
16:51:51.0143 0x16d4 aswStm - ok
16:51:51.0153 0x16d4 [ 0EFBC2962B156E8AC267F96D4D93EF06, 8A69672CE8B68A0A683D583287473BFAB7CF8B9771C22E398607CF2A151C7124 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
16:51:51.0173 0x16d4 aswVmm - ok
16:51:51.0183 0x16d4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:51:51.0223 0x16d4 AsyncMac - ok
16:51:51.0243 0x16d4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
16:51:51.0263 0x16d4 atapi - ok
16:51:51.0303 0x16d4 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:51:51.0403 0x16d4 AudioEndpointBuilder - ok
16:51:51.0413 0x16d4 [ F4157B3CECF19B1C266C83AFF051C97A, 26728B59B6003EB36BC322D189254574E94790CE23637228A669FAD6ED76ECE3 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:51:51.0443 0x16d4 Audiosrv - ok
16:51:51.0533 0x16d4 [ E3F7EC811923F3F1A77B185F22638E5E, 324041256314C1471B5F123FA8DECC8F374A6B497A6419D4CAF61E68E1733265 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:51:51.0543 0x16d4 avast! Antivirus - ok
16:51:51.0563 0x16d4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:51:51.0603 0x16d4 AxInstSV - ok
16:51:51.0633 0x16d4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
16:51:51.0693 0x16d4 b06bdrv - ok
16:51:51.0713 0x16d4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:51:51.0753 0x16d4 b57nd60x - ok
16:51:51.0793 0x16d4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
16:51:51.0823 0x16d4 BDESVC - ok
16:51:51.0843 0x16d4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
16:51:51.0883 0x16d4 Beep - ok
16:51:51.0913 0x16d4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
16:51:51.0963 0x16d4 BFE - ok
16:51:51.0993 0x16d4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
16:51:52.0043 0x16d4 BITS - ok
16:51:52.0053 0x16d4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:51:52.0083 0x16d4 blbdrive - ok
16:51:52.0103 0x16d4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:51:52.0123 0x16d4 bowser - ok
16:51:52.0133 0x16d4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:51:52.0153 0x16d4 BrFiltLo - ok
16:51:52.0163 0x16d4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:51:52.0183 0x16d4 BrFiltUp - ok
16:51:52.0203 0x16d4 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
16:51:52.0253 0x16d4 Browser - ok
16:51:52.0273 0x16d4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:51:52.0293 0x16d4 Brserid - ok
16:51:52.0313 0x16d4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:51:52.0363 0x16d4 BrSerWdm - ok
16:51:52.0363 0x16d4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:51:52.0383 0x16d4 BrUsbMdm - ok
16:51:52.0393 0x16d4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:51:52.0413 0x16d4 BrUsbSer - ok
16:51:52.0423 0x16d4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:51:52.0453 0x16d4 BTHMODEM - ok
16:51:52.0493 0x16d4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
16:51:52.0533 0x16d4 bthserv - ok
16:51:52.0543 0x16d4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:51:52.0573 0x16d4 cdfs - ok
16:51:52.0583 0x16d4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:51:52.0603 0x16d4 cdrom - ok
16:51:52.0613 0x16d4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
16:51:52.0653 0x16d4 CertPropSvc - ok
16:51:52.0663 0x16d4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\drivers\circlass.sys
16:51:52.0673 0x16d4 circlass - ok
16:51:52.0693 0x16d4 [ 635181E0E9BBF16871BF5380D71DB02D, 58D5150C6F3B9F1730FFDF3A8A2ABF5FF207F9785BD66C0C1E03A0F1C223A26A ] CLFS C:\Windows\system32\CLFS.sys
16:51:52.0723 0x16d4 CLFS - ok
16:51:52.0763 0x16d4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:51:52.0823 0x16d4 clr_optimization_v2.0.50727_32 - ok
16:51:52.0843 0x16d4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:51:52.0903 0x16d4 clr_optimization_v4.0.30319_32 - ok
16:51:52.0903 0x16d4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:51:52.0933 0x16d4 CmBatt - ok
16:51:53.0153 0x16d4 [ 4F29CBCC2CF13C31C20276887520EFC6, 4C8DE285C1AE9B4C40880DA2C29F1FCD597E23829DA3818A0BB46566ACBE7F8A ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
16:51:53.0333 0x16d4 CmdAgent - ok
16:51:53.0343 0x16d4 [ 01373E3D2CCD60E73E40282FC97505B5, 0C9742225F93E4A200C479909B4B6928F6A2FA60C2C95F2E5F1FC59D26F0CF1D ] cmderd C:\Windows\system32\DRIVERS\cmderd.sys
16:51:53.0363 0x16d4 cmderd - ok
16:51:53.0383 0x16d4 [ 4E365F817000565B3063B32585F3D200, 30FA9C45B95530211A4C3588EF6842027740CA3E268E1CEA20AF46961AF23DEF ] cmdGuard C:\Windows\system32\DRIVERS\cmdguard.sys
16:51:53.0413 0x16d4 cmdGuard - ok
16:51:53.0423 0x16d4 [ 190CB04514DCA2D1467EB1540485DEED, B5900A9B27D2524B615C1A952B37D15CD67C2594860918224A8600A8F6246FFC ] cmdHlp C:\Windows\system32\DRIVERS\cmdhlp.sys
16:51:53.0443 0x16d4 cmdHlp - ok
16:51:53.0463 0x16d4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:51:53.0483 0x16d4 cmdide - ok
16:51:53.0523 0x16d4 [ 486DE1D1E08F2D096DEFEAFD8EE240B4, BFA1D21CBD78C6564144F97B085F4D9EB68EBB20DFEB8E3CAA0DD9C304CF88B1 ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
16:51:53.0613 0x16d4 cmdvirth - ok
16:51:53.0633 0x16d4 [ 85449EEBE8F8EBD6481EFBF0F352B4EB, E6FF04970C5A5BFDE7297A86C1C7B9BFE2E0F976A1A1AFB874CEB488DC6151CC ] CNG C:\Windows\system32\Drivers\cng.sys
16:51:53.0653 0x16d4 CNG - ok
16:51:53.0673 0x16d4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:51:53.0683 0x16d4 Compbatt - ok
16:51:53.0703 0x16d4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:51:53.0723 0x16d4 CompositeBus - ok
16:51:53.0733 0x16d4 COMSysApp - ok
16:51:53.0743 0x16d4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:51:53.0763 0x16d4 crcdisk - ok
16:51:53.0793 0x16d4 [ 7CA1BECEA5DE2643ADDAD32670E7A4C9, E3AB4CC52A97E3855D7EAB87363F807FDD2162ED8C76A036CD71549ED64E7797 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:51:53.0863 0x16d4 CryptSvc - ok
16:51:53.0903 0x16d4 [ 3C2177A897B4CA2788C6FB0C3FD81D4B, 98575CBD0664586E6211D02E71BDD52CBAA149A1658573550E29E74E5F7B1553 ] CSC C:\Windows\system32\drivers\csc.sys
16:51:53.0933 0x16d4 CSC - ok
16:51:53.0963 0x16d4 [ 15F93B37F6801943360D9EB42485D5D3, DD6838C6496CB15F8BB57A6596F6A64ADD9C36B09F062295699131232712B558 ] CscService C:\Windows\System32\cscsvc.dll
16:51:54.0013 0x16d4 CscService - ok
16:51:54.0043 0x16d4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] DcomLaunch C:\Windows\system32\rpcss.dll
16:51:54.0083 0x16d4 DcomLaunch - ok
16:51:54.0103 0x16d4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
16:51:54.0133 0x16d4 defragsvc - ok
16:51:54.0153 0x16d4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:51:54.0193 0x16d4 DfsC - ok
16:51:54.0243 0x16d4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:51:54.0293 0x16d4 Dhcp - ok
16:51:54.0333 0x16d4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
16:51:54.0383 0x16d4 discache - ok
16:51:54.0423 0x16d4 [ 565003F326F99802E68CA78F2A68E9FF, ABC42B24DBA4FFC411120E09278EF26AF56CCAB463B69B4BD6C530B4A07063D2 ] Disk C:\Windows\system32\drivers\disk.sys
16:51:54.0453 0x16d4 Disk - ok
16:51:54.0473 0x16d4 [ 2A958EF85DB1B61FFCA65044FA4BCE9E, C83511685EE1CE85A5ADF9B5BE96C375A521601F66024BDC3EE044C0B6E85D69 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:51:54.0503 0x16d4 dmvsc - ok
16:51:54.0533 0x16d4 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:51:54.0553 0x16d4 Dnscache - ok
16:51:54.0583 0x16d4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
16:51:54.0633 0x16d4 dot3svc - ok
16:51:54.0673 0x16d4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
16:51:54.0733 0x16d4 DPS - ok
16:51:54.0773 0x16d4 [ B918E7C5F9BF77202F89E1A9539F2EB4, C589A37DE50BBEF22E2DAA9682EA43147F614AA1AF7DAAA942BA5FC192313A0B ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:51:54.0793 0x16d4 drmkaud - ok
16:51:54.0833 0x16d4 [ B02A13104F975746F7FF809BD020EC43, FEB9ACD8E603EF1A0FAEFBD7119CA7F8AB75430F66F348D77A2C585130C26FAD ] DTSAudioSvc C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe
16:51:54.0863 0x16d4 DTSAudioSvc - ok
16:51:54.0893 0x16d4 [ 687AF6BB383885FF6A64071B189A7F3E, 1C751B8DD27F63E88D0223A8434CED7589AC00EC6275938C59D1B954F0354F78 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:51:54.0913 0x16d4 dtsoftbus01 - ok
16:51:54.0983 0x16d4 [ 3583A5A8CC2E682BFFBD4630D0FEC08B, FD0F184B358FCECAA763444B414074BEF4E871EB7527D88385519FC158435C72 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:51:55.0013 0x16d4 DXGKrnl - ok
16:51:55.0043 0x16d4 [ 27DE93085F73B385AC26E6C63441B5DC, B0F5A27E888C21E25BABC5AA2001028B4BE1471807F48B692D5EE4CD331E5F29 ] e1cexpress C:\Windows\system32\DRIVERS\e1c6232.sys
16:51:55.0063 0x16d4 e1cexpress - ok
16:51:55.0083 0x16d4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
16:51:55.0123 0x16d4 EapHost - ok
16:51:55.0193 0x16d4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
16:51:55.0353 0x16d4 ebdrv - ok
16:51:55.0393 0x16d4 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] EFS C:\Windows\System32\lsass.exe
16:51:55.0433 0x16d4 EFS - ok
16:51:55.0513 0x16d4 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:51:55.0553 0x16d4 ehRecvr - ok
16:51:55.0563 0x16d4 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
16:51:55.0593 0x16d4 ehSched - ok
16:51:55.0623 0x16d4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:51:55.0653 0x16d4 elxstor - ok
16:51:55.0683 0x16d4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:51:55.0693 0x16d4 ErrDev - ok
16:51:55.0723 0x16d4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
16:51:55.0783 0x16d4 EventSystem - ok
16:51:55.0813 0x16d4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
16:51:55.0843 0x16d4 exfat - ok
16:51:55.0863 0x16d4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:51:55.0893 0x16d4 fastfat - ok
16:51:55.0933 0x16d4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
16:51:55.0963 0x16d4 Fax - ok
16:51:55.0973 0x16d4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\drivers\fdc.sys
16:51:55.0993 0x16d4 fdc - ok
16:51:55.0993 0x16d4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
16:51:56.0063 0x16d4 fdPHost - ok
16:51:56.0083 0x16d4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
16:51:56.0103 0x16d4 FDResPub - ok
16:51:56.0123 0x16d4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:51:56.0143 0x16d4 FileInfo - ok
16:51:56.0163 0x16d4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:51:56.0183 0x16d4 Filetrace - ok
16:51:56.0203 0x16d4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:51:56.0233 0x16d4 flpydisk - ok
16:51:56.0243 0x16d4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:51:56.0263 0x16d4 FltMgr - ok
16:51:56.0313 0x16d4 [ E12C4928B32ACE04610259647F072635, B71B9C2DF45F33C4DAC88435129B08B0BCDBBE82E8C3AD0A95F00137CC8B619F ] FontCache C:\Windows\system32\FntCache.dll
16:51:56.0363 0x16d4 FontCache - ok
16:51:56.0423 0x16d4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:51:56.0433 0x16d4 FontCache3.0.0.0 - ok
16:51:56.0453 0x16d4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:51:56.0463 0x16d4 FsDepends - ok
16:51:56.0473 0x16d4 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:51:56.0483 0x16d4 Fs_Rec - ok
16:51:56.0513 0x16d4 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:51:56.0543 0x16d4 fvevol - ok
16:51:56.0553 0x16d4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:51:56.0563 0x16d4 gagp30kx - ok
16:51:56.0613 0x16d4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
16:51:56.0673 0x16d4 gpsvc - ok
16:51:56.0703 0x16d4 [ E9CDEB631E63E83A7540CF6E81B5486B, 7CB2129168E27DE46B166B1C26975722E63D8AF772933664FCA5A8A335004117 ] GUBootStartup C:\Windows\System32\drivers\GUBootStartup.sys
16:51:56.0723 0x16d4 GUBootStartup - ok
16:51:56.0763 0x16d4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:56.0793 0x16d4 gupdate - ok
16:51:56.0793 0x16d4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:51:56.0813 0x16d4 gupdatem - ok
16:51:56.0823 0x16d4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:51:56.0853 0x16d4 hcw85cir - ok
16:51:56.0883 0x16d4 [ A5EF29D5315111C80A5C1ABAD14C8972, A181DA72E946F121C3F4A19438C547B0BFD15138AB1DB5465945EC89DF1F6B0A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:51:56.0923 0x16d4 HdAudAddService - ok
16:51:56.0923 0x16d4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:51:56.0943 0x16d4 HDAudBus - ok
16:51:56.0963 0x16d4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:51:56.0973 0x16d4 HidBatt - ok
16:51:56.0983 0x16d4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:51:57.0023 0x16d4 HidBth - ok
16:51:57.0023 0x16d4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\drivers\hidir.sys
16:51:57.0043 0x16d4 HidIr - ok
16:51:57.0043 0x16d4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
16:51:57.0073 0x16d4 hidserv - ok
16:51:57.0113 0x16d4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:51:57.0123 0x16d4 HidUsb - ok
16:51:57.0143 0x16d4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
16:51:57.0173 0x16d4 hkmsvc - ok
16:51:57.0183 0x16d4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:51:57.0213 0x16d4 HomeGroupListener - ok
16:51:57.0233 0x16d4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:51:57.0283 0x16d4 HomeGroupProvider - ok
16:51:57.0283 0x16d4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:51:57.0303 0x16d4 HpSAMD - ok
16:51:57.0343 0x16d4 [ 871917B07A141BFF43D76D8844D48106, 30C702008D0EE57D63F74864967DD19A55A268E77E42B5B3CC73037AD51D2987 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:51:57.0383 0x16d4 HTTP - ok
16:51:57.0393 0x16d4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:51:57.0403 0x16d4 hwpolicy - ok
16:51:57.0423 0x16d4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:51:57.0443 0x16d4 i8042prt - ok
16:51:57.0463 0x16d4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:51:57.0483 0x16d4 iaStorV - ok
16:51:57.0523 0x16d4 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:51:57.0603 0x16d4 idsvc - ok
16:51:57.0613 0x16d4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:51:57.0633 0x16d4 iirsp - ok
16:51:57.0683 0x16d4 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
16:51:57.0733 0x16d4 IKEEXT - ok
16:51:57.0773 0x16d4 [ 9A16225EA2653002BCA484FB852C2715, 69856AD3DCEE8DDBAA008BB96F1B6C2D74CF0A638275FD04A53195157D318C5E ] inspect C:\Windows\system32\DRIVERS\inspect.sys
16:51:57.0783 0x16d4 inspect - ok
16:51:57.0903 0x16d4 [ B75FB1543EA119AD06D83D378B681949, 1960E66B7F0CF7F283148B4BAC9EBC3365B641946960B4B5A70EBD6C225367B4 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:51:58.0033 0x16d4 IntcAzAudAddService - ok
16:51:58.0043 0x16d4 [ D35CDE70CFC50E5400D212626A0C3D92, CACBD37199BADEA978AA3751BCB6D50C529BB792E5600CBC7BD47C21B491AF31 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
16:51:58.0063 0x16d4 Intel(R) PROSet Monitoring Service - ok
16:51:58.0083 0x16d4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
16:51:58.0093 0x16d4 intelide - ok
16:51:58.0113 0x16d4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:51:58.0133 0x16d4 intelppm - ok
16:51:58.0163 0x16d4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:51:58.0193 0x16d4 IPBusEnum - ok
16:51:58.0193 0x16d4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:51:58.0223 0x16d4 IpFilterDriver - ok
16:51:58.0243 0x16d4 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:51:58.0313 0x16d4 iphlpsvc - ok
16:51:58.0323 0x16d4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:51:58.0343 0x16d4 IPMIDRV - ok
16:51:58.0353 0x16d4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:51:58.0393 0x16d4 IPNAT - ok
16:51:58.0423 0x16d4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:51:58.0443 0x16d4 IRENUM - ok
16:51:58.0463 0x16d4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:51:58.0483 0x16d4 isapnp - ok
16:51:58.0493 0x16d4 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:51:58.0513 0x16d4 iScsiPrt - ok
16:51:58.0523 0x16d4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:51:58.0543 0x16d4 kbdclass - ok
16:51:58.0543 0x16d4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:51:58.0573 0x16d4 kbdhid - ok
16:51:58.0583 0x16d4 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] KeyIso C:\Windows\system32\lsass.exe
16:51:58.0603 0x16d4 KeyIso - ok
16:51:58.0613 0x16d4 [ 4120DA10AA42A9996F4575DB9E3E6E6E, 1C6E790772EA327ACB885D731A030408160534997DD56FEE4D6CEE6929873BB8 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:51:58.0633 0x16d4 KSecDD - ok
16:51:58.0643 0x16d4 [ 1E1845606C5A4579F7F3D95796CC1ED1, 26A478A0B5417CBC880A7F2D977AAC5FBF40EC4296426B757D6ACCBBC09486CC ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:51:58.0663 0x16d4 KSecPkg - ok
16:51:58.0683 0x16d4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:51:58.0733 0x16d4 KtmRm - ok
16:51:58.0753 0x16d4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:51:58.0793 0x16d4 LanmanServer - ok
16:51:58.0833 0x16d4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:51:58.0883 0x16d4 LanmanWorkstation - ok
16:51:58.0903 0x16d4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:51:58.0943 0x16d4 lltdio - ok
16:51:58.0963 0x16d4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:51:58.0993 0x16d4 lltdsvc - ok
16:51:59.0003 0x16d4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:51:59.0033 0x16d4 lmhosts - ok
16:51:59.0053 0x16d4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:51:59.0063 0x16d4 LSI_FC - ok
16:51:59.0073 0x16d4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:51:59.0083 0x16d4 LSI_SAS - ok
16:51:59.0093 0x16d4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:51:59.0103 0x16d4 LSI_SAS2 - ok
16:51:59.0113 0x16d4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:51:59.0133 0x16d4 LSI_SCSI - ok
16:51:59.0143 0x16d4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
16:51:59.0163 0x16d4 luafv - ok
16:51:59.0193 0x16d4 [ 8E2E9CCD873ABF180F48BCAEEEBE347D, 35DBBB8E63B480151EA5701D9DB7C90642FA2391D044DB400D3644F3E21BB0C1 ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:51:59.0213 0x16d4 MBAMSwissArmy - ok
16:51:59.0223 0x16d4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:51:59.0243 0x16d4 Mcx2Svc - ok
16:51:59.0253 0x16d4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\drivers\megasas.sys
16:51:59.0273 0x16d4 megasas - ok
16:51:59.0283 0x16d4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:51:59.0303 0x16d4 MegaSR - ok
16:51:59.0333 0x16d4 Microsoft SharePoint Workspace Audit Service - ok
16:51:59.0363 0x16d4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
16:51:59.0403 0x16d4 MMCSS - ok
16:51:59.0423 0x16d4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
16:51:59.0453 0x16d4 Modem - ok
16:51:59.0473 0x16d4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:51:59.0503 0x16d4 monitor - ok
16:51:59.0513 0x16d4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:51:59.0523 0x16d4 mouclass - ok
16:51:59.0543 0x16d4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:51:59.0563 0x16d4 mouhid - ok
16:51:59.0583 0x16d4 [ FC8771F45ECCCFD89684E38842539B9B, 806DDF2B4830CA866582FE74A521BB7DF26CA0E19013DAF584D3677FB48CC77A ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:51:59.0603 0x16d4 mountmgr - ok
16:51:59.0673 0x16d4 [ B4E9C7383A705628AD491CF0F87D901F, 5C0CD7133D4F5B1E0466CDB2A2210ECA57206A8BC41F37BC6324120AE5501C70 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:51:59.0693 0x16d4 MozillaMaintenance - ok
16:51:59.0703 0x16d4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
16:51:59.0723 0x16d4 mpio - ok
16:51:59.0743 0x16d4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:51:59.0763 0x16d4 mpsdrv - ok
16:51:59.0773 0x16d4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:51:59.0813 0x16d4 MpsSvc - ok
16:51:59.0843 0x16d4 [ 21F4B24ACFC79A483515BD986DD9043F, 22681907E02E0B723ABE2CEF0602D36C8EF862E7E2B62A9B40A5EF582E58D7BA ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:51:59.0913 0x16d4 MRxDAV - ok
16:51:59.0943 0x16d4 [ 5D16C921E3671636C0EBA3BBAAC5FD25, 5BC107B95CAFC88F51FBB9F657B99944B20627A2B618F263093D7045E4FFD65C ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:51:59.0973 0x16d4 mrxsmb - ok
16:52:00.0003 0x16d4 [ 6D17A4791ACA19328C685D256349FEFC, 012AA3D84EEAAF53780D06D2D11B9727DFC3441F3FAD75BC9E751FB814403668 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:52:00.0023 0x16d4 mrxsmb10 - ok
16:52:00.0033 0x16d4 [ B81F204D146000BE76651A50670A5E9E, 78193D0F967BE9829E53F9B500342934B4B1E1F4CEFC444382959E2061BC3B17 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:52:00.0063 0x16d4 mrxsmb20 - ok
16:52:00.0093 0x16d4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
16:52:00.0103 0x16d4 msahci - ok
16:52:00.0113 0x16d4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:52:00.0133 0x16d4 msdsm - ok
16:52:00.0153 0x16d4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
16:52:00.0183 0x16d4 MSDTC - ok
16:52:00.0183 0x16d4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:52:00.0213 0x16d4 Msfs - ok
16:52:00.0223 0x16d4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:52:00.0243 0x16d4 mshidkmdf - ok
16:52:00.0253 0x16d4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:52:00.0273 0x16d4 msisadrv - ok
16:52:00.0303 0x16d4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:52:00.0333 0x16d4 MSiSCSI - ok
16:52:00.0333 0x16d4 msiserver - ok
16:52:00.0343 0x16d4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:52:00.0363 0x16d4 MSKSSRV - ok
16:52:00.0373 0x16d4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:52:00.0403 0x16d4 MSPCLOCK - ok
16:52:00.0423 0x16d4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:52:00.0443 0x16d4 MSPQM - ok
16:52:00.0453 0x16d4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:52:00.0473 0x16d4 MsRPC - ok
16:52:00.0473 0x16d4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:52:00.0493 0x16d4 mssmbios - ok
16:52:00.0493 0x16d4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:52:00.0523 0x16d4 MSTEE - ok
16:52:00.0533 0x16d4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:52:00.0553 0x16d4 MTConfig - ok
16:52:00.0573 0x16d4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
16:52:00.0583 0x16d4 Mup - ok
16:52:00.0613 0x16d4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
16:52:00.0663 0x16d4 napagent - ok
16:52:00.0693 0x16d4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:52:00.0723 0x16d4 NativeWifiP - ok
16:52:00.0753 0x16d4 [ 8C9C922D71F1CD4DEF73F186416B7896, 15FF43CD90C7913F83B35F2E7986561584588E8A45196EBD965C3A355836A9C7 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:52:00.0783 0x16d4 NDIS - ok
16:52:00.0793 0x16d4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:52:00.0813 0x16d4 NdisCap - ok
16:52:00.0823 0x16d4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:52:00.0863 0x16d4 NdisTapi - ok
16:52:00.0883 0x16d4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:52:00.0903 0x16d4 Ndisuio - ok
16:52:00.0913 0x16d4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:52:00.0943 0x16d4 NdisWan - ok
16:52:00.0953 0x16d4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:52:00.0973 0x16d4 NDProxy - ok
16:52:00.0983 0x16d4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:52:01.0003 0x16d4 NetBIOS - ok
16:52:01.0013 0x16d4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:52:01.0043 0x16d4 NetBT - ok
16:52:01.0043 0x16d4 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] Netlogon C:\Windows\system32\lsass.exe
16:52:01.0063 0x16d4 Netlogon - ok
16:52:01.0093 0x16d4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
16:52:01.0123 0x16d4 Netman - ok
16:52:01.0153 0x16d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:52:01.0193 0x16d4 NetMsmqActivator - ok
16:52:01.0193 0x16d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:52:01.0213 0x16d4 NetPipeActivator - ok
16:52:01.0223 0x16d4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
16:52:01.0273 0x16d4 netprofm - ok
16:52:01.0283 0x16d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:52:01.0293 0x16d4 NetTcpActivator - ok
16:52:01.0303 0x16d4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
16:52:01.0313 0x16d4 NetTcpPortSharing - ok
16:52:01.0343 0x16d4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:52:01.0353 0x16d4 nfrd960 - ok
16:52:01.0373 0x16d4 [ 374071043F9E4231EE43BE2BB48DD36D, C4FA3FC40CC49DBBB91901D14210A55D3831FAC9F9B3FF45FCA7F5CF242C9E92 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:52:01.0413 0x16d4 NlaSvc - ok
16:52:01.0433 0x16d4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:52:01.0473 0x16d4 Npfs - ok
16:52:01.0503 0x16d4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
16:52:01.0533 0x16d4 nsi - ok
16:52:01.0543 0x16d4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:52:01.0583 0x16d4 nsiproxy - ok
16:52:01.0633 0x16d4 [ C8DFF8D07755A66C7A4A738930F0FEAC, A2CC58312CE57988ABD976155BE91F558DCEC4C23481C6FBE64B361D511A36EA ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:52:01.0713 0x16d4 Ntfs - ok
16:52:01.0733 0x16d4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
16:52:01.0753 0x16d4 Null - ok
16:52:01.0793 0x16d4 [ 9F8EE4948B7ADD9D12F778F61A2758A4, 9848C7D97AC000BF7A00BAE12593E48E14D36D7FFFCF25A163FAAB446691032F ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
16:52:01.0813 0x16d4 NVHDA - ok
16:52:02.0063 0x16d4 [ 1E3D32DDBE6BBDC0843432BAD599069F, 908893652F953C01E3FFEA19E76154B6246277720B088A61086A9B336B3EC6AD ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:52:02.0393 0x16d4 nvlddmkm - ok
16:52:02.0413 0x16d4 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:52:02.0443 0x16d4 nvraid - ok
16:52:02.0463 0x16d4 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:52:02.0483 0x16d4 nvstor - ok
16:52:02.0533 0x16d4 [ 5004DAF6A37C5C73FFCF4D3935A6FE87, 52F2149383EC41B18310801FD07C1363EE81C5D1F2B0206460FC7922C00D7A15 ] nvsvc C:\Windows\system32\nvvsvc.exe
16:52:02.0563 0x16d4 nvsvc - ok
16:52:02.0633 0x16d4 [ 92626482FFD0D5160BBA5F3E0C49AF7D, A1B4393E65CBCC3110A98B3AB4ADB7AC9EE8374386AA144A643AF2767F16D7A1 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:52:02.0683 0x16d4 nvUpdatusService - ok
16:52:02.0693 0x16d4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:52:02.0713 0x16d4 nv_agp - ok
16:52:02.0723 0x16d4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:52:02.0743 0x16d4 ohci1394 - ok
16:52:02.0793 0x16d4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:52:02.0813 0x16d4 ose - ok
16:52:02.0933 0x16d4 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7, F342100E2E9001F11FDF93F856B50FA43F9B85D2C6B5706EC0433E77206498DA ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:52:03.0083 0x16d4 osppsvc - ok
16:52:03.0113 0x16d4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:52:03.0153 0x16d4 p2pimsvc - ok
16:52:03.0173 0x16d4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
16:52:03.0203 0x16d4 p2psvc - ok
16:52:03.0203 0x16d4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\drivers\parport.sys
16:52:03.0223 0x16d4 Parport - ok
16:52:03.0243 0x16d4 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:52:03.0263 0x16d4 partmgr - ok
16:52:03.0273 0x16d4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:52:03.0303 0x16d4 Parvdm - ok
16:52:03.0323 0x16d4 [ 358AB7956D3160000726574083DFC8A6, 6CAFD4D1B8AB8C1D167ADC018985DDAB5AC2CBFFB3434FE6390F14AF50C19025 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:52:03.0353 0x16d4 PcaSvc - ok
16:52:03.0373 0x16d4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
16:52:03.0383 0x16d4 pci - ok
16:52:03.0413 0x16d4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
16:52:03.0433 0x16d4 pciide - ok
16:52:03.0443 0x16d4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:52:03.0463 0x16d4 pcmcia - ok
16:52:03.0483 0x16d4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
16:52:03.0513 0x16d4 pcw - ok
16:52:03.0533 0x16d4 [ 9E0104BA49F4E6973749A02BF41344ED, B32F39F38DB48D77FBA884DEE34112BAB81CCEF5DD2EAAA12D9589D73D2BB116 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:52:03.0573 0x16d4 PEAUTH - ok
16:52:03.0633 0x16d4 [ AF4D64D2A57B9772CF3801950B8058A6, C9C493A3775E6E1660CE5DF75DA574D0C04245FB88CF41B96217A725359C350D ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:52:03.0693 0x16d4 PeerDistSvc - ok
16:52:03.0743 0x16d4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
16:52:03.0843 0x16d4 pla - ok
16:52:03.0883 0x16d4 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:52:03.0913 0x16d4 PlugPlay - ok
16:52:03.0913 0x16d4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:52:03.0933 0x16d4 PNRPAutoReg - ok
16:52:03.0953 0x16d4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:52:03.0973 0x16d4 PNRPsvc - ok
16:52:04.0003 0x16d4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:52:04.0043 0x16d4 PolicyAgent - ok
16:52:04.0073 0x16d4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
16:52:04.0123 0x16d4 Power - ok
16:52:04.0133 0x16d4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:52:04.0163 0x16d4 PptpMiniport - ok
16:52:04.0183 0x16d4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\drivers\processr.sys
16:52:04.0243 0x16d4 Processor - ok
16:52:04.0283 0x16d4 [ CADEFAC453040E370A1BDFF3973BE00D, 2E3DD8DA702468D8AB0F3CE27188B1991D4CB015FB36BAE4C6E7996B61CF49B8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:52:04.0333 0x16d4 ProfSvc - ok
16:52:04.0343 0x16d4 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:52:04.0363 0x16d4 ProtectedStorage - ok
16:52:04.0393 0x16d4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:52:04.0423 0x16d4 Psched - ok
16:52:04.0473 0x16d4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:52:04.0533 0x16d4 ql2300 - ok
16:52:04.0563 0x16d4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:52:04.0573 0x16d4 ql40xx - ok
16:52:04.0623 0x16d4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
16:52:04.0663 0x16d4 QWAVE - ok
16:52:04.0673 0x16d4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:52:04.0713 0x16d4 QWAVEdrv - ok
16:52:04.0743 0x16d4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:52:04.0773 0x16d4 RasAcd - ok
16:52:04.0803 0x16d4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:52:04.0823 0x16d4 RasAgileVpn - ok
16:52:04.0853 0x16d4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
16:52:04.0903 0x16d4 RasAuto - ok
16:52:04.0923 0x16d4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:52:04.0963 0x16d4 Rasl2tp - ok
16:52:04.0993 0x16d4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
16:52:05.0053 0x16d4 RasMan - ok
16:52:05.0083 0x16d4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:52:05.0103 0x16d4 RasPppoe - ok
16:52:05.0113 0x16d4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:52:05.0153 0x16d4 RasSstp - ok
16:52:05.0173 0x16d4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:52:05.0213 0x16d4 rdbss - ok
16:52:05.0233 0x16d4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:52:05.0253 0x16d4 rdpbus - ok
16:52:05.0263 0x16d4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:52:05.0293 0x16d4 RDPCDD - ok
16:52:05.0333 0x16d4 [ B973FCFC50DC1434E1970A146F7E3885, BE797E5F5AE34D37F8DA1134CE94DD14DBE36D2BC405B97E992E2257848B7CA9 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:52:05.0353 0x16d4 RDPDR - ok
16:52:05.0363 0x16d4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:52:05.0403 0x16d4 RDPENCDD - ok
16:52:05.0403 0x16d4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:52:05.0453 0x16d4 RDPREFMP - ok
16:52:05.0473 0x16d4 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:52:05.0503 0x16d4 RdpVideoMiniport - ok
16:52:05.0533 0x16d4 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:52:05.0563 0x16d4 RDPWD - ok
16:52:05.0593 0x16d4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:52:05.0603 0x16d4 rdyboost - ok
16:52:05.0633 0x16d4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:52:05.0663 0x16d4 RemoteAccess - ok
16:52:05.0683 0x16d4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:52:05.0713 0x16d4 RemoteRegistry - ok
16:52:05.0733 0x16d4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:52:05.0763 0x16d4 RpcEptMapper - ok
16:52:05.0793 0x16d4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
16:52:05.0823 0x16d4 RpcLocator - ok
16:52:05.0843 0x16d4 [ 7660F01D3B38ACA1747E397D21D790AF, 04611B43705C064C2A8331F6D3F8E4530295694AE2C3E3EC3F62CFF4A5EFA88D ] RpcSs C:\Windows\system32\rpcss.dll
16:52:05.0883 0x16d4 RpcSs - ok
16:52:05.0903 0x16d4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:52:05.0943 0x16d4 rspndr - ok
16:52:05.0973 0x16d4 [ 7FA7F2E249A5DCBB7970630E15E1F482, 9633B193F3FDA67BC551C6DCA4788AB83E9F45F77763EE579D02FE5D6B80DEDF ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:52:06.0003 0x16d4 s3cap - ok
16:52:06.0033 0x16d4 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] SamSs C:\Windows\system32\lsass.exe
16:52:06.0053 0x16d4 SamSs - ok
16:52:06.0103 0x16d4 [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV C:\Program Files\SuperAnti2\SASDIFSV.SYS
16:52:06.0113 0x16d4 SASDIFSV - ok
16:52:06.0143 0x16d4 [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL C:\Program Files\SuperAnti2\SASKUTIL.SYS
16:52:06.0153 0x16d4 SASKUTIL - ok
16:52:06.0183 0x16d4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:52:06.0193 0x16d4 sbp2port - ok
16:52:06.0213 0x16d4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:52:06.0263 0x16d4 SCardSvr - ok
16:52:06.0293 0x16d4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:52:06.0333 0x16d4 scfilter - ok
16:52:06.0373 0x16d4 [ A04BB13F8A72F8B6E8B4071723E4E336, E63287FF71C39CBF64C3347C455324C8437F9CF398153E269543588B65389502 ] Schedule C:\Windows\system32\schedsvc.dll
16:52:06.0433 0x16d4 Schedule - ok
16:52:06.0453 0x16d4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:52:06.0473 0x16d4 SCPolicySvc - ok
16:52:06.0483 0x16d4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:52:06.0503 0x16d4 SDRSVC - ok
16:52:06.0513 0x16d4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:52:06.0533 0x16d4 secdrv - ok
16:52:06.0543 0x16d4 [ A59B3A4442C52060CC7A85293AA3546F, 1776D6DEE51991149265AAF39E17065E301C5FA1FF4068653DC0010B9B27185D ] seclogon C:\Windows\system32\seclogon.dll
16:52:06.0583 0x16d4 seclogon - ok
16:52:06.0603 0x16d4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
16:52:06.0643 0x16d4 SENS - ok
16:52:06.0663 0x16d4 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:52:06.0693 0x16d4 SensrSvc - ok
16:52:06.0713 0x16d4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:52:06.0743 0x16d4 Serenum - ok
16:52:06.0763 0x16d4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:52:06.0783 0x16d4 Serial - ok
16:52:06.0813 0x16d4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:52:06.0843 0x16d4 sermouse - ok
16:52:06.0863 0x16d4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
16:52:06.0933 0x16d4 SessionEnv - ok
16:52:06.0943 0x16d4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:52:06.0963 0x16d4 sffdisk - ok
16:52:06.0973 0x16d4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:52:06.0993 0x16d4 sffp_mmc - ok
16:52:07.0003 0x16d4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:52:07.0023 0x16d4 sffp_sd - ok
16:52:07.0023 0x16d4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:52:07.0043 0x16d4 sfloppy - ok
16:52:07.0063 0x16d4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:52:07.0093 0x16d4 SharedAccess - ok
16:52:07.0113 0x16d4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:52:07.0143 0x16d4 ShellHWDetection - ok
16:52:07.0153 0x16d4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:52:07.0173 0x16d4 sisagp - ok
16:52:07.0173 0x16d4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:52:07.0193 0x16d4 SiSRaid2 - ok
16:52:07.0193 0x16d4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:52:07.0213 0x16d4 SiSRaid4 - ok
16:52:07.0243 0x16d4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:52:07.0283 0x16d4 Smb - ok
16:52:07.0303 0x16d4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:52:07.0323 0x16d4 SNMPTRAP - ok
16:52:07.0333 0x16d4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
16:52:07.0343 0x16d4 spldr - ok
16:52:07.0363 0x16d4 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
16:52:07.0403 0x16d4 Spooler - ok
16:52:07.0473 0x16d4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
16:52:07.0603 0x16d4 sppsvc - ok
16:52:07.0613 0x16d4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:52:07.0633 0x16d4 sppuinotify - ok
16:52:07.0663 0x16d4 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:52:07.0703 0x16d4 srv - ok
16:52:07.0723 0x16d4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:52:07.0743 0x16d4 srv2 - ok
16:52:07.0753 0x16d4 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:52:07.0763 0x16d4 srvnet - ok
16:52:07.0773 0x16d4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:52:07.0813 0x16d4 SSDPSRV - ok
16:52:07.0833 0x16d4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:52:07.0863 0x16d4 SstpSvc - ok
16:52:07.0933 0x16d4 [ 5DA84663B5DC64AF9D5E944D809A6099, C5D427F019081BF93C08391845E7B22A9AFCE7D3A6E6F8EA1F36566F05F9843E ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
16:52:07.0963 0x16d4 Stereo Service - ok
16:52:07.0983 0x16d4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:52:07.0993 0x16d4 stexstor - ok
16:52:08.0023 0x16d4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
16:52:08.0073 0x16d4 StiSvc - ok
16:52:08.0093 0x16d4 [ 472AF0311073DCECEAA8FA18BA2BDF89, 089414057EB2047E42C96C1ACE79D509967461DC5A4D2836F63C04268637A3FC ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:52:08.0103 0x16d4 storflt - ok
16:52:08.0113 0x16d4 [ DCAFFD62259E0BDB433DD67B5BB37619, CBD12FF9BBF33D18B0F3D322B12EC62E7DF3BF45C6AD43D2E91FF4C4762E05D0 ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:52:08.0133 0x16d4 storvsc - ok
16:52:08.0143 0x16d4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:52:08.0163 0x16d4 swenum - ok
16:52:08.0183 0x16d4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
16:52:08.0233 0x16d4 swprv - ok
16:52:08.0233 0x16d4 [ F2AD8960812FD111E20E84659EF19D43, FAC91E940D3735738908447E58792C32E6F86427612114A624041B7213831105 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys
16:52:08.0253 0x16d4 Synth3dVsc - ok
16:52:08.0283 0x16d4 [ 36650D618CA34C9D357DFD3D89B2C56F, 7C3774E53DCF32CB3A4B3504E32D2A651E18467FA0A6AC4C7993C696741B704B ] SysMain C:\Windows\system32\sysmain.dll
16:52:08.0353 0x16d4 SysMain - ok
16:52:08.0363 0x16d4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
16:52:08.0393 0x16d4 TabletInputService - ok
16:52:08.0423 0x16d4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
16:52:08.0463 0x16d4 TapiSrv - ok
16:52:08.0483 0x16d4 [ B799D9FDB26111737F58288D8DC172D9, 409A60819A4305699E2E492A6190637FAAEBD19E745A5DB2A5D6977106C86591 ] TBS C:\Windows\System32\tbssvc.dll
16:52:08.0513 0x16d4 TBS - ok
16:52:08.0553 0x16d4 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:52:08.0613 0x16d4 Tcpip - ok
16:52:08.0653 0x16d4 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:52:08.0693 0x16d4 TCPIP6 - ok
16:52:08.0713 0x16d4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:52:08.0743 0x16d4 tcpipreg - ok
16:52:08.0763 0x16d4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:52:08.0793 0x16d4 TDPIPE - ok
16:52:08.0813 0x16d4 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:52:08.0833 0x16d4 TDTCP - ok
16:52:08.0853 0x16d4 [ 7FE680A3DFA421C4A8E4879AE4C5AAB0, A4C64E155AB2843823CD3586756BA7681CFDEA50812095468221503BBAD30DCD ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:52:08.0883 0x16d4 tdx - ok
16:52:08.0893 0x16d4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:52:08.0913 0x16d4 TermDD - ok
16:52:08.0913 0x16d4 [ E951866BAC5A23403F62A349EDBB6EEB, BE6FB3C09D1CF8952B4D041F45B4DEE53D78EE7D27A5135012BC92B2F7CFBEA3 ] terminpt C:\Windows\system32\drivers\terminpt.sys
16:52:08.0943 0x16d4 terminpt - ok
16:52:08.0973 0x16d4 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
16:52:09.0053 0x16d4 TermService - ok
16:52:09.0073 0x16d4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
16:52:09.0113 0x16d4 Themes - ok
16:52:09.0123 0x16d4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
16:52:09.0153 0x16d4 THREADORDER - ok
16:52:09.0163 0x16d4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
16:52:09.0203 0x16d4 TrkWks - ok
16:52:09.0243 0x16d4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:52:09.0293 0x16d4 TrustedInstaller - ok
16:52:09.0313 0x16d4 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:52:09.0323 0x16d4 tssecsrv - ok
16:52:09.0353 0x16d4 [ C6A5FBD4977305E1FA23E02C042DB463, A6EB5E4B8051A258D40A385609E930318EAA3494C8466F48542B806FE6A7C47A ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:52:09.0393 0x16d4 TsUsbFlt - ok
16:52:09.0413 0x16d4 [ 57C527AF84748B5C2F5178C499C0B81F, 2FF1F25BA16F8984E9F2CE4DE663F261BAF267EDF10D466A52BB211C567F763C ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:52:09.0443 0x16d4 TsUsbGD - ok
16:52:09.0453 0x16d4 [ 045ACB987C650D8186C6B4A692223860, C1CDDF7DABAE531C53290C7C70F35DD65751B399D269711865AD65F9E4E43B0B ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
16:52:09.0473 0x16d4 tsusbhub - ok
16:52:09.0493 0x16d4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:52:09.0523 0x16d4 tunnel - ok
16:52:09.0523 0x16d4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:52:09.0543 0x16d4 uagp35 - ok
16:52:09.0553 0x16d4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:52:09.0583 0x16d4 udfs - ok
16:52:09.0613 0x16d4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:52:09.0643 0x16d4 UI0Detect - ok
16:52:09.0663 0x16d4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:52:09.0673 0x16d4 uliagpkx - ok
16:52:09.0693 0x16d4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:52:09.0703 0x16d4 umbus - ok
16:52:09.0723 0x16d4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\drivers\umpass.sys
16:52:09.0743 0x16d4 UmPass - ok
16:52:09.0763 0x16d4 [ 409994A8EACEEE4E328749C0353527A0, FFC57B647147DE2957A7DE4B330CC534DE7AC892A2FCE3BB164F7A516CAB1B56 ] UmRdpService C:\Windows\System32\umrdp.dll
16:52:09.0823 0x16d4 UmRdpService - ok
16:52:09.0843 0x16d4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
16:52:09.0893 0x16d4 upnphost - ok
16:52:09.0913 0x16d4 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
16:52:09.0933 0x16d4 usbccgp - ok
16:52:09.0953 0x16d4 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:52:09.0983 0x16d4 usbcir - ok
16:52:10.0003 0x16d4 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:52:10.0013 0x16d4 usbehci - ok
16:52:10.0033 0x16d4 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:52:10.0073 0x16d4 usbhub - ok
16:52:10.0083 0x16d4 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:52:10.0113 0x16d4 usbohci - ok
16:52:10.0133 0x16d4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\drivers\usbprint.sys
16:52:10.0143 0x16d4 usbprint - ok
16:52:10.0163 0x16d4 [ F991AB9CC6B908DB552166768176896A, AD8E7A16B23B244B7F834622D4E38B5844193C6E31EF96F61E0E2EA16C945026 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:52:10.0193 0x16d4 USBSTOR - ok
16:52:10.0223 0x16d4 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:52:10.0243 0x16d4 usbuhci - ok
16:52:10.0253 0x16d4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
16:52:10.0283 0x16d4 UxSms - ok
16:52:10.0293 0x16d4 [ DD17E1573651293D4ED31053795B3471, 94F7D1BB1C3B0C1FAAEED07375DB0F3BC995394FB5C26983548D946C8D229D54 ] VaultSvc C:\Windows\system32\lsass.exe
16:52:10.0303 0x16d4 VaultSvc - ok
16:52:10.0313 0x16d4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:52:10.0323 0x16d4 vdrvroot - ok
16:52:10.0353 0x16d4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
16:52:10.0413 0x16d4 vds - ok
16:52:10.0433 0x16d4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:52:10.0463 0x16d4 vga - ok
16:52:10.0473 0x16d4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:52:10.0493 0x16d4 VgaSave - ok
16:52:10.0503 0x16d4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:52:10.0513 0x16d4 vhdmp - ok
16:52:10.0543 0x16d4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:52:10.0563 0x16d4 viaagp - ok
16:52:10.0563 0x16d4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:52:10.0583 0x16d4 ViaC7 - ok
16:52:10.0583 0x16d4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
16:52:10.0603 0x16d4 viaide - ok
16:52:10.0603 0x16d4 [ C2F2911156FDC7817C52829C86DA494E, FE499F189B5016FCE0018AA3DE3970B72275B7B15F3D4D608117F6DDEC6B90DC ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:52:10.0633 0x16d4 vmbus - ok
16:52:10.0643 0x16d4 [ D4D77455211E204F370D08F4963063CE, 2018B2A84C73E0834200A594C02A9D28C74906F126DAD3CCDDFC9CD9A61669E2 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:52:10.0663 0x16d4 VMBusHID - ok
16:52:10.0663 0x16d4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:52:10.0683 0x16d4 volmgr - ok
16:52:10.0693 0x16d4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:52:10.0723 0x16d4 volmgrx - ok
16:52:10.0733 0x16d4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:52:10.0753 0x16d4 volsnap - ok
16:52:10.0773 0x16d4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:52:10.0793 0x16d4 vsmraid - ok
16:52:10.0833 0x16d4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
16:52:10.0933 0x16d4 VSS - ok
16:52:10.0943 0x16d4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:52:10.0983 0x16d4 vwifibus - ok
16:52:11.0013 0x16d4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
16:52:11.0053 0x16d4 W32Time - ok
16:52:11.0053 0x16d4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:52:11.0073 0x16d4 WacomPen - ok
16:52:11.0093 0x16d4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:52:11.0123 0x16d4 WANARP - ok
16:52:11.0123 0x16d4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:52:11.0143 0x16d4 Wanarpv6 - ok
16:52:11.0173 0x16d4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
16:52:11.0243 0x16d4 wbengine - ok
16:52:11.0253 0x16d4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:52:11.0283 0x16d4 WbioSrvc - ok
16:52:11.0293 0x16d4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:52:11.0323 0x16d4 wcncsvc - ok
16:52:11.0333 0x16d4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:52:11.0353 0x16d4 WcsPlugInService - ok
16:52:11.0363 0x16d4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\drivers\wd.sys
16:52:11.0373 0x16d4 Wd - ok
16:52:11.0403 0x16d4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:52:11.0433 0x16d4 Wdf01000 - ok
16:52:11.0453 0x16d4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:52:11.0483 0x16d4 WdiServiceHost - ok
16:52:11.0493 0x16d4 [ 46EF9DC96265FD0B423DB72E7C38C2A5, 43801A51FB0E45CFFC73DF6441B54A75FC2FEAF5E0424DFE7AB04FC26CF6CD16 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:52:11.0513 0x16d4 WdiSystemHost - ok
16:52:11.0533 0x16d4 [ 75E8EBD7040CE238684333F97014762A, 2CA0B267FBAEB303D1F8B639D733DC0DE17BA1276CC9096035B4F2BBBED3EF7F ] WebClient C:\Windows\System32\webclnt.dll
16:52:11.0573 0x16d4 WebClient - ok
16:52:11.0593 0x16d4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:52:11.0623 0x16d4 Wecsvc - ok
16:52:11.0633 0x16d4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:52:11.0653 0x16d4 wercplsupport - ok
16:52:11.0673 0x16d4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
16:52:11.0713 0x16d4 WerSvc - ok
16:52:11.0743 0x16d4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:52:11.0773 0x16d4 WfpLwf - ok
16:52:11.0783 0x16d4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:52:11.0793 0x16d4 WIMMount - ok
16:52:11.0833 0x16d4 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:52:11.0933 0x16d4 WinDefend - ok
16:52:11.0973 0x16d4 WinHttpAutoProxySvc - ok
16:52:12.0013 0x16d4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:52:12.0043 0x16d4 Winmgmt - ok
16:52:12.0093 0x16d4 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
16:52:12.0173 0x16d4 WinRM - ok
16:52:12.0223 0x16d4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:52:12.0283 0x16d4 Wlansvc - ok
16:52:12.0293 0x16d4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:52:12.0323 0x16d4 WmiAcpi - ok
16:52:12.0343 0x16d4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:52:12.0383 0x16d4 wmiApSrv - ok
16:52:12.0443 0x16d4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:52:12.0493 0x16d4 WMPNetworkSvc - ok
16:52:12.0503 0x16d4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:52:12.0523 0x16d4 WPCSvc - ok
16:52:12.0523 0x16d4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:52:12.0543 0x16d4 WPDBusEnum - ok
16:52:12.0553 0x16d4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:52:12.0583 0x16d4 ws2ifsl - ok
16:52:12.0603 0x16d4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
16:52:12.0623 0x16d4 wscsvc - ok
16:52:12.0633 0x16d4 WSearch - ok
16:52:12.0693 0x16d4 [ D9B0134913E5EF007AF82A418C503322, 7418DD28C8E968674382F8352AAFFC4DE77887E2B71B8844D615F19432B4C55A ] wuauserv C:\Windows\system32\wuaueng.dll
16:52:12.0793 0x16d4 wuauserv - ok
16:52:12.0813 0x16d4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:52:12.0823 0x16d4 WudfPf - ok
16:52:12.0853 0x16d4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:52:12.0893 0x16d4 wudfsvc - ok
16:52:12.0913 0x16d4 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
16:52:12.0953 0x16d4 WwanSvc - ok
16:52:12.0963 0x16d4 ================ Scan global ===============================
16:52:12.0983 0x16d4 [ DAB748AE0439955ED2FA22357533DDDB, 73EDD402C7479DDCE1998D0C7E99E1EC2974F64EFC33A851439CC85D09EDCDF9 ] C:\Windows\system32\basesrv.dll
16:52:12.0993 0x16d4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:52:13.0003 0x16d4 [ 51BB04243DF6196C06E125898127E397, E1B6C83FC6E455F6806185027C5B56F8BA9ECDF1CD69E97301EC0291F0D3466E ] C:\Windows\system32\winsrv.dll
16:52:13.0023 0x16d4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
16:52:13.0053 0x16d4 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6, D7BC4ED605B32274B45328FD9914FB0E7B90D869A38F0E6F94FB1BF4E9E2B407 ] C:\Windows\system32\services.exe
16:52:13.0063 0x16d4 [ Global ] - ok
16:52:13.0063 0x16d4 ================ Scan MBR ==================================
16:52:13.0073 0x16d4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:52:13.0433 0x16d4 \Device\Harddisk0\DR0 - ok
16:52:13.0433 0x16d4 ================ Scan VBR ==================================
16:52:13.0433 0x16d4 [ A0055669EDC19E4565970298536E46D4 ] \Device\Harddisk0\DR0\Partition1
16:52:13.0453 0x16d4 \Device\Harddisk0\DR0\Partition1 - ok
16:52:13.0463 0x16d4 [ EB1897729B2BE00DF8B0E079FBA03440 ] \Device\Harddisk0\DR0\Partition2
16:52:13.0483 0x16d4 \Device\Harddisk0\DR0\Partition2 - ok
16:52:13.0493 0x16d4 [ C5D4246B638D472C38FB96D06645FFBB ] \Device\Harddisk0\DR0\Partition3
16:52:13.0493 0x16d4 \Device\Harddisk0\DR0\Partition3 - ok
16:52:13.0493 0x16d4 [ 3959CEF547620965E16DCC689F2D65A5 ] \Device\Harddisk0\DR0\Partition4
16:52:13.0493 0x16d4 \Device\Harddisk0\DR0\Partition4 - ok
16:52:13.0493 0x16d4 ================ Scan generic autorun ======================
16:52:13.0673 0x16d4 [ AA0E7C689E540816A6D40AE7100D6C1C, 7D88C85250BA33EE06952E45B21C12C3F89269E39CC2511F124F26AFE581591A ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
16:52:13.0863 0x16d4 RTHDVCPL - ok
16:52:13.0923 0x16d4 [ ADADEFBE2903EA4100E259F9FA3D3FCA, EC49E239D93AE1E2FFC9915739B71650C93AC946DD221410F8575DB2E90BE4AA ] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
16:52:13.0993 0x16d4 RtHDVBg_DTS - ok
16:52:14.0033 0x16d4 [ 187F4C75A89E3F412322C94526320074, D78FA7EF93C8C7B4326A5B6DB04A92ADD091DF00658FA8731D07C5D3BE29ED04 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
16:52:14.0053 0x16d4 BCSSync - ok
16:52:14.0243 0x16d4 [ FFB8CB731D62EC434A552680E0F8EC1A, 7738881188FF99820F6FD667E32FE73E63260289188C449D3462F8B19C48D3FA ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
16:52:14.0363 0x16d4 AvastUI.exe - ok
16:52:14.0473 0x16d4 [ D2B7C4F3A41B22D6BA033F06CC19D194, 7389784F59ABDA14C2DE4EE74A06B77D42C75D54B9AB2AA337E49F3BFF2DCA78 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
16:52:14.0533 0x16d4 COMODO Internet Security - ok
16:52:14.0583 0x16d4 [ F6C586C6D7A253ACA913FB49831797DE, BF8BE1660DD8DEE72E195D5A26C9A78454F70F81CEB6E1CF8B8B630D25F66A53 ] C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
16:52:14.0633 0x16d4 NvBackend - ok
16:52:14.0683 0x16d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:52:14.0753 0x16d4 Sidebar - ok
16:52:14.0773 0x16d4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:52:14.0803 0x16d4 mctadmin - ok
16:52:14.0823 0x16d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:52:14.0863 0x16d4 Sidebar - ok
16:52:14.0873 0x16d4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:52:14.0893 0x16d4 mctadmin - ok
16:52:14.0963 0x16d4 [ 146432E458B86C55F31B5BDF488E742F, 02B573DBA290AEB1C35A17C72D88716B87AF307BFBFD68638147D86DC4744CCF ] C:\Program Files\Glary Utilities 5\StartupManager.exe
16:52:14.0983 0x16d4 GUDelayStartup - ok
16:52:15.0013 0x16d4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
16:52:15.0053 0x16d4 Sidebar - ok
16:52:15.0053 0x16d4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
16:52:15.0083 0x16d4 mctadmin - ok
16:52:15.0103 0x16d4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.0.2208.712 ), 0x41000 ( enabled : updated )
16:52:15.0103 0x16d4 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.0.0.4344 ), 0x61010 ( enabled )
16:52:17.0593 0x16d4 ============================================================
16:52:17.0593 0x16d4 Scan finished
16:52:17.0593 0x16d4 ============================================================
16:52:17.0593 0x189c Detected object count: 0
16:52:17.0593 0x189c Actual detected object count: 0


----------



## kevinf80 (Mar 21, 2006)

At least we do not see any rootkits etc... run the following please:

download *SystemLook* from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
ataport.sys
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Thanks....


----------



## Walloped (Dec 30, 2014)

SystemLook log

SystemLook 30.07.11 by jpshortstuff
Log created at 19:42 on 09/01/2015 by MohenDaro
Administrator - Elevation successful

========== filefind ==========

Searching for "ataport.sys"
C:\Windows\System32\drivers\ataport.sys --a---- 133056 bytes [12:36 31/12/2014] [00:24 07/01/2015] DDCE686D76C2B4DB435A3AF5BD0E691D
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_a5025d31bee4647c\ataport.sys --a---- 133056 bytes [12:36 31/12/2014] [01:56 05/08/2013] DDCE686D76C2B4DB435A3AF5BD0E691D
C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\ataport.sys --a---- 132992 bytes [21:29 20/11/2010] [21:29 20/11/2010] 4B55C9F9A93B3BFD01ED7366EB0B9D2E
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\ataport.sys --a---- 132992 bytes [21:29 20/11/2010] [21:29 20/11/2010] 4B55C9F9A93B3BFD01ED7366EB0B9D2E
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_df26d4d57fdef5b0\ataport.sys --a---- 133056 bytes [12:36 31/12/2014] [01:56 05/08/2013] DDCE686D76C2B4DB435A3AF5BD0E691D
C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_dfc9143c98e9a6c4\ataport.sys --a---- 133056 bytes [12:36 31/12/2014] [08:59 05/08/2013] 6E58B01269D6CCB51115072D12191094

-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

Are the BSOD still happening, i`m sure this is not a malware problem but best check the driver in question...

*Upload a File to Virustotal*

Go to http://www.virustotal.com/


 Click the *Choose file* button
 Navigate to the file *C:\Windows\System32\drivers\ataport.sys* 
 Click the *Scan it* tab
 If you get a message saying File has already been analyzed: click Reanalyze file now
 Copy and paste the results back here please.

Kevin....


----------



## Walloped (Dec 30, 2014)

I didnt get any blue screens yesterday. so I dont know whats happening. i find firefox crashes when I use google which what how this whole issue started. it kept crashing. Maybe its just google maps

here some info form that scan

SHA256: 663b52bd2ec561aeb38386d0ecaa5ce87a95e593a6a580baee01b13f8c0c9eb5
File name: ataport.sys
Detection ratio: 0 / 55
Analysis date: 2014-12-26 12:43:57 UTC ( 2 weeks, 1 day ago ) 
Probably harmless! There are strong indicators suggesting that this file is safe to use.

The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Native subsystem.
Authenticode signature block
Copyright
© Microsoft Corporation. All rights reserved.

Publisher Microsoft Windows
Product Microsoft® Windows® Operating System
Original name ataport.sys
Internal name ataport.sys
File version 6.1.7601.18231 (win7sp1_gdr.130804-1531)
Description ATAPI Driver Extension
Signature verification Signed file, verified signature
Signing date 2:56 AM 8/5/2013
Signers 
[+] Microsoft Windows
[+] Microsoft Windows Verification PCA
[+] Microsoft Root Certificate Authority
Counter signers 
[+] Microsoft Time-Stamp Service
[+] Microsoft Time-Stamp PCA
[+] Microsoft Root Certificate Authority
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-08-05 00:46:59
Entry Point 0x0001D049
Number of sections 8
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 63850 64000 6.38 f03c1f2ac6035399d63ede87e20b99c0
.rdata 69632 2212 2560 5.24 32f0f918e35e62ef735cfc126d2bbae2
.data 73728 932 512 0.48 bf6222fcd7a820ad18d7679fd2b078e1
PAGE 77824 36128 36352 6.42 7002bf181ff0f74c6292390b61962022
.edata 114688 2030 2048 5.15 4a8c9795a738a9c0d297e1dccd4153f6
INIT 118784 5082 5120 5.76 3e49cae1e603931fa912a228e9b842da
.rsrc 126976 10184 10240 3.80 bee56c62e1caf1d7821b39d135ec5110
.reloc 139264 3688 4096 5.76 9151eb74ecc4af316cc6bf7682942f8b
PE imports
[+] HAL.dll
[+] WMILIB.SYS
[+] ntoskrnl.exe
PE exports
AtaPortAllocateQueueTag
AtaPortBuildRequestSenseIrb
AtaPortCompleteAllActiveRequests
AtaPortCompleteRequest
AtaPortConvertPhysicalAddressToUlong
AtaPortCopyMemory
AtaPortDebugBreak
AtaPortDebugPrint
AtaPortDeviceStateChange
AtaPortEtwTraceLog
Number of PE resources by type
WEVT_TEMPLATE 1
MUI 1
RT_MESSAGETABLE 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 4
ExifTool file metadata
SubsystemVersion
6.1

InitializedDataSize
19968

ImageVersion
6.1

ProductName
Microsoft Windows Operating System

FileVersionNumber
6.1.7601.18231

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
9.0

OriginalFilename
ataport.sys

MIMEType
application/octet-stream

Subsystem
Native

FileVersion
6.1.7601.18231 (win7sp1_gdr.130804-1531)

TimeStamp
2013:08:05 01:46:59+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ataport.sys

FileAccessDate
2014:12:26 13:44:06+01:00

ProductVersion
6.1.7601.18231

FileDescription
ATAPI Driver Extension

OSVersion
6.1

FileCreateDate
2014:12:26 13:44:06+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
105472

FileSubtype
7

ProductVersionNumber
6.1.7601.18231

EntryPoint
0x1d049

ObjectFileType
Driver

File identification
MD5 ddce686d76c2b4db435a3af5bd0e691d
SHA1 824b6b1cbd707790292d36584133b6874dcfd72e
SHA256 663b52bd2ec561aeb38386d0ecaa5ce87a95e593a6a580baee01b13f8c0c9eb5
ssdeep
3072:xoSwFqOHiHJjxhzg2Q2+E7+l0TX8NkgXqM/QgNbfvfhco/kl5mazHmUh0Iw7Y/9:ToJ6tB+E7+l0j8NkZM/bNjvf1kl1HtRF

authentihash d9ba994cc94860b3ae8e6a584fb3d0d30f4fbe5bb832d7c76aad8296daa06dd9
imphash 048067e7f0014a8e4217a006d216405d
File size 129.9 KB ( 133056 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (native) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (43.5%)
Win32 Executable (generic) (29.8%)
Generic Win/DOS Executable (13.2%)
DOS Executable Generic (13.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

Tags
peexe signed native

VirusTotal metadata
First submission 2013-09-13 08:12:30 UTC ( 1 year, 3 months ago )
Last submission 2015-01-10 15:00:12 UTC ( 7 minutes ago )
File names 1ecb1ee08d0eff4e864d4d738565240e.tmp
setd380.tmp
sete240.tmp
setedbf.tmp
932070f2871ae640a5318d94a24abe42.tmp
set8f3a.tmp
30fbfb494ff99a4a9e31948bcf11426b.tmp
set491d.tmp
set44a1.tmp
old8ef9.tmp
set99d8.tmp
ad03164e5efd474da493398fb572f14f.tmp
set7035.tmp
8089169ec3ccd34694e76d4db85f9990.tmp
2825f3ece1d7da45bc44e013aa891b0b.tmp
e81d47cd360f1c4aab731acdf2e34822.tmp
c9066658fc60cf4687a0ed31fc787874.tmp
set9f6f.tmp
set218e.tmp
set5380.tmp
ataport.SYS
set7423.tmp
1709e33148a41941921b323310db6a34.tmp
setf4d3.tmp
92ac90166455a34086ec272448661efc.tmp


----------



## kevinf80 (Mar 21, 2006)

Well the file is clean, so we don`t worry on the malware/infection front. If the problem with Firefox continues lets carry out a reset and see if that males any difference:

Instructions here: https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

When the reset is completed I recommend the following addons..

addons: Webutation, Adblock Plus, Adblock Plus Pop-up Addon, Flash Block, When Firefox is open select these keys together :- *Ctrl - Shift - A* that will access Addons manger, this gives access to find addons, use, start, stop or disable those features etc.... 
Type each name into Addon Manager seach box, install each one then restart FireFox to complete the installation..

Let me know if that helps...


----------



## Walloped (Dec 30, 2014)

i did the firefox reset, i dont think it did much. i'll have to wait and see. As for the Blue Screen havent seen any again, but I havent been using the computer much. 

I guess one of the tools was to clean out the restore points so it dosnt get reinfected, as I dont see any restore points as mentioned except from last spring. 
I guess there so point looking into the restore points as I already reset everthing and pretty much starting half new from when I originally set up the computer.

Well thanks for all your time and i really appreciate all the help that you provided. I dont know what we would do without people like you. 
I know...spend hundreds of dollars on people who probably take your money and dont really do anything, or have do a reinstall and loose all your information

We'll mark this one as solved


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, it was a pleasure to work with you....

Take care and surf safe,

Kevin


----------



## Walloped (Dec 30, 2014)

Ahmmmm.....

I did a malware bytes scan and it found a pup it but it said it was in the recycle bin. but before it got to the end of the scan the computer crashed. i was able to remove it, I think it was with another scan but

Now when I do I try to scan with malware bytes it keeps crashing towards the end and I get get a blue screen. I stayed with the scan until the end and it seems to crash when it's doing the _Heuristic analysis_.

should I delete the program and and do a fresh install. I'm worried about why its crashing at the final analysis

any suggestions would help


----------



## kevinf80 (Mar 21, 2006)

Please download this program *Blue Screen Viewer* and unzip "Bluescreen View.exe" to your desktop.

Double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

Next,

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: 
*MBAM Clean Removal Process 2x*

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose *"Run as administrator"* to open Malwarebytes Anti-Malware and from the Dashboard please *Check for Updates* by clicking the *Update Now*... link
Open up *Malwarebytes* > *Settings* > *Detection* and *Protection* > Enable *Scan for rootkit* and Under *Non Malware Protection* set both *PUP* and *PUM* to *Treat detections as malware*.
Click on the *SCAN* button and run a *Threat Scan* with *Malwarebytes Anti-Malware* by clicking the *Scan Now>> button*.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Did the clean install make any difference...?

Kevin...


----------



## Walloped (Dec 30, 2014)

I removed Malware byes and its the same thing. I fell asleep last night so I reinstalled malware bytes and its doing the thing. also its taking windows longer to restart now, its slowing down. 

Blue Screen Viewer

Jan 15th
==================================================
Dump File : 011515-17971-01.dmp
Crash Time : 1/15/2015 7:59:49 PM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0x9ff1e7b8
Parameter 2 : 0xc0000185
Parameter 3 : 0x1ecdd864
Parameter 4 : 0x9b441f22
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+f1f22
File Description : Multi-User Win32 Driver
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+debfc
Stack Address 1 : ntkrnlpa.exe+a3187
Stack Address 2 : ntkrnlpa.exe+a6a69
Stack Address 3 : ntkrnlpa.exe+90180
Computer Name : 
Full Path : C:\Windows\Minidump\011515-17971-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 169,592
Dump File Time : 1/15/2015 8:03:52 PM
==================================================


Jan 16th
==================================================
Dump File : 011615-17144-01.dmp
Crash Time : 1/16/2015 9:14:55 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0462f48
Parameter 2 : 0xc0000185
Parameter 3 : 0x96c32860
Parameter 4 : 0x8c5e99e8
Caused By Driver : nvlddmkm.sys
Caused By Address : nvlddmkm.sys+a10860
File Description : NVIDIA Windows Kernel Mode Driver, Version 340.52
Product Name : NVIDIA Windows Kernel Mode Driver, Version 340.52
Company : NVIDIA Corporation
File Version : 9.18.13.4052
Processor : 32-bit
Crash Address : ntkrnlpa.exe+debfc
Stack Address 1 : ntkrnlpa.exe+a3187
Stack Address 2 : ntkrnlpa.exe+a6a69
Stack Address 3 : ntkrnlpa.exe+90180
Computer Name : 
Full Path : C:\Windows\Minidump\011615-17144-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 169,624
Dump File Time : 1/16/2015 9:15:57 AM
==================================================


----------



## kevinf80 (Mar 21, 2006)

Go to the following link: http://www.sevenforums.com/tutorials/433-disk-check.html scroll to "Option Two" and follow those instructions to run CHKDSK, use the following switch :-

*chkdsk C: /R*

When chkdsk completes go to this link: http://www.sevenforums.com/tutorials/96938-check-disk-chkdsk-read-event-viewer-log.html follow the instructions to get the log, post to next reply...

Next,

Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste *sfc /scannow* > then tap enter. When finished type *exit* Tap enter, re-boot your PC.

***Note the space between *sfc* and */scannow*.

To get report, open elevated command promt type or copy and paste:

*findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt*

Post those logs, also let me know if the BSOD issue is cleared....

Thanks,

Kevin..


----------



## Walloped (Dec 30, 2014)

sorry didnt get back was busy with work

Contentious sound...sounds like usb item unplugging until it finally stops. Should I look to replace the drivers found in the blue screen viewer report

I did check disk on my own about a week ago, and HD Tune a program that I alread had installed, as the WD drive was loud when I bought it. both were clear

I will redo it.


----------



## Walloped (Dec 30, 2014)

ChkDsk

TimeCreated : 1/20/2015 12:01:45 AM
Message : 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 

CHKDSK is verifying files (stage 1 of 5)...
151552 file records processed. 

File verification completed.
1039 large file records processed. 

0 bad file records processed. 

2 EA records processed. 

60 reparse records processed. 

CHKDSK is verifying indexes (stage 2 of 5)...
189214 index entries processed. 

Index verification completed.
0 unindexed files scanned. 

0 unindexed files recovered. 

CHKDSK is verifying security descriptors (stage 3 of 5)...
151552 file SDs/SIDs processed. 

Cleaning up 82 unused index entries from index $SII of file 0x9.
Cleaning up 82 unused index entries from index $SDH of file 0x9.
Cleaning up 82 unused security descriptors.
Security descriptor verification completed.
18832 data files processed. 

CHKDSK is verifying Usn Journal...
35023784 USN bytes processed. 

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
151536 files processed. 

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
57959494 free clusters processed. 

Free space verification is complete.
Windows has checked the file system and found no problems.

325449727 KB total disk space.
93281736 KB in 85128 files.
66152 KB in 18833 indexes.
0 KB in bad sectors.
263863 KB in use by the system.
65536 KB occupied by the log file.
231837976 KB available on disk.

4096 bytes in each allocation unit.
81362431 total allocation units on disk.
57959494 allocation units available on disk.

Internal Info:
00 50 02 00 24 96 01 00 06 f0 02 00 00 00 00 00 .P..$...........
f1 02 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........
c0 fe 16 00 50 01 13 00 50 01 13 00 00 00 13 00 ....P...P.......

Windows has finished checking your disk.
Please wait while your computer restarts.


TimeCreated : 1/7/2015 4:48:16 PM
Message : 

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk. 

CHKDSK is verifying files (stage 1 of 5)...
151552 file records processed.  

File verification completed.
1008 large file records processed. 

0 bad file records processed. 

2 EA records processed. 

60 reparse records processed. 

CHKDSK is verifying indexes (stage 2 of 5)...
192084 index entries processed. 

Index verification completed.
0 unindexed files scanned. 

0 unindexed files recovered. 

CHKDSK is verifying security descriptors (stage 3 of 5)...
151552 file SDs/SIDs processed. 

Cleaning up 1550 unused index entries from index $SII of file 0x9
.
Cleaning up 1550 unused index entries from index $SDH of file 0x9
.
Cleaning up 1550 unused security descriptors.
Security descriptor verification completed.
20267 data files processed. 

CHKDSK is verifying Usn Journal...
35613208 USN bytes processed. 

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
151536 files processed. 

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
57884715 free clusters processed. 

Free space verification is complete.
Windows has checked the file system and found no problems.

325449727 KB total disk space.
93559384 KB in 112257 files.
87192 KB in 20268 indexes.
0 KB in bad sectors.
264287 KB in use by the system.
65536 KB occupied by the log file.
231538864 KB available on disk.

4096 bytes in each allocation unit.
81362431 total allocation units on disk.
57884716 allocation units available on disk.

Internal Info:
00 50 02 00 b8 05 02 00 b8 cc 03 00 00 00 00 00 .P..............
d9 02 00 00 3c 00 00 00 00 00 00 00 00 00 00 00 ....<...........
c0 fe 2e 00 50 01 2b 00 50 01 2b 00 00 00 2b 00 ....P.+.P.+...+.

Windows has finished checking your disk.
Please wait while your computer restarts.


----------



## Walloped (Dec 30, 2014)

Sfc scan

2015-01-19 09:48:47, Info CSI 00000009 [SR] Verifying 1 components
2015-01-19 09:48:47, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2015-01-19 09:48:47, Info CSI 0000000c [SR] Verify complete
2015-01-19 09:49:05, Info CSI 0000000d [SR] Verifying 1 components
2015-01-19 09:49:05, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2015-01-19 09:49:07, Info CSI 00000010 [SR] Verify complete
2015-01-19 09:49:31, Info CSI 00000011 [SR] Verifying 1 components
2015-01-19 09:49:31, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2015-01-19 09:49:31, Info CSI 00000014 [SR] Verify complete
2015-01-20 00:16:34, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:34, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:36, Info CSI 0000000c [SR] Verify complete
2015-01-20 00:16:36, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:36, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:38, Info CSI 00000010 [SR] Verify complete
2015-01-20 00:16:38, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:38, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:41, Info CSI 00000014 [SR] Verify complete
2015-01-20 00:16:41, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:41, Info  CSI 00000016 [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:43, Info CSI 00000018 [SR] Verify complete
2015-01-20 00:16:43, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:43, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:44, Info CSI 0000001c [SR] Verify complete
2015-01-20 00:16:45, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:45, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:46, Info CSI 00000020 [SR] Verify complete
2015-01-20 00:16:46, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:46, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:47, Info CSI 00000024 [SR] Verify complete
2015-01-20 00:16:47, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:47, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:48, Info CSI 00000028 [SR] Verify complete
2015-01-20 00:16:48, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:48, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:49, Info CSI 0000002c [SR] Verify complete
2015-01-20 00:16:50, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:50, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:51, Info CSI 00000030 [SR] Verify complete
2015-01-20 00:16:52, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:52, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:53, Info CSI 00000034 [SR] Verify complete
2015-01-20 00:16:53, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:53, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:55, Info CSI 00000038 [SR] Verify complete
2015-01-20 00:16:55, Info CSI 00000039 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:55, Info CSI 0000003a [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:57, Info CSI 0000003c [SR] Verify complete
2015-01-20 00:16:57, Info CSI 0000003d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:57, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2015-01-20 00:16:58, Info CSI 00000040 [SR] Verify complete
2015-01-20 00:16:59, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:16:59, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:01, Info CSI 00000044 [SR] Verify complete
2015-01-20 00:17:01, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:01, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:02, Info CSI 00000048 [SR] Verify complete
2015-01-20 00:17:02, Info CSI 00000049 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:02, Info CSI 0000004a [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:04, Info CSI 0000004c [SR] Verify complete
2015-01-20 00:17:04, Info CSI 0000004d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:04, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:07, Info CSI 00000050 [SR] Verify complete
2015-01-20 00:17:07, Info CSI 00000051 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:07, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:09, Info CSI 00000056 [SR] Verify complete
2015-01-20 00:17:10, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:10, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:11, Info CSI 0000005b [SR] Verify complete
2015-01-20 00:17:11, Info CSI 0000005c [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:11, Info CSI 0000005d [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:13, Info CSI 00000060 [SR] Verify complete
2015-01-20 00:17:13, Info CSI 00000061 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:13, Info CSI 00000062 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:15, Info CSI 00000066 [SR] Verify complete
2015-01-20 00:17:16, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:16, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:19, Info CSI 00000072 [SR] Verify complete
2015-01-20 00:17:19, Info CSI 00000073 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:19, Info CSI 00000074 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:22, Info CSI 00000076 [SR] Verify complete
2015-01-20 00:17:22, Info CSI 00000077 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:22, Info CSI 00000078 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:25, Info CSI 0000007a [SR] Verify complete
2015-01-20 00:17:25, Info CSI 0000007b [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:25, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:27, Info CSI 0000007e [SR] Verify complete
2015-01-20 00:17:27, Info CSI 0000007f [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:27, Info CSI 00000080 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:30, Info CSI 00000082 [SR] Verify complete
2015-01-20 00:17:30, Info CSI 00000083 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:30, Info CSI 00000084 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:32, Info CSI 00000086 [SR] Verify complete
2015-01-20 00:17:33, Info CSI 00000087 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:33, Info CSI 00000088 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:35, Info CSI 0000008a [SR] Verify complete
2015-01-20 00:17:36, Info CSI 0000008b [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:36, Info CSI 0000008c [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:40, Info CSI 00000090 [SR] Verify complete
2015-01-20 00:17:40, Info CSI 00000091 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:40, Info CSI 00000092 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:44, Info CSI 00000094 [SR] Verify complete
2015-01-20 00:17:44, Info CSI 00000095 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:44, Info CSI 00000096 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:51, Info CSI 00000098 [SR] Verify complete
2015-01-20 00:17:51, Info CSI 00000099 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:51, Info CSI 0000009a [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:55, Info CSI 0000009c [SR] Verify complete
2015-01-20 00:17:55, Info CSI 0000009d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:55, Info CSI 0000009e [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:57, Info CSI 000000a0 [SR] Verify complete
2015-01-20 00:17:57, Info CSI 000000a1 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:57, Info CSI 000000a2 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:57, Info CSI 000000a4 [SR] Verify complete
2015-01-20 00:17:58, Info CSI 000000a5 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:58, Info CSI 000000a6 [SR] Beginning Verify and Repair transaction
2015-01-20 00:17:59, Info CSI 000000a8 [SR] Verify complete
2015-01-20 00:17:59, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:17:59, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:04, Info CSI 000000c8 [SR] Verify complete
2015-01-20 00:18:04, Info CSI 000000c9 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:04, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:05, Info CSI 000000cc [SR] Verify complete
2015-01-20 00:18:05, Info CSI 000000cd [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:05, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:07, Info CSI 000000d0 [SR] Verify complete
2015-01-20 00:18:07, Info CSI 000000d1 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:07, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:08, Info CSI 000000d4 [SR] Verify complete
2015-01-20 00:18:09, Info CSI 000000d5 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:09, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:11, Info CSI 000000d8 [SR] Verify complete
2015-01-20 00:18:11, Info CSI 000000d9 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:11, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:17, Info CSI 000000dd [SR] Verify complete
2015-01-20 00:18:17, Info CSI 000000de [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:17, Info CSI 000000df [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:18, Info CSI 000000e1 [SR] Verify complete
2015-01-20 00:18:19, Info CSI 000000e2 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:19, Info CSI 000000e3 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:19, Info CSI  000000e5 [SR] Verify complete
2015-01-20 00:18:19, Info CSI 000000e6 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:19, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:22, Info CSI 000000e9 [SR] Verify complete
2015-01-20 00:18:22, Info CSI 000000ea [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:22, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:24, Info CSI 000000ed [SR] Verify complete
2015-01-20 00:18:24, Info CSI 000000ee [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:24, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:26, Info CSI 000000f1 [SR] Verify complete
2015-01-20 00:18:26, Info CSI 000000f2 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:26, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:30, Info CSI 000000f6 [SR] Verify complete
2015-01-20 00:18:31, Info CSI 000000f7 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:31, Info CSI 000000f8 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:35, Info CSI 0000011d [SR] Verify complete
2015-01-20 00:18:35, Info CSI 0000011e [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:35, Info CSI 0000011f [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:39, Info CSI 00000121 [SR] Verify complete
2015-01-20 00:18:39, Info CSI 00000122 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:39, Info CSI 00000123 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:48, Info CSI 00000125 [SR] Verify complete
2015-01-20 00:18:48, Info CSI 00000126 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:48, Info CSI 00000127 [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:52, Info CSI 0000012a [SR] Verify complete
2015-01-20 00:18:53, Info CSI 0000012b [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:53, Info CSI 0000012c [SR] Beginning Verify and Repair transaction
2015-01-20 00:18:57, Info CSI 0000012e [SR] Verify complete
2015-01-20 00:18:57, Info CSI 0000012f [SR] Verifying 100 (0x00000064) components
2015-01-20 00:18:57, Info CSI 00000130 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:00, Info CSI 00000132 [SR] Verify complete
2015-01-20 00:19:01, Info CSI 00000133 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:01, Info CSI 00000134 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:03, Info CSI 00000136 [SR] Verify complete
2015-01-20 00:19:03, Info CSI 00000137 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:03, Info CSI 00000138 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:06, Info CSI 0000013a [SR] Verify complete
2015-01-20 00:19:06, Info CSI 0000013b [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:06, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:08, Info CSI 0000013f [SR] Verify complete
2015-01-20 00:19:08, Info CSI 00000140 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:08, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:10, Info CSI 00000143 [SR] Verify complete
2015-01-20 00:19:10, Info CSI 00000144 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:10, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:18, Info CSI 00000147 [SR] Verify complete
2015-01-20 00:19:19, Info CSI 00000148 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:19, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:23, Info CSI 0000014c [SR] Verify complete
2015-01-20 00:19:23, Info CSI 0000014d [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:23, Info CSI 0000014e [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:26, Info CSI 00000150 [SR] Verify complete
2015-01-20 00:19:27, Info CSI 00000151 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:27, Info CSI 00000152 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:30, Info CSI 00000154 [SR] Verify complete
2015-01-20 00:19:30, Info CSI 00000155 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:30, Info CSI 00000156 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:35, Info CSI 00000159 [SR] Verify complete
2015-01-20 00:19:35, Info CSI 0000015a [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:35, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:38, Info CSI 0000015d [SR] Verify complete
2015-01-20 00:19:39, Info CSI 0000015e [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:39, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:41, Info CSI 00000161 [SR] Verify complete
2015-01-20 00:19:41, Info CSI 00000162 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:41, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:44, Info CSI 00000165 [SR] Verify complete
2015-01-20 00:19:44, Info CSI 00000166 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:44, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:46, Info CSI 00000169 [SR] Verify complete
2015-01-20 00:19:47, Info CSI 0000016a [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:47, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:51, Info CSI 0000016e [SR] Verify complete
2015-01-20 00:19:51, Info CSI 0000016f [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:51, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:53, Info CSI 00000172 [SR] Verify complete
2015-01-20 00:19:54, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:54, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:56, Info CSI 00000176 [SR] Verify complete
2015-01-20 00:19:56, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:56, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2015-01-20 00:19:59, Info CSI 0000017a [SR] Verify complete
2015-01-20 00:19:59, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2015-01-20 00:19:59, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:02, Info CSI 0000017f [SR] Verify complete
2015-01-20 00:20:02, Info CSI 00000180 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:02, Info CSI 00000181 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:05, Info CSI 00000183 [SR] Verify complete
2015-01-20 00:20:05, Info CSI 00000184 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:05, Info CSI 00000185 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:09, Info CSI 00000187 [SR] Verify complete
2015-01-20 00:20:09, Info CSI 00000188 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:09, Info CSI 00000189 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:12, Info CSI 0000018b [SR] Verify complete
2015-01-20 00:20:13, Info CSI 0000018c [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:13, Info CSI 0000018d [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:14, Info CSI 0000018f [SR] Verify complete
2015-01-20 00:20:14, Info CSI 00000190 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:14, Info CSI 00000191 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:15, Info CSI 00000193 [SR] Verify complete
2015-01-20 00:20:16, Info CSI 00000194 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:16, Info CSI 00000195 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:18, Info CSI 00000197 [SR] Verify complete
2015-01-20 00:20:19, Info CSI 00000198 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:19, Info CSI 00000199 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:22, Info CSI 0000019b [SR] Verify complete
2015-01-20 00:20:22, Info CSI 0000019c [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:22, Info CSI 0000019d [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:25, Info CSI 0000019f [SR] Verify complete
2015-01-20 00:20:26, Info CSI 000001a0 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:26, Info CSI 000001a1 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:27, Info CSI 000001a3 [SR] Verify complete
2015-01-20 00:20:28, Info CSI 000001a4 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:28, Info CSI 000001a5 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:32, Info CSI 000001a7 [SR] Verify complete
2015-01-20 00:20:32, Info CSI 000001a8 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:32, Info CSI 000001a9 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:44, Info CSI 000001ab [SR] Verify complete
2015-01-20 00:20:44, Info CSI 000001ac [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:44, Info CSI 000001ad [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:52, Info CSI 000001af [SR] Verify complete
2015-01-20 00:20:52, Info CSI 000001b0 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:52, Info CSI 000001b1 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:56, Info CSI 000001b3 [SR] Verify complete
2015-01-20 00:20:56, Info CSI 000001b4 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:56, Info CSI 000001b5 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:57, Info CSI 000001b7 [SR] Verify complete
2015-01-20 00:20:58, Info CSI 000001b8 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:20:58, Info CSI 000001b9 [SR] Beginning Verify and Repair transaction
2015-01-20 00:20:59, Info CSI 000001bb [SR] Verify complete
2015-01-20 00:21:00, Info CSI 000001bc [SR] Verifying 100 (0x00000064) components
2015-01-20 00:21:00, Info CSI 000001bd [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:02, Info CSI 000001bf [SR] Verify complete
2015-01-20 00:21:02, Info CSI 000001c0 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:21:02, Info CSI 000001c1 [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:05, Info CSI 000001c3 [SR] Verify complete
2015-01-20 00:21:05, Info CSI 000001c4 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:21:05, Info CSI 000001c5 [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:05, Info CSI 000001c7 [SR] Verify complete
2015-01-20 00:21:06, Info CSI 000001c8 [SR] Verifying 100 (0x00000064) components
2015-01-20 00:21:06, Info CSI 000001c9 [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:06, Info CSI 000001cb [SR] Verify complete
2015-01-20 00:21:07, Info CSI 000001cc [SR] Verifying 100 (0x00000064) components
2015-01-20 00:21:07, Info CSI 000001cd [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:09, Info CSI 000001cf [SR] Verify complete
2015-01-20 00:21:09, Info CSI 000001d0 [SR] Verifying 13 (0x0000000d) components
2015-01-20 00:21:09, Info CSI 000001d1 [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:10, Info CSI 000001d3 [SR] Verify complete
2015-01-20 00:21:10, Info CSI 000001d4 [SR] Repairing 0 components
2015-01-20 00:21:10, Info CSI 000001d5 [SR] Beginning Verify and Repair transaction
2015-01-20 00:21:10, Info CSI 000001d7 [SR] Repair complete


----------



## kevinf80 (Mar 21, 2006)

Follow instructions here: http://www.sevenforums.com/tutorials/101379-driver-verifier-enable-disable.html run Driver Verifier....


----------



## Walloped (Dec 30, 2014)

I ran the driver verifier, and its been a day or two. what do I do now. do I need to stop it and get a log. the info on the page dosnt really say.

Malware bytes still crashes the computer with a Blue screen. I think the mouse became corrupt, so I got new keys and mouse as I was using old ones, so no more usb sounds

It aslo crashed when it went into sleep mode.

I watch a alot of stuff of online. I fell asleep last night while watching a movie. when I awoke the computer had crashed but was in power save mode. As the red power button was still on. when I went to wake it, it was awaking from a crash and I got a blue screen code when I restarted it.


----------



## kevinf80 (Mar 21, 2006)

Was ther a crash when verifier was active, if so upload the minidump file....


----------



## Walloped (Dec 30, 2014)

This is what I got when I woke up in the AM. Guess it crashed after it went into sleep mode

Blue Screen view January 23
==================================================
Dump File : 012315-22510-01.dmp
Crash Time : 1/23/2015 9:05:39 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0419040
Parameter 2 : 0xc0000185
Parameter 3 : 0x883b4860
Parameter 4 : 0x83208ea5
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+debfc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+debfc
Stack Address 1 : ntkrnlpa.exe+a3187
Stack Address 2 : ntkrnlpa.exe+a6a69
Stack Address 3 : ntkrnlpa.exe+90180
Computer Name : 
Full Path : C:\Windows\Minidump\012315-22510-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 169,608
Dump File Time : 1/23/2015 9:10:36 AM
==================================================


----------



## Walloped (Dec 30, 2014)

This is what I got when I woke up in the AM. Guess it crashed after it went into sleep mode.
A couple of days ago I noticed that a piece of "something", appeared in the lower right hand side. Near the time. 

I now realize it looks like tiny sliver of the comodo dock thats movable. But this is just a tiny sliver of it. It looks like part of the C in comod. I can move it around, but it dosnt do anthing when you click on it. It just stay infront of whatever screen is active


Blue Screen view January 23
==================================================
Dump File : 012315-22510-01.dmp
Crash Time : 1/23/2015 9:05:39 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc0419040
Parameter 2 : 0xc0000185
Parameter 3 : 0x883b4860
Parameter 4 : 0x83208ea5
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+debfc
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18409 (win7sp1_gdr.140303-2144)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+debfc
Stack Address 1 : ntkrnlpa.exe+a3187
Stack Address 2 : ntkrnlpa.exe+a6a69
Stack Address 3 : ntkrnlpa.exe+90180
Computer Name : 
Full Path : C:\Windows\Minidump\012315-22510-01.dmp
Processors Count : 8
Major Version : 15
Minor Version : 7601
Dump File Size : 169,608
Dump File Time : 1/23/2015 9:10:36 AM
==================================================


----------



## Walloped (Dec 30, 2014)

Piece of stray thing that appeared on the desk top


----------



## kevinf80 (Mar 21, 2006)

Those dump files are from the 23rd Jan, has there been any BSOD since that time?


----------



## Walloped (Dec 30, 2014)

No , Just this one from when it crashed, when it went into sleep mode after a 3-4 hours of non use. but I realize I have to click the mouse several times to get it out of screen saver mode. but that was happening for a while now


----------



## kevinf80 (Mar 21, 2006)

So are we ok regarding malware/infection problems? run OTC to finish clean up..

First,

To re-enable your Emulation drivers, double click *DeFogger* to run the tool.

 The application window will appear
 Click the *Re-enable* button to re-enable your CD Emulation drivers
 Click *Yes* to continue
 A *'Finished!'* message will appear
 Click *OK*
 DeFogger will now ask to reboot the machine - click *OK*
*IMPORTANT!* If you receive an error message while running DeFogger, please post the log *defogger_enable* which will appear on your desktop.
Your Emulation drivers are now re-enabled.

Next,


Download OTC by OldTimer from here http://oldtimer.geekstogo.com/OTC.exe or here http://www.itxassociates.com/OT-Tools/OTC.exe and save to your Desktop.
Double click







icon to start the program. 
If you are using Vista or Windows 7 accept UAC
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

*Any tools/logs remaining on the Desktop or downloads folder can be deleted.*

If there are still issues with crashes maybe worthwhile open a thread in the Operating System forum and give to this thread so the OS guys can see what has been done already...


----------



## Walloped (Dec 30, 2014)

any ideas what I can do with that mysterious thing on the desktop. I can move it around, but it dosnt do anthing. You cant click on it, and I dont know where its from, or how it got on the computer and on the desktop.


----------



## kevinf80 (Mar 21, 2006)

The issue you mention is named Comodo, same as your Firewall. There is a drop down on the icon, can you select that? does anything happen?
Right click on the icon, select "Properties" under the general tab what information do you get?


----------



## Walloped (Dec 30, 2014)

No its not part of it, the graphic design part of ...it just looks like/ resembles part of the comodo pop out. I closed the comodo pop out and the item is still there. Is like a scrap. I can move it around but nothing happens, nothing happens if I click on it or right click on it.

I did a new ADwCleaner and it picked up a registry key. Is this a registry key from one of the cleaners I installed?

I found this on a search

http://www.threatexpert.com/report.aspx?md5=c80756f6ee63434c1b12b06137d19c10
from pipoffers.apnpartners.com

Also reinstalled Malware bytes, and it still crashes the computer when it get to the end. wondering if this has anthing to do with with the other cleaners like Adware and defogger etc that I have installed?

*AdwCleaner v4.109 - Report created 02/02/2015 at 11:50:09
*
# AdwCleaner v4.109 - Report created 02/02/2015 at 11:50:09
# Updated 24/01/2015 by Xplode
# Database : 2015-01-26.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : MohenDaro - MOHENDARO-1
# Running from : C:\Users\MohenDaro\Desktop\clean jan 2\adwcleaner_4.109.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16599

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [673 octets] - [02/02/2015 11:50:09]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [732 octets] ##########


----------



## kevinf80 (Mar 21, 2006)

The entry you mention removed by AdwCleaner is remnant of ASK, possibly a toolbar remnant or similar.

Back to the Desktop icon, can you drag and drop it in the Recycle Bin? if not navigate to to the Desktop folder and see what shows...

Click on Start > Computer > C:\Users\MohenDaro\Desktop\ Open the Desktop folder, what is showing?


----------



## Walloped (Dec 30, 2014)

item from ADwCleaner - Yes it was a ask tool bar and is on a pdf viewer, which was sneaked on...didnt even remember seeing it on there

All I can do is drag it around that strip. it seems to appear when I start Firefox, and then stay on even when I close firefox. It also stays in front of whatever window is active

I dont see it in the desktop folder by going through the C drive. its not there everything on the desktop is though


----------



## kevinf80 (Mar 21, 2006)

> I dont see it in the desktop folder by going through the C drive. its not there everything on the desktop is though


Can you enable "Show Hidden Files, Folders and drives" from Folder Options then Check the Desktop folder again, is there anything different showing now?

Link for show/hide files folders etc.... http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html


----------



## Walloped (Dec 30, 2014)

Okay it disappearance when I did a reorganizing and deleted some of of the items on the desktop, most of it was from the logs and the cleaning programs...its anyone's guess, what that was about.

Any ideas on how to get Malware bytes working properly completely and fully to the end. It still crashed the computer at the end. Its the only walware program that I know that works so well and also free. so I would like to have a working version


----------



## kevinf80 (Mar 21, 2006)

If you're unable to run or complete the scan as shown below please see the following:

*MBAM Clean Removal Process 2x*

Follow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes.

When reinstalling the program please try the latest version from here:

http://www.malwarebytes.org/mwb-download/

Right click and choose *"Run as administrator"* to open Malwarebytes Anti-Malware and from the Dashboard please *Check for Updates* by clicking the *Update Now*... link
Open up *Malwarebytes* > *Settings* > *Detection* and *Protection* > Enable *Scan for rootkit* and Under *Non Malware Protection* set both *PUP* and *PUM* to *Treat detections as malware*.
Click on the *SCAN* button and run a *Threat Scan* with *Malwarebytes Anti-Malware* by clicking the *Scan Now>> button*.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Thanks,

Kevin


----------



## Walloped (Dec 30, 2014)

Sorry didnt get back earlier my brain was on holiday again...seriously dont know where the time went, was completing a pt class assinment and work, sorry but still here. okay 
so Malware Bytes - removed old one, cleaned and installed another copy and it crashed when it reached a certain point in the heuristics scan as it usually does.

log
********************
Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 2/26/2015 8:11:04 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Starting, 
Protection, 2/26/2015 8:11:04 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Started, 
Protection, 2/26/2015 8:11:04 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 2/26/2015 8:11:05 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Update, 2/26/2015 8:11:17 PM, SYSTEM, MOHENDARO-1, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 2/26/2015 8:11:17 PM, SYSTEM, MOHENDARO-1, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1, 
Update, 2/26/2015 8:11:21 PM, SYSTEM, MOHENDARO-1, Manual, Malware Database, 2014.11.20.6, 2015.2.26.5, 
Protection, 2/26/2015 8:11:21 PM, SYSTEM, MOHENDARO-1, Protection, Refresh, Starting, 
Protection, 2/26/2015 8:11:21 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopping, 
Protection, 2/26/2015 8:11:21 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopped, 
Protection, 2/26/2015 8:11:27 PM, SYSTEM, MOHENDARO-1, Protection, Refresh, Success, 
Protection, 2/26/2015 8:11:27 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 2/26/2015 8:11:27 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Protection, 2/26/2015 8:22:21 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Starting, 
Protection, 2/26/2015 8:22:21 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Started, 
Protection, 2/26/2015 8:22:21 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 2/26/2015 8:23:21 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started,

(end)


----------



## kevinf80 (Mar 21, 2006)

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan"

Download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Post the two fresh logs....

Thanks,

Kevin..


----------



## Walloped (Dec 30, 2014)

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by MohenDaro (administrator) on MOHENDARO-1 on 04-03-2015 11:56:22
Running from C:\Users\MohenDaro\Desktop\New folder
Loaded Profiles: MohenDaro (Available profiles: MohenDaro & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SuperAnti2\SASCore.exe
(DTS, Inc) C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATILQE.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe
(Glarysoft Ltd) C:\Program Files\Glary Utilities 5\Integrator.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdvirth.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6310504 2011-11-08] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe [1571432 2011-11-03] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1243864 2015-02-03] (COMODO)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2015-01-01] (NVIDIA Corporation)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2015-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\Run: [GUDelayStartup] => C:\Program Files\Glary Utilities 5\StartupManager.exe [37152 2015-02-01] (Glarysoft Ltd)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATILQE.EXE [260160 2015-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\MountPoints2: {51cfa21a-9e55-11e4-9003-3085a99733ab} - I:\LGAutoRun.exe
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
BootExecute: autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3562293704-32423027-4047423185-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3562293704-32423027-4047423185-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3562293704-32423027-4047423185-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\w4eoqgno.default-1421104006759
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\w4eoqgno.default-1421104006759\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\w4eoqgno.default-1421104006759\searchplugins\startpage-ssl.xml
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\w4eoqgno.default-1421104006759\Extensions\[email protected] [2015-01-15]
FF Extension: Private Tab - C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\w4eoqgno.default-1421104006759\Extensions\[email protected] [2015-02-06]
FF Extension: Adblock Plus - C:\Users\MohenDaro\AppData\Roaming\Mozilla\Firefox\Profiles\w4eoqgno.default-1421104006759\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-01-12]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-29]

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-29]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-29]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SuperAnti2\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-29] (AVAST Software)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5868440 2015-02-03] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1664216 2015-02-03] (COMODO)
R2 DTSAudioSvc; C:\Program Files\Realtek\Audio\HDA\DTSU2PAuSrv32.exe [182272 2011-08-05] (DTS, Inc)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2015-01-20] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RP7.EXE [143424 2015-01-20] (SEIKO EPSON CORPORATION)
R2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-02-14] (Foxit Software Inc.)
R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [117920 2011-08-15] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-02-26] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2015-02-26] (Malwarebytes Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 asahci32; C:\Windows\System32\DRIVERS\asahci32.sys [43104 2011-09-21] (Asmedia Technology)
R3 asmthub3; C:\Windows\System32\DRIVERS\asmthub3.sys [102888 2011-11-03] (ASMedia Technology Inc)
R3 asmtxhci; C:\Windows\System32\DRIVERS\asmtxhci.sys [313832 2011-11-03] (ASMedia Technology Inc)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-29] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-29] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-29] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-29] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-29] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-29] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [17088 2015-01-30] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [618072 2015-01-30] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [41248 2015-01-30] (COMODO)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-03-02] (DT Soft Ltd)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [268968 2011-07-19] (Intel Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [17344 2014-12-29] (Glarysoft Ltd)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [91200 2015-01-30] (COMODO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-02-26] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-02-26] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SuperAnti2\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SuperAnti2\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 11:55 - 2015-03-04 11:56 - 00000000 ____D () C:\FRST
2015-03-02 02:06 - 2015-03-02 02:06 - 00169624 _____ () C:\Windows\Minidump\030215-20810-01.dmp
2015-03-01 11:08 - 2015-03-01 11:49 - 00002495 _____ () C:\Users\MohenDaro\Desktop\public mobile.txt
2015-03-01 02:18 - 2015-03-01 02:18 - 00169608 _____ () C:\Windows\Minidump\030115-21309-01.dmp
2015-02-28 17:29 - 2015-01-20 12:01 - 00000000 ____D () C:\Users\MohenDaro\Downloads\The Life-Changing Magic of Tidying Up - Marie Kondo
2015-02-27 02:53 - 2015-02-27 02:53 - 00169616 _____ () C:\Windows\Minidump\022715-22167-01.dmp
2015-02-26 21:26 - 2015-02-26 22:23 - 174245291 _____ () C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar
2015-02-26 20:21 - 2015-02-26 20:22 - 00169568 _____ () C:\Windows\Minidump\022615-22479-01.dmp
2015-02-26 20:11 - 2015-03-04 11:55 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 20:10 - 2015-02-26 20:10 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 20:10 - 2015-02-26 20:10 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-26 20:10 - 2015-02-26 20:10 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 20:10 - 2015-02-26 20:10 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-26 20:10 - 2015-02-26 20:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-26 20:10 - 2015-02-26 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-26 20:10 - 2015-02-26 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-26 19:57 - 2015-02-26 19:57 - 00321848 _____ (Malwarebytes Corporation) C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe
2015-02-26 17:01 - 2015-02-26 17:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-23 21:52 - 2015-02-23 22:49 - 175314579 _____ () C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar
2015-02-23 20:37 - 2015-02-23 20:38 - 00510604 _____ () C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub
2015-02-22 19:22 - 2015-02-22 19:56 - 105000000 _____ () C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar
2015-02-22 19:18 - 2015-02-22 20:16 - 175314579 _____ () C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar
2015-02-20 15:07 - 2015-02-20 15:07 - 00489262 _____ () C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub
2015-02-20 06:36 - 2015-02-20 06:36 - 00169520 _____ () C:\Windows\Minidump\022015-22339-01.dmp
2015-02-19 12:58 - 2015-02-19 12:58 - 00001256 _____ () C:\Users\MohenDaro\Desktop\Digital Design Coordinator info.txt
2015-02-18 03:49 - 2015-02-18 03:49 - 00169600 _____ () C:\Windows\Minidump\021815-22339-01.dmp
2015-02-17 13:34 - 2015-03-04 11:56 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder
2015-02-10 03:33 - 2015-02-10 03:33 - 00169568 _____ () C:\Windows\Minidump\021015-22588-01.dmp
2015-02-09 16:47 - 2014-12-03 13:30 - 125197473 _____ () C:\Users\MohenDaro\Desktop\WHITE_NOISE_Bathroom_Fan - Copy.mp4
2015-02-09 13:33 - 2015-02-09 13:33 - 01501871 _____ () C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub
2015-02-06 18:43 - 2015-02-14 10:10 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\Foxit Software
2015-02-06 18:42 - 2015-02-06 18:42 - 00002091 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-02-06 18:42 - 2015-02-06 18:42 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-02-06 18:42 - 2015-02-06 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-02-06 18:42 - 2015-02-06 18:42 - 00000000 ____D () C:\Program Files\Foxit Software
2015-02-06 11:49 - 2015-02-06 12:11 - 68380761 _____ () C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar
2015-02-05 19:26 - 2015-03-04 11:54 - 00003440 _____ () C:\Windows\system32\Drivers\fvstore.dat
2015-02-05 19:26 - 2015-02-05 19:26 - 00000000 ___HD () C:\VTRoot
2015-02-05 12:53 - 2015-02-05 12:53 - 00000000 ___HD () C:\Users\MohenDaro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2015-02-03 11:13 - 2015-02-03 11:15 - 00000000 ____D () C:\Users\MohenDaro\Downloads\Pluralsight_Designing_Killer_Job-Search_Strategy
2015-02-03 09:01 - 2015-02-03 09:01 - 00169624 _____ () C:\Windows\Minidump\020315-22448-01.dmp
2015-02-02 12:07 - 2015-02-02 12:07 - 00000811 _____ () C:\Users\MohenDaro\Desktop\AdwCleaner[R0] feb 2.txt
2015-02-02 11:50 - 2015-02-02 11:52 - 00000000 ____D () C:\AdwCleaner

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 11:53 - 2014-05-27 21:49 - 00000000 ____D () C:\Users\MohenDaro\AppData\Roaming\vlc
2015-03-04 11:35 - 2015-01-20 18:35 - 00000917 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {62C707D9-8110-451D-B322-B52BD2B2FB15}.job
2015-03-04 11:35 - 2015-01-20 18:35 - 00000731 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {62C707D9-8110-451D-B322-B52BD2B2FB15}.job
2015-03-04 11:35 - 2009-07-13 23:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-03-04 09:31 - 2009-07-13 23:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 09:31 - 2009-07-13 23:34 - 00026544 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 09:27 - 2014-12-30 13:41 - 01417870 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 09:26 - 2014-12-29 18:13 - 00000328 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2015-03-04 09:26 - 2014-12-29 18:13 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2015-03-04 09:23 - 2015-02-01 15:47 - 00002632 _____ () C:\Windows\setupact.log
2015-03-04 09:23 - 2013-03-02 13:18 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 09:23 - 2009-07-13 23:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-02 02:06 - 2015-02-01 15:47 - 307520282 _____ () C:\Windows\MEMORY.DMP
2015-03-02 02:06 - 2014-11-12 17:58 - 00000000 ____D () C:\Windows\Minidump
2015-02-28 17:34 - 2014-07-20 14:20 - 00000000 ____D () C:\Users\MohenDaro\Downloads\New folder
2015-02-26 20:21 - 2015-02-01 15:47 - 00011888 _____ () C:\Windows\PFRO.log
2015-02-19 11:00 - 2015-01-15 19:59 - 00000000 ____D () C:\Users\MohenDaro\AppData\Local\CrashDumps
2015-02-18 09:18 - 2009-07-13 23:53 - 00032644 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-17 13:34 - 2014-12-29 14:02 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder (3)
2015-02-16 12:16 - 2015-01-24 17:53 - 00000000 __SHD () C:\Users\MohenDaro\AppData\Roaming\.#
2015-02-06 22:25 - 2015-02-01 13:50 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-06 22:25 - 2015-02-01 13:50 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-06 22:25 - 2014-06-06 13:30 - 00000000 ____D () C:\Users\MohenDaro\AppData\Local\Adobe
2015-02-06 18:42 - 2009-07-13 21:37 - 00000000 ___RD () C:\Users\Public
2015-02-06 18:28 - 2013-03-02 13:54 - 00000000 ____D () C:\Program Files\Tracker Software
2015-02-06 11:04 - 2013-03-02 13:41 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-05 17:08 - 2014-12-29 20:20 - 00000000 ____D () C:\Program Files\SuperAnti2
2015-02-05 16:48 - 2014-12-29 23:41 - 00000000 ____D () C:\Users\MohenDaro\Desktop\New folder (4)
2015-02-02 16:02 - 2015-01-26 21:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-02 11:49 - 2015-01-02 09:02 - 00000000 ____D () C:\Users\MohenDaro\Desktop\clean jan 2

==================== Files in the root of some directories =======

2014-12-30 14:01 - 2014-12-30 14:01 - 0000036 _____ () C:\Users\MohenDaro\AppData\Local\housecall.guid.cache
2014-06-09 10:01 - 2014-06-09 10:01 - 0000017 _____ () C:\Users\MohenDaro\AppData\Local\resmon.resmoncfg
2008-02-05 14:28 - 2008-02-05 14:28 - 0000051 _____ () C:\Users\MohenDaro\AppData\Local\setup.txt
2014-12-30 14:05 - 2014-12-31 21:03 - 0000010 _____ () C:\Users\MohenDaro\AppData\Local\sponge.last.runtime.cache

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 08:50

==================== End Of Log ============================


----------



## Walloped (Dec 30, 2014)

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by MohenDaro at 2015-03-04 11:57:00
Running from C:\Users\MohenDaro\Desktop\New folder
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC}
FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Asmedia ASM106x SATA Host Controller Driver (HKLM\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
Balabolka (HKLM\...\Balabolka) (Version: 2.03 - Ilya Morozov)
COMODO Firewall (HKLM\...\{18F14F4B-D8A9-4309-817E-3BC0B7664E53}) (Version: 8.0.0.4344 - COMODO Security Solutions Inc.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Event Manager (HKLM\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON XP-610 Series Printer Uninstall (HKLM\...\EPSON XP-610 Series) (Version: - SEIKO EPSON Corporation)
EPSON XP-610 Users Guide version 1.0 (HKLM\...\UsersGuideEPSON XP-610 Users Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Foxit Cloud (HKLM\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.8.49.213 - Foxit Software Inc.)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Glary Utilities 5.17 (HKLM\...\Glary Utilities 5) (Version: 5.17.0.30 - Glarysoft Ltd)
HD Tune 2.55 (HKLM\...\HD Tune_is1) (Version: - EFD Software)
Human Diseases (HKLM\...\Human Diseases_is1) (Version: - Delmar Learning)
Intel(R) Network Connections 16.6.126.0 (HKLM\...\PROSetDX) (Version: 16.6.126.0 - Intel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NextUp.com-NeoSpeech Kate16 Voice (HKLM\...\{D596B228-E9F4-4B42-B304-8A75A6F2AB86}) (Version: 2.01.0000 - NextUp.com)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version: - )
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6499 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Software Updater (HKLM\...\{7ACB9D1D-5B26-4CE4-964A-1EB22461E6F6}) (Version: 4.1.0 - SEIKO EPSON CORPORATION)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

07-01-2015 13:19:10 End of disinfection
20-01-2015 18:30:40 Installed EpsonNet Print
26-01-2015 15:05:23 Removed Epson Customer Participation
26-01-2015 15:06:23 Removed Epson Customer Participation
26-01-2015 15:07:22 Removed Epson Customer Participation
06-02-2015 11:04:07 Windows Update
06-02-2015 18:25:48 Revo Uninstaller's restore point - PDF-Viewer
06-02-2015 18:32:32 Revo Uninstaller's restore point - PDF-Viewer
26-02-2015 19:50:45 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.0.4.1028

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DC56B6A-2A47-4F1A-B249-67B990A2929A} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2015-02-01] (Glarysoft Ltd)
Task: {137DE160-19AF-4C9A-BE36-B16A471870D0} - System32\Tasks\EPSON XP-610 Series Invitation {62C707D9-8110-451D-B322-B52BD2B2FB15} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE [2015-01-20] (SEIKO EPSON CORPORATION)
Task: {1F2CF65F-394D-4925-BAF0-28059C68EC4C} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)
Task: {4D22695F-A925-4B42-BE35-0E28DFCB9671} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-02-03] (COMODO)
Task: {5416E28F-6F35-49B1-A551-1A3B4FD329A4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6336E89D-A460-4CAB-A596-201B8C9EE535} - System32\Tasks\EPSON XP-610 Series Update {62C707D9-8110-451D-B322-B52BD2B2FB15} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE [2015-01-20] (SEIKO EPSON CORPORATION)
Task: {66C028F2-9D50-4C04-A69F-D1FE05AC6D91} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2015-02-01] (Glarysoft Ltd)
Task: {6823BFE3-5664-4995-8FEC-7CCF9E118DFD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-29] (AVAST Software)
Task: {77CD56D8-0B0C-40A9-9C81-6181CD1763F4} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-02-03] (COMODO)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {62C707D9-8110-451D-B322-B52BD2B2FB15}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {62C707D9-8110-451D-B322-B52BD2B2FB15}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FTSLQE.EXE:/EXE:{62C707D9-8110-451D-B322-B52BD2B2FB15} /F:UpdateSYSTEM
Searches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\Windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-03 18:08 - 2015-03-03 18:08 - 02916864 _____ () C:\Program Files\AVAST Software\Avast\defs\15030301\algo.dll
2015-03-04 09:24 - 2015-03-04 09:24 - 02916352 _____ () C:\Program Files\AVAST Software\Avast\defs\15030402\algo.dll
2013-03-02 13:18 - 2014-07-02 14:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-29 19:03 - 2014-12-29 19:03 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-19 02:26 - 2015-01-19 02:26 - 00080160 _____ () C:\Program Files\Glary Utilities 5\zlib1.dll
2015-01-26 21:43 - 2015-01-26 21:43 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enppmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enpres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ensppmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ensppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enspres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\escsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_DCINST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_FD4BLQE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_FLMBLQE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco3234052.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco3234052.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco3220103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atapi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\monitor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda32v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Career Quizzes 12 Tests to Help You Discover and Develop Your Dream Career _Jist.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Career Quizzes 12 Tests to Help You Discover and Develop Your Dream Career _Jist.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\delfix_10.8.exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\delfix_10.8.exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Hostel_Relief_Worker__-_deadline_July_13__2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Hostel_Relief_Worker__-_deadline_July_13__2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\manual-1028.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\manual-1028.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\module-3-record-identification-systems-filing-and-retention-of-health-records.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\module-3-record-identification-systems-filing-and-retention-of-health-records.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Office Volunteer.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Office Volunteer.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule Mar 2nd - Apr 5th, 2015.docx:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule Mar 2nd - Apr 5th, 2015.docx:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Terminal Digit Filing_bok1_046261.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Terminal Digit Filing_bok1_046261.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Volunteer-Application.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Volunteer-Application.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520271882_The.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520271882_The.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520279581HitchcockC.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520279581HitchcockC.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\1l1jf.Case.Studies.for.Health.Information.Management 2nd.ed.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\1l1jf.Case.Studies.for.Health.Information.Management 2nd.ed.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8cu8w.Touch.Typing.in.Ten.Hours.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8cu8w.Touch.Typing.in.Ten.Hours.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8k3ld.Medical.Terminology.An.Illustrated.Guide.7th.Edition.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8k3ld.Medical.Terminology.An.Illustrated.Guide.7th.Edition.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\AptitudePersonalityand.softarchive.net.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\AptitudePersonalityand.softarchive.net.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\backgroundfile-32455.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\backgroundfile-32455.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\British Guyana G_5250_1000_1924.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\British Guyana G_5250_1000_1924.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\careers-hsp-project-coordinator1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\careers-hsp-project-coordinator1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Designing business docs.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Designing business docs.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\EIU_Safe_Cities_Index_2015_white_paper-1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\EIU_Safe_Cities_Index_2015_white_paper-1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\FrequentlyAskedQuestions_MedCon.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\FrequentlyAskedQuestions_MedCon.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health Information Management Technology An Applied Approach ahima.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health Information Management Technology An Applied Approach ahima.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\HoursMatter_Nov09.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\HoursMatter_Nov09.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Housekeeping-Program Assistant - Casual - Jan 2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Housekeeping-Program Assistant - Casual - Jan 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Mental-Health-Community-Resources-For-Clients.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Mental-Health-Community-Resources-For-Clients.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Never Eat Alone And Other Secrets to Success, One Relationship at a Time.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Never Eat Alone And Other Secrets to Success, One Relationship at a Time.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\WindBilljan.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\WindBilljan.pdf:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3562293704-32423027-4047423185-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MohenDaro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3562293704-32423027-4047423185-500 - Administrator - Disabled)
Guest (S-1-5-21-3562293704-32423027-4047423185-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3562293704-32423027-4047423185-1003 - Limited - Enabled)
MohenDaro (S-1-5-21-3562293704-32423027-4047423185-1000 - Administrator - Enabled) => C:\Users\MohenDaro
UpdatusUser (S-1-5-21-3562293704-32423027-4047423185-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 01:37:23 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (02/26/2015 07:50:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {44bd78b9-301d-4c85-8612-652b2223f6d5}

Error: (02/19/2015 10:58:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: nvtray.exe, version: 7.17.13.4052, time stamp: 0x53b45798
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x1348
Faulting application start time: 0xnvtray.exe0
Faulting application path: nvtray.exe1
Faulting module path: nvtray.exe2
Report Id: nvtray.exe3

Error: (02/18/2015 01:41:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/8CF427FD790C3AD166068DE81E57EFBB932272D4.crt> with error: This operation returned because the timeout period expired.
.

Error: (02/02/2015 09:37:52 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location H:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (01/26/2015 03:09:01 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: MohenDaro-1)
Description: Application or service 'EpsonCustomerParticipation' could not be restarted.

Error: (01/20/2015 08:53:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/22D5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A.crt> with error: This operation returned because the timeout period expired.
.

Error: (01/19/2015 09:49:29 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\System32\gpsvc.dll for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File: C:\Windows\System32\gpsvc.dll

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (01/19/2015 09:49:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_gpsvc, version: 6.1.7600.16385, time stamp: 0x4a5bc100
Faulting module name: gpsvc.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b811
Exception code: 0xc0000006
Fault offset: 0x00049178
Faulting process id: 0x5d8
Faulting application start time: 0xsvchost.exe_gpsvc0
Faulting application path: svchost.exe_gpsvc1
Faulting module path: svchost.exe_gpsvc2
Report Id: svchost.exe_gpsvc3

Error: (01/19/2015 09:49:26 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.

Program: Host Process for Windows Services
File:

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 0

System errors:
=============
Error: (03/03/2015 10:29:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:27:09 PM on ‎3/‎3/‎2015 was unexpected.

Error: (03/02/2015 02:06:52 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0xc0419040, 0xc0000185, 0x9426c860, 0x83208ea5)C:\Windows\MEMORY.DMP030215-20810-01

Error: (03/02/2015 02:06:44 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:03:06 AM on ‎3/‎2/‎2015 was unexpected.

Error: (03/01/2015 02:19:36 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Server service terminated with the following error: 
%%1062

Error: (03/01/2015 02:18:55 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0xc0419018, 0xc0000185, 0x0afcd860, 0x83203ea5)C:\Windows\MEMORY.DMP030115-21309-01

Error: (03/01/2015 02:18:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:12:03 AM on ‎3/‎1/‎2015 was unexpected.

Error: (02/27/2015 02:53:32 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0xc0418e10, 0xc0000185, 0xa3578860, 0x831c2ea5)C:\Windows\MEMORY.DMP022715-22167-01

Error: (02/27/2015 02:53:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:05:19 AM on ‎2/‎27/‎2015 was unexpected.

Error: (02/26/2015 08:22:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007a (0xc0418df8, 0xc0000185, 0x75507860, 0x831bfdfb)C:\Windows\MEMORY.DMP022615-22479-01

Error: (02/26/2015 08:21:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:19:32 PM on ‎2/‎26/‎2015 was unexpected.

Microsoft Office Sessions:
=========================
Error: (03/02/2015 01:37:23 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (02/26/2015 07:50:44 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {44bd78b9-301d-4c85-8612-652b2223f6d5}

Error: (02/19/2015 10:58:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.405253b45798ntdll.dll6.1.7601.18247521ea91cc0000374000c3873134801d04c5cf15ee869C:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\SYSTEM32\ntdll.dll3157672d-b850-11e4-90b7-3085a99733ab

Error: (02/18/2015 01:41:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdo...427FD790C3AD166068DE81E57EFBB932272D4.crtThis operation returned because the timeout period expired.

Error: (02/02/2015 09:37:52 AM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: H:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (01/26/2015 03:09:01 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: MohenDaro-1)
Description: 0EPCP.exeEpsonCustomerParticipation03026217816280

Error: (01/20/2015 08:53:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdo...5D8DF8F0231D18DF79DB7CF8A2D64C93F6C3A.crtThis operation returned because the timeout period expired.

Error: (01/19/2015 09:49:29 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\Windows\System32\gpsvc.dllHost Process for Windows ServicesC00001853

Error: (01/19/2015 09:49:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_gpsvc6.1.7600.163854a5bc100gpsvc.dll6.1.7601.175144ce7b811c0000006000491785d801d033f6083a933cC:\Windows\system32\svchost.exec:\windows\system32\gpsvc.dll5eaa00e7-9fea-11e4-abca-3085a99733ab

Error: (01/19/2015 09:49:26 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Host Process for Windows ServicesC00001850

CodeIntegrity Errors:
===================================
Date: 2015-03-04 10:11:56.150
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-04 10:05:05.054
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-04 09:24:22.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-04 01:36:22.954
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-04 01:08:57.369
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 23:47:06.092
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 22:40:02.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 22:30:51.848
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 17:22:32.999
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-03-03 16:45:26.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\sxs.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3820 CPU @ 3.60GHz
Percentage of memory in use: 41%
Total physical RAM: 3526.75 MB
Available physical RAM: 2077.3 MB
Total Pagefile: 7053.51 MB
Available Pagefile: 4903.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1888 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:310.37 GB) (Free:209.96 GB) NTFS
Drive d: () (Fixed) (Total:310.52 GB) (Free:273.69 GB) NTFS
Drive e: () (Fixed) (Total:310.52 GB) (Free:163.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E1242FF4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=310.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=310.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=310.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## kevinf80 (Mar 21, 2006)

Download attached *fixlist.txt* file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Go to this link: http://en.kioskea.net/faq/25401-comodo-firewall-disable-the-defense-feature follow those instruction and *Disable* Comodo Defense+

Next,

Open Malwarebytes Anti-Malware, from the Dashboard please *Check for Updates* by clicking the *Update Now*... link
When the update completes select > *Settings* > *Detection* and *Protection* > Enable *Scan for rootkit* and Under *Non Malware Protection* set both *PUP* and *PUM* to *Treat detections as malware*.

Click on the *SCAN* button and run a *Threat Scan* with *Malwarebytes Anti-Malware* by clicking the *Scan Now>> button*.

When the scan is complete, if there have been detections, click *Apply Actions* to allow MBAM to clean what was detected.

In most cases, a restart will be required.

*Wait for the prompt to restart the computer to appear*, then click on Yes.

When the scan is completed from the main GUI click on History > Application Logs. Find your *Scan* log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export" 
Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to your reply.

let me see those logs...

Kevin..


----------



## Walloped (Dec 30, 2014)

Malwarebytes scan didn't complete, it crashed the computer. caused a blue screen.

log
====

Malwarebytes Anti-Malware
www.malwarebytes.org

Protection, 3/6/2015 8:40:00 AM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Starting, 
Protection, 3/6/2015 8:40:00 AM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Started, 
Protection, 3/6/2015 8:40:00 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 3/6/2015 8:40:16 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Update, 3/6/2015 9:01:10 AM, SYSTEM, MOHENDARO-1, Scheduler, Malware Database, 2015.3.5.3, 2015.3.6.3, 
Protection, 3/6/2015 9:01:10 AM, SYSTEM, MOHENDARO-1, Protection, Refresh, Starting, 
Protection, 3/6/2015 9:01:10 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopping, 
Protection, 3/6/2015 9:01:10 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopped, 
Protection, 3/6/2015 9:01:26 AM, SYSTEM, MOHENDARO-1, Protection, Refresh, Success, 
Protection, 3/6/2015 9:01:26 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 3/6/2015 9:01:27 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Update, 3/6/2015 10:48:43 AM, SYSTEM, MOHENDARO-1, Scheduler, Malware Database, 2015.3.6.3, 2015.3.6.4, 
Protection, 3/6/2015 10:48:43 AM, SYSTEM, MOHENDARO-1, Protection, Refresh, Starting, 
Protection, 3/6/2015 10:48:43 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopping, 
Protection, 3/6/2015 10:48:43 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopped, 
Protection, 3/6/2015 10:48:49 AM, SYSTEM, MOHENDARO-1, Protection, Refresh, Success, 
Protection, 3/6/2015 10:48:49 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 3/6/2015 10:48:49 AM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Update, 3/6/2015 12:48:51 PM, SYSTEM, MOHENDARO-1, Scheduler, Malware Database, 2015.3.6.4, 2015.3.6.5, 
Protection, 3/6/2015 12:48:51 PM, SYSTEM, MOHENDARO-1, Protection, Refresh, Starting, 
Protection, 3/6/2015 12:48:51 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopping, 
Protection, 3/6/2015 12:48:51 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Stopped, 
Protection, 3/6/2015 12:48:57 PM, SYSTEM, MOHENDARO-1, Protection, Refresh, Success, 
Protection, 3/6/2015 12:48:57 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 3/6/2015 12:48:57 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Protection, 3/6/2015 1:06:39 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Starting, 
Protection, 3/6/2015 1:06:39 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Started, 
Protection, 3/6/2015 1:06:39 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 3/6/2015 1:06:47 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started, 
Protection, 3/6/2015 1:53:58 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Starting, 
Protection, 3/6/2015 1:53:58 PM, SYSTEM, MOHENDARO-1, Protection, Malware Protection, Started, 
Protection, 3/6/2015 1:53:58 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Starting, 
Protection, 3/6/2015 1:54:15 PM, SYSTEM, MOHENDARO-1, Protection, Malicious Website Protection, Started,

(end)


----------



## Walloped (Dec 30, 2014)

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by MohenDaro at 2015-03-06 13:03:29 Run:1
Running from C:\Users\MohenDaro\Desktop\New folder
Loaded Profiles: MohenDaro (Available profiles: MohenDaro & UpdatusUser)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-3562293704-32423027-4047423185-1000\...\MountPoints2: {51cfa21a-9e55-11e4-9003-3085a99733ab} - I:\LGAutoRun.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
C:\Users\MohenDaro\AppData\Roaming\.#
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxgi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enppmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enpres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ensppmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ensppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\enspres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\escsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_DCINST.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_FD4BLQE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\E_FLMBLQE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcompiler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuda.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvcuvid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvd3dum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco3234052.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco3234052.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvEncodeAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvFBC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdagenco3220103.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvhdap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NvIFROpenGL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvinit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglshim32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvoglv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvopencl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvStreaming.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvumdshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvvsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvwgf2um.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecsExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WpdMtpUS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\atapi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\monitor.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvhda32v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvlddmkm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tmcomm.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\winusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Career Quizzes 12 Tests to Help You Discover and Develop Your Dream Career _Jist.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Career Quizzes 12 Tests to Help You Discover and Develop Your Dream Career _Jist.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\delfix_10.8.exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\delfix_10.8.exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Hostel_Relief_Worker__-_deadline_July_13__2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Hostel_Relief_Worker__-_deadline_July_13__2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\manual-1028.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\manual-1028.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\module-3-record-identification-systems-filing-and-retention-of-health-records.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\module-3-record-identification-systems-filing-and-retention-of-health-records.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Office Volunteer.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Office Volunteer.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule Mar 2nd - Apr 5th, 2015.docx:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Relief Schedule Mar 2nd - Apr 5th, 2015.docx:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Terminal Digit Filing_bok1_046261.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Terminal Digit Filing_bok1_046261.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Volunteer-Application.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Desktop\Volunteer-Application.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520271882_The.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520271882_The.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520279581HitchcockC.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0520279581HitchcockC.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\1l1jf.Case.Studies.for.Health.Information.Mana gement 2nd.ed.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\1l1jf.Case.Studies.for.Health.Information.Mana gement 2nd.ed.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8cu8w.Touch.Typing.in.Ten.Hours.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8cu8w.Touch.Typing.in.Ten.Hours.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8k3ld.Medical.Terminology.An.Illustrated.Guide .7th.Edition.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\8k3ld.Medical.Terminology.An.Illustrated.Guide .7th.Edition.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\AptitudePersonalityand.softarchive.net.pdf:$Cm dTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\AptitudePersonalityand.softarchive.net.pdf:$Cm dZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\backgroundfile-32455.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\backgroundfile-32455.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\British Guyana G_5250_1000_1924.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\British Guyana G_5250_1000_1924.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\careers-hsp-project-coordinator1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\careers-hsp-project-coordinator1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Designing business docs.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Designing business docs.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\EIU_Safe_Cities_Index_2015_white_paper-1.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\EIU_Safe_Cities_Index_2015_white_paper-1.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\FrequentlyAskedQuestions_MedCon.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\FrequentlyAskedQuestions_MedCon.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health Information Management Technology An Applied Approach ahima.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health Information Management Technology An Applied Approach ahima.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\HoursMatter_Nov09.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\HoursMatter_Nov09.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Housekeeping-Program Assistant - Casual - Jan 2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Housekeeping-Program Assistant - Casual - Jan 2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Mental-Health-Community-Resources-For-Clients.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Mental-Health-Community-Resources-For-Clients.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Never Eat Alone And Other Secrets to Success, One Relationship at a Time.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Never Eat Alone And Other Secrets to Success, One Relationship at a Time.pdf:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub:$CmdZnID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\WindBilljan.pdf:$CmdTcID
AlternateDataStreams: C:\Users\MohenDaro\Downloads\WindBilljan.pdf:$CmdZnID
EmptyTemp:
end



*****************

"HKU\S-1-5-21-3562293704-32423027-4047423185-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51cfa21a-9e55-11e4-9003-3085a99733ab}" => Key deleted successfully.
HKCR\CLSID\{51cfa21a-9e55-11e4-9003-3085a99733ab} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\MohenDaro\AppData\Roaming\.# => Moved successfully.
"C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d2d1.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10core.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10level9.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10warp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10_1.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\d3d10_1core.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\DWrite.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\dxgi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\enppmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\enppui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\enpres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ensppmon.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\ensppui.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\enspres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\escsvc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\E_DCINST.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\E_FD4BLQE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\E_FLMBLQE.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FlashPlayerApp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\FntCache.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\icardagt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\icardres.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\infocardapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDBASH.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDRU.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDRU1.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDTAT.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\KBDYAK.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mf.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mferror.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfpmp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mfps.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MpSigStub.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MRT.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\msmpeg2vdec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\MsRdpWebAccess.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mstsc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\mstscax.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvapi.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvcompiler.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvcuda.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvcuvid.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvd3dum.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvdispco3234052.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvdispgenco3234052.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvEncodeAPI.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\NvFBC.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvhdagenco3220103.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvhdap32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\NvIFR.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\NvIFROpenGL.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvinit.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvoglshim32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvoglv32.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvopencl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvStreaming.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvumdshim.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvvsvc.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\nvwgf2um.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rdvidcrl.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\rrinstaller.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\tsgqec.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TsUsbGDCoInstaller.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TSWbPrxy.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\TsWpfWrp.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\UIAnimation.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecs.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WindowsCodecsExt.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wksprt.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wksprtPS.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WMPhoto.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\wmploc.DLL" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WpdMtp.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WpdMtpUS.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WUDFCoinstaller.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WUDFHost.exe" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WUDFPlatform.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WUDFSvc.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\WUDFx.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\XpsGdiConverter.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\XpsPrint.dll" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\atapi.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\ataport.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbam.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mbamchameleon.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\monitor.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\mwac.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\nvhda32v.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\nvlddmkm.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\tmcomm.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\TsUsbFlt.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\usbscan.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\winusb.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\WUDFPf.sys" => ":$CmdTcID" ADS not found.
"C:\Windows\system32\Drivers\WUDFRd.sys" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Desktop\Career Quizzes 12 Tests to Help You Discover and Develop Your Dream Career _Jist.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Career Quizzes 12 Tests to Help You Discover and Develop Your Dream Career _Jist.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\delfix_10.8.exe" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\delfix_10.8.exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Hostel_Relief_Worker__-_deadline_July_13__2015.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Hostel_Relief_Worker__-_deadline_July_13__2015.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\manual-1028.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\manual-1028.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Desktop\mbam-clean-2.1.1.1001.exe" => ":$CmdZnID" ADS not found.
"C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Desktop\mbam-setup-2.0.4.1028.exe" => ":$CmdZnID" ADS not found.
"C:\Users\MohenDaro\Desktop\module-3-record-identification-systems-filing-and-retention-of-health-records.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\module-3-record-identification-systems-filing-and-retention-of-health-records.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Office Volunteer.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Office Volunteer.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Relief Schedule Mar 2nd - Apr 5th, 2015.docx" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Relief Schedule Mar 2nd - Apr 5th, 2015.docx => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Terminal Digit Filing_bok1_046261.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Terminal Digit Filing_bok1_046261.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Desktop\Volunteer-Application.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Desktop\Volunteer-Application.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\0520271882_The.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\0520271882_The.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\0520279581HitchcockC.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\0520279581HitchcockC.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\0571239560.TouchingFromDistance.epub => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\0kmzz.Your.Brain.at.Work.epub => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\1l1jf.Case.Studies.for.Health.Information.Mana gement 2nd.ed.pdf" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Downloads\1l1jf.Case.Studies.for.Health.Information.Mana gement 2nd.ed.pdf" => ":$CmdZnID" ADS not found.
"C:\Users\MohenDaro\Downloads\8cu8w.Touch.Typing.in.Ten.Hours.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\8cu8w.Touch.Typing.in.Ten.Hours.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\8k3ld.Medical.Terminology.An.Illustrated.Guide .7th.Edition.pdf" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Downloads\8k3ld.Medical.Terminology.An.Illustrated.Guide .7th.Edition.pdf" => ":$CmdZnID" ADS not found.
"C:\Users\MohenDaro\Downloads\AptitudePersonalityand.softarchive.net.pdf" => ":$Cm dTcID" ADS not found.
"C:\Users\MohenDaro\Downloads\AptitudePersonalityand.softarchive.net.pdf" => ":$Cm dZnID" ADS not found.
"C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\B006TEWJ3M.part1.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\backgroundfile-32455.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\backgroundfile-32455.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\British Guyana G_5250_1000_1924.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\British Guyana G_5250_1000_1924.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\careers-hsp-project-coordinator1.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\careers-hsp-project-coordinator1.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Designing business docs.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Designing business docs.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\EIU_Safe_Cities_Index_2015_white_paper-1.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\EIU_Safe_Cities_Index_2015_white_paper-1.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\FrequentlyAskedQuestions_MedCon.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\FrequentlyAskedQuestions_MedCon.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Health Information Management Technology An Applied Approach ahima.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Health Information Management Technology An Applied Approach ahima.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Health InformationManagement of a Strategic Resource 4th ed.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\HoursMatter_Nov09.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\HoursMatter_Nov09.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Housekeeping-Program Assistant - Casual - Jan 2015.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Housekeeping-Program Assistant - Casual - Jan 2015.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part1.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part2.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Invaluabe_Unlok_Abilit.part3.rar => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part1.rar" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part2.rar" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Downloads\Life Coaching to Discover your Purpose.part3.rar" => ":$CmdTcID" ADS not found.
"C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028(1).exe" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\mbam-setup-2.0.4.1028(1).exe => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Mental-Health-Community-Resources-For-Clients.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Mental-Health-Community-Resources-For-Clients.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Never Eat Alone And Other Secrets to Success, One Relationship at a Time.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Never Eat Alone And Other Secrets to Success, One Relationship at a Time.pdf => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\Smart Thinking for Crazy Times.epub => ":$CmdZnID" ADS removed successfully.
"C:\Users\MohenDaro\Downloads\WindBilljan.pdf" => ":$CmdTcID" ADS not found.
C:\Users\MohenDaro\Downloads\WindBilljan.pdf => ":$CmdZnID" ADS removed successfully.
EmptyTemp: => Removed 834.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 13:03:59 ====


----------



## kevinf80 (Mar 21, 2006)

Uninstall Comodo, make sure to turn Windows Firewall back on when complete. Run Malwarebytes, check for updates then run a threat scan...


----------



## Walloped (Dec 30, 2014)

it said it cleaned out close to a gig of "stuff". where is it getting this stuff from....

it also took all my bookmarks, as it cleaned out my firefox profile. It took all mt added bookmarks from the last 2 months. anyway I can get them back 

I think there is something on my computer that's stopping malwarebyes from working and its not comodo, Ive had the for the longest time 

computer automatically crashed at a certain time, always the same time at night


----------



## kevinf80 (Mar 21, 2006)

> it said it cleaned out close to a gig of "stuff". where is it getting this stuff from....


What said it cleaned out a gig of stuff?



> it also took all my bookmarks, as it cleaned out my firefox profile. It took all mt added bookmarks from the last 2 months. anyway I can get them back


What cleaned out your Firefox profile?

What is the current status of your system?


----------



## Walloped (Dec 30, 2014)

This is saying 834.6 mb was removed

C:\Users\MohenDaro\Downloads\WindBilljan.pdf => ":$CmdZnID" ADS removed successfully.
EmptyTemp: => Removed 834.6 MB temporary data.

I havent downloaded any windows updates so where is 834.6 MB in the temp coming from

---------------------------------
Download attached *fixlist.txt* file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
---------------------------------------------------------------

after doing this process the bookmarks disappeared no firefox profile when I went into the c drive to check

on the firefox site it said you can gain it back by going to the profile but there is no profile anymore.
not a big deal I think I have a back up coy I gad made and updated it a few months ago

computer still crashes on its own whether its being used or not usually 2 to 3 am, if I'm using it or if I fall asleep...I watch stuff on youtube or other sites

installed new malwarebytes but malwarebyes till crashes it during end heuristics can


----------



## kevinf80 (Mar 21, 2006)

Probably worthwhile checking out the hard drive to make sure it is OK, we do not appear to have any malware or infection issues so we`ll have to look at other possibilities...

Go to this link: http://www.seagate.com/gb/en/suppor...-electronics/ld25-series/seatools-dos-master/ Follow the instructions to create the test CD and see if the HD passes ok....


----------



## Walloped (Dec 30, 2014)

Sorry I never got back to you to conclude this.

I did do the drive check and it showed nothing. I used HD tune to check the drive as mention before. 

I use Datalifeguard Diagnostic from WesternD. I didnt want to burn a cd and all that as that's what Seagate program want you to do to use the program. It might be better but, who knows. plus my drive is WD.

----------------------------------------------------------------------------------------
Test Option: EXTENDED TEST 
Model Number: WDC WD1002FAEX-00Z3A0 
Firmware Number: 05.01D05 
Capacity: 1000.20 GB 
SMART Status: PASS 
Test Result: PASS 
Test Time: 17:21:26, April 20, 2015 
----------------------------------------------------------------------------------------


Everthing else is fine but I still get a crash late at night just with just light regular commuter use., like watching youtube.
I guess we'll just leave it as it is and I will try to revert to a copy of windows when I first installed it , or just do a fresh clean install when I have some time. 

So I'll mark it as solved as we got the major stuff that was happening at the beginning.
thanks for all you help over this, especially when it started. much appreciated


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, it was a pleasure to work with you.

Take care and surf safe,

Kevin...


----------



## Walloped (Dec 30, 2014)

Are there any programs of files that we installed for cleaning that needs to be removed or that are running in the background?


----------



## kevinf80 (Mar 21, 2006)

Download *"Delfix by Xplode"* and save it to your desktop.

Or use the following if first link is down:

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Remove disinfection tools
 Purge System Restore <--- this will remove all previous restore points and create a fresh point relative to system status at present.
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

Any remnant files/logs from tools we have used can be deleted

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

Thanks,

Kevin....


----------

