Page 1 of 3 123 LastLast
Results 1 to 10 of 24
  1. #1
    Member
    Join Date
    Sep 2015
    Posts
    15
    Points
    0

    Default Bad Image popup error

    Every time I try to open an application or even a browser, I get an error pop up message that says for example " Chrome.exe Bad Image c:/program~z\gs-ena~1\assist~.dll is either not designed to run on Windows or it contains as error. Try installing the program again using the original installation media or contact your system administrator or the software vender for support."
    I have tried to go back as far as I could with my system restore and still the problem remains. I dont have a windows 7 disk because it came already on my Toshiba Laptop. I dont know what else to do. I have included the requested logs below.

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 09/25/2015 at 10:17 PM

    Application Version : 6.0.1204
    Database Version : 12077

    Scan type : Complete Scan
    Total Scan Time : 00:34:42

    Operating System Information
    Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
    UAC On - Limited User

    Memory items scanned : 635
    Memory threats detected : 0
    Registry items scanned : 52163
    Registry threats detected : 0
    File items scanned : 23584
    File threats detected : 210

    Adware.Tracking Cookie
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\33DG2HU6.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\33DG2HU6.txt [ /tribalfusion.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\ZRSDZ5V2.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\ZRSDZ5V2.txt [ /rtbidder.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7R5KC8D2.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7R5KC8D2.txt [ /spotxchange.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\CVID11CM.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\CVID11CM.txt [ /admaym.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\WYVNYCT1.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\WYVNYCT1.txt [ /owneriq.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\NYAW32T5.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\NYAW32T5.txt [ /scorecardresearch.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\R8LEEHGO.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\R8LEEHGO.txt [ /revsci.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\242639RY.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\242639RY.txt [ /basebanner.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\19O1T1B9.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\19O1T1B9.txt [ /adtechus.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\6CE793S3.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\6CE793S3.txt [ /liverail.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\1Q3UPCIA.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\1Q3UPCIA.txt [ /rlcdn.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\0F4V9OL7.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\0F4V9OL7.txt [ /simpli.fi ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\NKEIRKBC.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\NKEIRKBC.txt [ /w55c.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\8ZGIT4C9.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\8ZGIT4C9.txt [ /casalemedia.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\NF9NTTMS.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\NF9NTTMS.txt [ /rubiconproject.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\FWDXXW4E.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\FWDXXW4E.txt [ /burstnet.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\8TX0RS46.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\8TX0RS46.txt [ /adsymptotic.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7J07B1X3.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7J07B1X3.txt [ /doubleclick.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\3T3UPZH9.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\3T3UPZH9.txt [ /media6degrees.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\QK2VPBO2.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\QK2VPBO2.txt [ /go.sonobi.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\VIQJTJ2O.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\VIQJTJ2O.txt [ /tubemogul.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\6QZDOEMR.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\6QZDOEMR.txt [ /ads.pubmatic.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\SUTWEGA6.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\SUTWEGA6.txt [ /criteo.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\73KPGHIB.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\73KPGHIB.txt [ /rfihub.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\72VG77KV.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\72VG77KV.txt [ /krxd.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\6VQIT2TC.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\6VQIT2TC.txt [ /demdex.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\XX0PO86Z.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\XX0PO86Z.txt [ /contextweb.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\H6A22N7B.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\H6A22N7B.txt [ /amgdgt.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\2XVEZT5T.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\2XVEZT5T.txt [ /262855726.log.optimizely.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\DLH07P8T.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\DLH07P8T.txt [ /voicefive.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\BV6NBFO2.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\BV6NBFO2.txt [ /agkn.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\VY3MLQKC.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\VY3MLQKC.txt [ /adadvisor.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\1LS3RB6W.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\1LS3RB6W.txt [ /bluekai.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\HBZJV4SJ.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\HBZJV4SJ.txt [ /kau.li ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\QNMRAGYZ.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\QNMRAGYZ.txt [ /everesttech.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\EXVHAS0S.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\EXVHAS0S.txt [ /delivery.swid.switchads.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\003RP5EQ.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\003RP5EQ.txt [ /adnxs.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\FVOIATOS.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\FVOIATOS.txt [ /ad.360yield.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\O5CAMCT4.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\O5CAMCT4.txt [ /bidswitch.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\N0F0ATLQ.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\N0F0ATLQ.txt [ /adbrn.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7LX3WM8S.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7LX3WM8S.txt [ /ih.adscale.de ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\T7SMSW05.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\T7SMSW05.txt [ /gwallet.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\FK370IWA.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\FK370IWA.txt [ /yashi.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\DHBE1PFV.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\DHBE1PFV.txt [ /addthis.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\4TFUJZHH.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\4TFUJZHH.txt [ /chango.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\PY1KT4RV.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\PY1KT4RV.txt [ /openx.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\Z344P03P.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\Z344P03P.txt [ /ru4.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\P1VB31E6.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\P1VB31E6.txt [ /adsrvr.org ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\PC44XQ0Z.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\PC44XQ0Z.txt [ /mathtag.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\S7R1EMSB.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\S7R1EMSB.txt [ /ib.mookie1.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\94AJEZ80.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\94AJEZ80.txt [ /track.adform.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\5B8RARAG.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\5B8RARAG.txt [ /vindicosuite.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7FA4QCQH.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\7FA4QCQH.txt [ /cdn.turn.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\I6KK6P01.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\I6KK6P01.txt [ /lijit.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\0PBZFQOP.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\0PBZFQOP.txt [ /serving-sys.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\OG3CRR11.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\OG3CRR11.txt [ /nexac.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\KJA3U14J.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\KJA3U14J.txt [ /bs.serving-sys.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\ITKMNSDY.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\ITKMNSDY.txt [ /metanetwork.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\RYAF1CBY.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\RYAF1CBY.txt [ /imrworldwide.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\OC65G1VM.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\OC65G1VM.txt [ /dpm.demdex.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\IOI7F1I0.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\IOI7F1I0.txt [ /pubmatic.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\ZSSBKBL7.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\ZSSBKBL7.txt [ /adscale.de ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\JG1NCEKH.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\JG1NCEKH.txt [ /wtp101.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\UBZI6QHH.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\UBZI6QHH.txt [ /sitescout.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\2TZIXRI6.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\2TZIXRI6.txt [ /eyereturn.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\EDLBPMJT.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\EDLBPMJT.txt [ /pixel.rubiconproject.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\II0V3DW0.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\II0V3DW0.txt [ /www.wtp101.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\E0KMMNSG.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\E0KMMNSG.txt [ /a.scorecardresearch.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\TTWVZDIA.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\TTWVZDIA.txt [ /adform.net ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\IF87XYKY.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\IF87XYKY.txt [ /advertising.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\CW7K95A7.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\CW7K95A7.txt [ /turn.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\I39N62Z6.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\I39N62Z6.txt [ /smartadserver.com ]
    C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\23QBIUOJ.txtC:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Cookies\23QBIUOJ.txt [ /legolas-media.com ]
    .64284625.log.optimizely.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .abmr.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adaptv.advertising.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .addthis.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adnxs.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.linkedin.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.linkedin.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ads.linkedin.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .adtechus.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .audienceiq.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bidswitch.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bidswitch.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bluekai.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .bluekai.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .casalemedia.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .chango.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .connexity.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .criteo.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .criteo.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .criteo.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .criteo.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .dotomi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .doubleclick.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .fastclick.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .flashtalking.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .go.sonobi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .go.sonobi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .go.sonobi.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .gwallet.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iasds01.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .iasds01.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .korrelate.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liveperson.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liverail.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .liverail.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mathtag.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .media6degrees.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaforge.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mediaplex.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ml314.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .ml314.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .mookie1.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .openx.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .openx.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pixel.rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .pubmatic.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .revsci.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rfihub.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rlcdn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .scorecardresearch.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .scorecardresearch.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .serving-sys.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .simpli.fi [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sitescout.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .sitescout.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .spotxchange.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .spotxchange.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubemogul.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .tubemogul.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .turn.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    .w55c.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.stickyadstv.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.stickyadstv.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    ads.stickyadstv.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    d.adroll.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    pixel.rubiconproject.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    rs.gwallet.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.iad.liveperson.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    server.iad.liveperson.net [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    tags.mediaforge.com [ C:\USERS\TREASURE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
    cdn.adnxs.com [ C:\USERS\TREASURE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2JEK86V9 ]

    ============
    End of Log
    ============
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/25/2015
    Scan Time: 11:40 PM
    Logfile: Malware log.txt
    Administrator: Yes

    Version: 2.1.8.1057
    Malware Database: v2015.09.26.01
    Rootkit Database: v2015.09.22.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Treasure

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 484861
    Time Elapsed: 52 min, 31 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 4
    PUP.Optional.Iminent, C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\prefs.js, Good: (), Bad: (user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"US\",\"NoAds\":true,\"Status\":1,\"expireTime\":\"1388521639646255071\"}}"), ,[5e1b013357344ee814021c97eb1ad030]
    PUP.Optional.Iminent, C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\prefs.js, Good: (), Bad: ( about:config
    */
    user_pref("CT3306061.), ,[b4c54de73754320450c6ffb434d12dd3]
    PUP.Optional.Iminent, C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\prefs.js, Good: (), Bad: ( when the application exits.
    *
    * To m), ,[83f6b67e7a118aac59bd773c61a451af]
    PUP.Optional.Iminent, C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\prefs.js, Good: (), Bad: ( when the application exits.
    *
    * To make a manual change to preferences, you can visit the URL about:config
    */
    user_pref("CT), ,[9edb8ea6652600363dd9bbf850b5d42c]

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    Logfile of Trend Micro HijackThis v2.0.5
    Scan saved at 5:24:53 PM, on 9/25/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17840)

    FIREFOX: 26.0 (en-US)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Treasure\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?st=5&barid={73F13146-089E-4B1F-90EE-F51E9F6BE54E}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll
    O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~2\SITERA~1\SiteRank.dll
    O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: 50Coupoins - {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} - (no file)
    O2 - BHO: RichMediaViewV1release4833 - {871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062} - (no file)
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: GomPicker - {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} - C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O4 - HKLM\..\Run: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMjE3MzcwMjA4Mi1TVDEwRk9JKzEtVFJNMjkrMS1UUk0zMCsxLUNJRDI0MFUrMTAwMS1DSUQyNDBVMisyLUM0MzZPKzUwNy1DNDM2VCsxLUM0MzZUQysx"&"prod=90"&"ver=10.0.1434
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Google Photos Backup] "C:\Users\Treasure\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" /autostart
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bnkofamerica.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C460369-B635-4B40-8879-C4CD5E685DD7}: NameServer = 8.8.8.8 8.8.4.4
    O17 - HKLM\System\CCS\Services\Tcpip\..\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}: NameServer = 8.8.8.8
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~2\gs-ena~1\assist~1.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
    O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
    O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Kinoni Service (KinoniSvc) - Unknown owner - C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: Kodak AiO Status Monitor Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    O23 - Service: Kodak Cloud Software Connector - Unknown owner - C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: RealPlayer Cloud Service - RealNetworks, Inc. - c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    O23 - Service: RealPlayer Update Service (RealPlayerUpdateSvc) - Unknown owner - C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TelevisionFanaticService - Unknown owner - C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe (file missing)
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15223 bytes

  2. #2
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi staacks,

    Welcome to Help2Go!

    I do apologize for the delay.

    My name is Donna and I will be helping you to resolve this little problem. Let's see what we have here. The following program will display a bit more about your computer.

    Please download Farbar Recovery Scan Tool and save it to your desktop. <<< Very Important!

    Note: You will need to run the version compatible with your system. In your case that will be the 64-bit version

    • Make sure that FRST is on the desktop of the infected system
    • Right click and choose Run as administrator. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please copy and paste log back here.
    • The first time the tool is run it generates a second log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


    In your next reply, please provide the following logs:

    FRST64.txt
    Addition.txt



    Thank you,

    Donna
    Last edited by DonnaB; 09-28-2015 at 06:24 PM.
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  3. #3
    Member
    Join Date
    Sep 2015
    Posts
    15
    Points
    0

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
    Ran by Treasure (administrator) on TREASURE-PC (27-09-2015 13:33:51)
    Running from C:\Users\Treasure\Desktop
    Loaded Profiles: Treasure (Available Profiles: Treasure)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    () C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\sdclt.exe
    (Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTel\diagtrackrunner.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-22] (AVAST Software)
    HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMjE3MzcwMjA4Mi1TVDEwRk9JKzEtVFJNMjkrMS1UUk0zMCsxLUNJRDI0MFUrM (the data entry has 81 more characters).
    HKLM-x32\...\runonceex: [] => [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Run: [Google Update] => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-22] (Google Inc.)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Run: [Google Photos Backup] => C:\Users\Treasure\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-08-26] (Google, Inc)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\MountPoints2: F - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\MountPoints2: {9d910f2a-5889-11e3-a78a-1c750871bbcc} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\MountPoints2: {bc84e147-587d-11e3-87b0-1c750871bbcc} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess?
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => No File
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => No File
    AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => No File
    AppInit_DLLs-x32: c:\progra~2\gs-ena~1\assist~1.dll => c:\Program Files (x86)\GS-ENA~1\ASSIST~1.DLL [20 2015-01-03] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-22] (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3C460369-B635-4B40-8879-C4CD5E685DD7}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{5F01FA5E-4FF0-4BD2-AC15-05CAF79AE3CD}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{AF3BD8A0-665D-4F81-9386-378CE0B9B7DA}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130874852228954854&GUID=00000000-0000-0000-0000-000000000000
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130874852243925710&GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130874852258306533&GUID=00000000-0000-0000-0000-000000000000
    SearchScopes: HKLM -> DefaultScope {6FC856EE-A927-4952-967E-47B0A176C814} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {6FC856EE-A927-4952-967E-47B0A176C814} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> DefaultScope {6295F795-E3AA-40B1-BEDA-ED399866A41B} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=2F13A612A5DD444DA7FD207A1089C501&tb_oid=06-03-2013&tb_mrud=06-03-2013
    SearchScopes: HKLM-x32 -> {AE502EA7-347F-4129-BE99-A29D30F77A03} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    SearchScopes: HKU\.DEFAULT -> DefaultScope {AE502EA7-347F-4129-BE99-A29D30F77A03} URL =
    SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=509F0963-3363-4146-B18A-163105FAE963&apn_sauid=85343A21-EA40-4503-AB64-131DB00794DB
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> DefaultScope {406BA7AA-C1D2-4EF7-936B-B171CD6CDD24} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {0A6AE8B0-A6B8-4E94-8186-12A8C6695459} URL = hxxp://answers.microsoft.com/en-us/Search/Search?SearchTerm={searchTerms}
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {406BA7AA-C1D2-4EF7-936B-B171CD6CDD24} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {6FC856EE-A927-4952-967E-47B0A176C814} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    BHO: SiteRanker -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> No File
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-04-06] (RealDownloader)
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-22] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
    BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll [2013-08-07] (Yahoo! Inc.)
    BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll [2014-04-03] (Crawler, LLC)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-04-06] (RealDownloader)
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO-x32: No Name -> {871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062} -> No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-22] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-18] (Oracle Corporation)
    BHO-x32: GretechBHO Class -> {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} -> C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll [2013-10-24] (Gretech Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-10-06] (Yahoo! Inc)
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926
    FF SearchEngineOrder.3: Bing
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
    FF Homepage: hxxp://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-11-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-18] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-11-24] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-05-02] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-04-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-04-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-04-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-05-02] (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Treasure\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Treasure\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Treasure\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Treasure\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
    FF user.js: detected! => C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\user.js [2014-08-07]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\searchplugins\bingp.xml [2015-05-02]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\sweettunes_search.xml [2013-12-15]
    FF Extension: Ask Toolbar - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\Extensions\toolbar@ask.com [2013-12-13]
    FF Extension: QuickShare Widget - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\Extensions\{817a8d7a-a5e5-114c-3cb9-930b20c6db19} [2013-10-13]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-12-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
    FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha606\ff [not found]
    FF Extension: No Name - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [not found]
    FF Extension: No Name - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\extensions\speedanalysis03@SpeedAnalysis.com.xpi [not found]
    FF Extension: No Name - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [not found]
    FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta559\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha563\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1899\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4355\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8958\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7614\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4833\ff [not found]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    CHR Profile: C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast Online Security) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-22]
    CHR Extension: (RealPlayer Downloader) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-17]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-22]
    CHR Extension: (Skype Click to Call) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-22]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-22] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-22] (Avast Software)
    R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
    S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [523632 2012-10-12] (AnchorFree Inc.)
    R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [389488 2012-10-11] ()
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [529408 2012-09-12] () [File not signed]
    R2 Kodak Cloud Software Connector; C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe [1542320 2013-09-11] () [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-02] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
    S2 TelevisionFanaticService; C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-22] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-22] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-22] (AVAST Software)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
    R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
    R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2012-09-12] (Windows (R) Win 7 DDK provider)
    R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2012-09-12] (Windows (R) Win 7 DDK provider)
    S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-22] (AVAST Software)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-22] (Avast Software)
    S3 cpuz136; \??\C:\Users\Treasure\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 13:33 - 2015-09-27 13:35 - 00031567 _____ C:\Users\Treasure\Desktop\FRST.txt
    2015-09-27 13:32 - 2015-09-27 13:34 - 00000000 ____D C:\FRST
    2015-09-27 13:30 - 2015-09-27 13:31 - 02192384 _____ (Farbar) C:\Users\Treasure\Desktop\FRST64.exe
    2015-09-23 20:47 - 2015-09-25 17:24 - 00015225 _____ C:\Users\Treasure\Desktop\hijackthis.log
    2015-09-23 19:46 - 2015-09-23 19:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Treasure\Desktop\HijackThis.exe
    2015-09-23 17:52 - 2015-09-23 18:28 - 00574732 _____ C:\Users\Treasure\Desktop\avgremover.log
    2015-09-23 17:43 - 2015-09-23 17:50 - 01819488 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Treasure\Desktop\avg_remover_stf_x64_2011_1322.exe
    2015-09-22 19:06 - 2015-09-22 19:07 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
    2015-09-22 19:06 - 2015-09-22 19:06 - 00958104 _____ C:\Users\Treasure\Desktop\Norton_Removal_Tool.exe
    2015-09-22 18:23 - 2015-09-22 18:23 - 00000000 ____D C:\Users\Treasure\AppData\Local\{5DDAB071-8F25-4999-8AF8-CF7C26ABD7E5}
    2015-09-22 17:09 - 2015-09-22 17:09 - 00000868 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core1d0f57b6e4bac2.job
    2015-09-22 16:58 - 2015-09-22 17:08 - 00000000 ____D C:\windows\SysWOW64\vbox
    2015-09-22 16:58 - 2015-09-22 17:08 - 00000000 ____D C:\windows\system32\vbox
    2015-09-22 16:56 - 2015-09-22 16:56 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\AVAST Software
    2015-09-22 16:51 - 2015-09-22 16:51 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-09-22 16:51 - 2015-09-22 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-09-22 16:50 - 2015-09-22 16:50 - 00448968 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-09-22 16:50 - 2015-09-22 16:50 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00153744 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
    2015-09-22 16:50 - 2015-09-22 16:49 - 01049880 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
    2015-09-22 16:50 - 2015-09-22 16:49 - 00132656 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
    2015-09-22 16:49 - 2015-09-22 16:49 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
    2015-09-22 16:46 - 2015-09-22 16:46 - 00000000 ____D C:\Program Files\AVAST Software
    2015-09-22 16:42 - 2015-09-22 16:42 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Treasure\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-09-22 16:42 - 2015-09-22 16:42 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-09-22 15:19 - 2015-09-22 15:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f56ba7386524.job
    2015-09-22 00:32 - 2015-09-25 23:40 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-22 00:25 - 2015-09-22 06:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-22 00:25 - 2015-09-22 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-22 00:25 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-09-22 00:25 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-09-22 00:25 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-09-22 00:23 - 2015-09-22 00:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-09-22 00:20 - 2015-09-22 00:21 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Treasure\Downloads\mbam-setup-2.1.8.1057.exe
    2015-09-21 23:40 - 2015-09-21 23:40 - 18819272 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2015-09-21 22:44 - 2015-09-21 22:44 - 00000000 ____D C:\SUPERDelete
    2015-09-21 22:35 - 2015-09-21 22:35 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\SUPERAntiSpyware.com
    2015-09-21 22:34 - 2015-09-22 06:54 - 00001857 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-09-21 22:33 - 2015-09-21 22:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-09-21 22:33 - 2015-09-21 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-09-21 22:33 - 2015-09-21 22:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-09-21 22:29 - 2015-09-21 22:29 - 23467080 _____ (SUPERAntiSpyware) C:\Users\Treasure\Downloads\SUPERAntiSpyware.exe
    2015-09-20 17:58 - 2015-09-20 17:58 - 00000368 _____ C:\windows\Tasks\0915wtUpdateInfo.job
    2015-09-20 17:58 - 2015-09-20 17:58 - 00000000 ____D C:\ProgramData\Avg_Update_0915wt
    2015-09-19 23:10 - 2015-09-22 06:54 - 00001047 _____ C:\Users\Public\Desktop\KeyFinder.lnk
    2015-09-19 23:10 - 2015-09-19 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
    2015-09-19 23:10 - 2015-09-19 23:10 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
    2015-09-19 23:08 - 2015-09-19 23:08 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Treasure\Downloads\KeyFinderInstaller.exe
    2015-09-05 21:08 - 2015-09-05 21:08 - 390134666 _____ C:\windows\MEMORY.DMP
    2015-09-05 21:08 - 2015-09-05 21:08 - 00262144 _____ C:\windows\Minidump\090515-122647-01.dmp
    2015-09-01 22:26 - 2015-09-01 22:26 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\dvdcss

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 13:35 - 2010-10-29 00:08 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-27 13:31 - 2009-07-14 00:45 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-27 13:31 - 2009-07-14 00:45 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-27 13:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
    2015-09-27 13:26 - 2013-02-01 21:05 - 00065536 _____ C:\windows\system32\Ikeext.etl
    2015-09-27 13:26 - 2012-02-12 16:27 - 00000000 ____D C:\ProgramData\Kodak
    2015-09-27 13:26 - 2011-12-01 23:48 - 00000050 _____ C:\windows\system32\SupplicantTest.log
    2015-09-27 13:26 - 2010-10-29 00:08 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-27 13:25 - 2014-08-03 20:03 - 00070260 _____ C:\windows\setupact.log
    2015-09-27 13:25 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-09-26 01:20 - 2011-12-01 23:21 - 01212365 _____ C:\windows\WindowsUpdate.log
    2015-09-26 01:06 - 2014-02-14 11:57 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job
    2015-09-26 00:40 - 2014-01-17 17:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-09-25 22:57 - 2012-05-12 07:47 - 00000940 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job
    2015-09-25 22:07 - 2012-01-14 11:40 - 00000000 ____D C:\ProgramData\TEMP
    2015-09-25 19:57 - 2012-05-12 07:47 - 00000918 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job
    2015-09-23 18:29 - 2012-07-12 21:44 - 00495616 ___SH C:\Users\Treasure\Desktop\Thumbs.db
    2015-09-23 18:09 - 2012-07-26 18:44 - 00000000 ____D C:\Program Files (x86)\BearShare Applications
    2015-09-22 19:36 - 2011-12-07 20:06 - 00000000 ____D C:\Users\Treasure\AppData\Local\Google
    2015-09-22 19:14 - 2014-08-03 22:01 - 03012436 _____ C:\windows\PFRO.log
    2015-09-22 19:11 - 2011-12-01 23:51 - 00000000 ____D C:\ProgramData\Norton
    2015-09-22 19:11 - 2011-12-01 23:51 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2015-09-22 18:24 - 2011-12-11 11:56 - 00000000 ____D C:\Users\Treasure\AppData\Local\CrashDumps
    2015-09-22 18:06 - 2012-02-11 10:51 - 00000000 ____D C:\Users\Treasure\AppData\Local\Conduit
    2015-09-22 17:09 - 2014-02-14 11:57 - 00000868 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job
    2015-09-22 17:04 - 2013-12-31 23:23 - 00000000 ____D C:\Program Files (x86)\AVG
    2015-09-22 16:58 - 2013-12-31 23:15 - 00000000 ____D C:\ProgramData\MFAData
    2015-09-22 16:24 - 2012-06-08 09:29 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\BitTorrent
    2015-09-22 15:34 - 2014-01-17 17:02 - 00002073 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-09-22 07:18 - 2014-08-16 15:29 - 00000000 ____D C:\Program Files (x86)\GS-ENA~1
    2015-09-22 07:18 - 2014-03-07 13:03 - 00000000 ____D C:\ProgramData\50Coupoins
    2015-09-22 07:18 - 2012-05-14 12:23 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
    2015-09-22 07:14 - 2009-07-14 00:45 - 00333072 _____ C:\windows\system32\FNTCACHE.DAT
    2015-09-22 07:12 - 2009-07-13 23:20 - 00000000 ____D C:\windows\IME
    2015-09-22 06:54 - 2015-08-20 08:39 - 00000913 _____ C:\Users\Public\Desktop\CyberGhost VPN.lnk
    2015-09-22 06:54 - 2014-10-30 13:50 - 00001071 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-09-22 06:54 - 2014-08-03 19:22 - 00000871 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-09-22 06:54 - 2014-08-03 17:56 - 00002039 _____ C:\Users\Public\Desktop\PC HealthBoost.lnk
    2015-09-22 06:54 - 2014-06-07 18:19 - 00000971 _____ C:\Users\Public\Desktop\BitTorrent Sync.lnk
    2015-09-22 06:54 - 2014-05-02 23:37 - 00001004 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
    2015-09-22 06:54 - 2014-04-19 13:42 - 00002125 _____ C:\Users\Public\Desktop\Play Games.lnk
    2015-09-22 06:54 - 2014-02-08 15:39 - 00002023 _____ C:\Users\Public\Desktop\KODAK Cloud Software Connector.lnk
    2015-09-22 06:54 - 2014-02-08 14:02 - 00001951 _____ C:\Users\Public\Desktop\PrintProjects.lnk
    2015-09-22 06:54 - 2014-02-08 14:01 - 00002161 _____ C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
    2015-09-22 06:54 - 2014-02-08 14:00 - 00002080 _____ C:\Users\Public\Desktop\Get CleanPrint.lnk
    2015-09-22 06:54 - 2014-02-05 16:10 - 00001258 _____ C:\Users\Public\Desktop\More Great Games.lnk
    2015-09-22 06:54 - 2014-02-03 18:38 - 00001865 _____ C:\Users\Public\Desktop\Apps.lnk
    2015-09-22 06:54 - 2014-02-03 18:38 - 00001812 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
    2015-09-22 06:54 - 2013-12-14 20:02 - 00001178 _____ C:\Users\Public\Desktop\GOM Video Converter.lnk
    2015-09-22 06:54 - 2013-10-05 19:37 - 00001788 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-09-22 06:54 - 2013-08-29 20:47 - 00001008 _____ C:\Users\Public\Desktop\RZ MP4 To DVD Converter.lnk
    2015-09-22 06:54 - 2013-08-29 19:58 - 00001002 _____ C:\Users\Public\Desktop\RZ Free Burner.lnk
    2015-09-22 06:54 - 2013-02-01 07:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-09-22 06:54 - 2012-05-11 17:57 - 00001140 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2015-09-22 06:54 - 2012-03-28 21:03 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
    2015-09-22 06:54 - 2012-03-28 21:03 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
    2015-09-22 06:54 - 2011-12-11 15:04 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-09-22 06:54 - 2011-12-01 23:56 - 00001722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
    2015-09-22 06:54 - 2011-12-01 23:49 - 00002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2015-09-22 06:54 - 2010-10-29 00:07 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
    2015-09-22 06:54 - 2010-10-28 23:13 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2015-09-22 06:54 - 2010-10-28 23:13 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-09-22 06:54 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-09-22 06:53 - 2015-08-20 11:02 - 00001077 _____ C:\Users\Treasure\Desktop\VLC media player.lnk
    2015-09-22 06:53 - 2014-06-07 18:19 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent Sync.lnk
    2015-09-22 06:53 - 2014-01-04 17:04 - 00001424 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-09-22 06:53 - 2013-10-31 15:49 - 00000889 _____ C:\Users\Treasure\Desktop\BitTorrent.lnk
    2015-09-22 06:53 - 2013-10-31 15:49 - 00000869 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2015-09-22 06:53 - 2012-11-22 05:06 - 00001835 _____ C:\Users\Treasure\Desktop\Spotify.lnk
    2015-09-22 06:53 - 2012-11-22 05:06 - 00001821 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2015-09-22 06:53 - 2012-11-02 17:20 - 00001157 _____ C:\Users\Treasure\Desktop\Hotspot Shield Launch.lnk
    2015-09-22 06:53 - 2012-06-05 22:53 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-09-22 06:53 - 2012-04-09 21:47 - 00001208 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Video Converter.lnk
    2015-09-22 06:53 - 2011-12-10 18:09 - 00000990 _____ C:\Users\Treasure\Desktop\Tixati.lnk
    2015-09-22 06:53 - 2009-07-14 01:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-09-22 06:53 - 2009-07-14 00:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-09-22 06:52 - 2013-12-15 01:17 - 00000000 ____D C:\Users\Treasure\AppData\Local\NativeMessaging
    2015-09-22 06:52 - 2012-06-10 13:58 - 00000000 ____D C:\ProgramData\InstallMate
    2015-09-22 06:50 - 2012-12-06 19:36 - 00000000 ____D C:\Program Files (x86)\YourFileDownloader
    2015-09-21 23:40 - 2012-05-11 17:57 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-09-21 23:40 - 2011-12-09 00:42 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-09-21 22:47 - 2012-05-20 05:34 - 00000000 ____D C:\Users\Treasure\AppData\Local\The Weather Channel
    2015-09-20 00:42 - 2013-08-20 22:51 - 00000000 ____D C:\windows\system32\MRT
    2015-09-19 16:09 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
    2015-09-19 15:36 - 2013-12-07 08:43 - 00069666 _____ C:\Users\Treasure\AppData\Local\installer.log
    2015-09-05 21:08 - 2013-03-03 11:02 - 00000000 ____D C:\windows\Minidump
    2015-09-02 00:51 - 2011-12-10 18:09 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\tixati
    2015-09-02 00:48 - 2014-10-30 13:50 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\vlc
    2015-09-01 21:44 - 2014-01-17 17:01 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-09-01 20:48 - 2012-07-12 19:20 - 00000000 ____D C:\windows\SysWOW64\cache
    2015-08-28 14:29 - 2009-07-14 01:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
    2015-08-28 14:25 - 2011-12-07 20:05 - 00059488 _____ C:\Users\Treasure\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2013-09-28 01:12 - 2014-01-08 20:52 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-11-26 19:30 - 2013-11-26 23:47 - 0000570 _____ () C:\Users\Treasure\AppData\Roaming\com.zoosk.Desktop_state.xml
    2012-01-13 22:22 - 2012-01-14 18:18 - 0007744 _____ () C:\Users\Treasure\AppData\Roaming\db6a8a10
    2013-08-02 06:29 - 2013-08-02 18:39 - 0000077 _____ () C:\Users\Treasure\AppData\Roaming\Rim.Desktop.Exception.log
    2013-08-01 23:53 - 2013-10-13 17:49 - 0002021 _____ () C:\Users\Treasure\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2013-08-02 06:29 - 2013-08-02 18:39 - 0000077 _____ () C:\Users\Treasure\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-01-13 22:22 - 2012-01-14 18:18 - 0007720 _____ () C:\Users\Treasure\AppData\Local\d1d93724
    2013-01-31 19:43 - 2015-08-18 05:02 - 0020992 _____ () C:\Users\Treasure\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-07 08:43 - 2015-09-19 15:36 - 0069666 _____ () C:\Users\Treasure\AppData\Local\installer.log
    2014-10-09 12:26 - 2014-10-09 12:26 - 0004592 _____ () C:\Users\Treasure\AppData\Local\recently-used.xbel
    2012-01-13 22:22 - 2012-01-14 18:18 - 0007745 _____ () C:\ProgramData\8d876bf8
    2013-06-30 16:14 - 2013-06-30 16:28 - 0000000 _____ () C:\ProgramData\g252qs.txt
    2013-01-27 21:08 - 2013-01-27 21:09 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    ZeroAccess:
    C:\Users\Treasure\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files (x86)\Google\Desktop\Install

    Some files in TEMP:
    ====================
    C:\Users\Treasure\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Treasure\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Treasure\AppData\Local\Temp\jtxmvex8.dll
    C:\Users\Treasure\AppData\Local\Temp\lowproc.exe
    C:\Users\Treasure\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Treasure\AppData\Local\Temp\oi_{5EE1E3DA-9921-4803-8725-E079066EC7B2}.exe
    C:\Users\Treasure\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Treasure\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\Treasure\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Treasure\AppData\Local\Temp\stubhelper.dll
    C:\Users\Treasure\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Treasure\AppData\Local\Temp\uttD183.tmp.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2015-09-06 16:25

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
    Ran by Treasure (2015-09-27 13:36:33)
    Running from C:\Users\Treasure\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-08 00:04:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2628051247-848522789-837856156-500 - Administrator - Disabled)
    Guest (S-1-5-21-2628051247-848522789-837856156-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2628051247-848522789-837856156-1002 - Limited - Enabled)
    Treasure (S-1-5-21-2628051247-848522789-837856156-1001 - Administrator - Enabled) => C:\Users\Treasure

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
    aioprnt (x32 Version: 3.12.0000.0000 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 3.12.0000.0000 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
    Amazon Kindle (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Amazon Kindle) (Version: - Amazon)
    Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    BearShare (x32 Version: 10.0.0.126209 - Musiclab, LLC) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
    BitTorrent (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\BitTorrent) (Version: 7.9.5.41074 - BitTorrent Inc.)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.3.105 - )
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cake Mania - Lights, Camera, Action!(TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
    CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Connect DLC 5 Toolbar for IE (HKLM-x32\...\IECT3306061) (Version: 6.17.2.8 - Connect DLC 5) <==== ATTENTION
    CoreAAC (HKLM-x32\...\CoreAAC) (Version: - )
    CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.4.8.1 - Search Results, LLC) <==== ATTENTION
    ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
    ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GigaClicks Crawler (HKLM-x32\...\GigaClicks Crawler) (Version: 3.0.31.0 - GigaClicks Inc.) <==== ATTENTION
    GOM Picker (HKLM-x32\...\GOM Picker) (Version: 1.0.0.5 - Gretech Corporation)
    GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.60 - Gretech Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hotspot Shield 2.74 (HKLM-x32\...\HotspotShield) (Version: 2.74 - AnchorFree)
    ImTOO iPod Computer Transfer (HKLM-x32\...\ImTOO iPod Computer Transfer) (Version: 5.1.0.0117 - ImTOO)
    Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.4.0 - Intel Corporation)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
    IPP Run-Time 5.3 (HKLM-x32\...\IPP Run-Time 5.3) (Version: - )
    iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
    Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
    Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Security Scan (HKLM-x32\...\{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}) (Version: 1.0.0.500 - KSS)
    KeyBar 1.13 Toolbar (HKLM-x32\...\KeyBar_1.13 Toolbar) (Version: 6.14.0.28 - KeyBar 1.13)
    kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    KinoniDrivers 2.7.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.7.1 - Kinoni)
    Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
    KODAK Cloud Software Connector (HKLM-x32\...\{12A985FE-1E10-4FB2-B3F9-C8B4FB4D905F}) (Version: 1.0.9.20 - Eastman Kodak Company)
    Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    MediaPlayerLite 0.3 (HKLM-x32\...\MediaPlayerLite) (Version: 0.3 - Amnis Technology Ltd)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
    MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
    Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
    PDF Reader (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\PDF Reader) (Version: - )
    PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Plus-HD-2.2 (HKLM-x32\...\Plus-HD-2.2) (Version: 1.27.153.10 - Plus HD) <==== ATTENTION
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    RZ Free Burner (HKLM-x32\...\{5ED1A10B-1287-416D-A7FE-54EE365D91E1}) (Version: 3.00 - RealZeal Soft)
    RZ MP4 To DVD Converter (HKLM-x32\...\{41BC14E8-DED0-434D-8448-C33C1AE04340}) (Version: 3.20 - RealZeal Soft)
    SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
    SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.29 - Crawler, LLC) <==== ATTENTION
    skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
    staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
    SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
    SweetPacks bundle uninstaller (HKLM-x32\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TelevisionFanatic Firefox Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION
    The Treasures of Montezuma 3 (HKLM-x32\...\BFG-The Treasures of Montezuma 3) (Version: - )
    Tixati (HKLM-x32\...\tixati) (Version: - )
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    Tube2File (HKLM-x32\...\Tube2File) (Version: - )
    Un-Zip for Windows 9.22beta (HKLM-x32\...\Un-Zip for Windows) (Version: - )
    Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    23-09-2015 03:16:30 Windows Modules Installer
    23-09-2015 04:29:21 Windows Modules Installer
    23-09-2015 10:31:29 Windows Modules Installer
    23-09-2015 12:55:52 Windows Modules Installer
    24-09-2015 03:00:38 Windows Update
    25-09-2015 16:55:33 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0281094E-35BB-4F6C-BC7F-371711CBC789} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2012-02-03] (PC Tools)
    Task: {06A8BEE5-D4B4-41F5-A347-DDA77D919C3B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
    Task: {0ADB0A5D-4DC5-4AF4-919A-86EF6ACE3642} - \DTReg -> No File <==== ATTENTION
    Task: {10CA8B24-CC23-45D1-975A-EB8A592B7374} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {2340C153-4790-4462-B512-2FBEF138A2DA} - System32\Tasks\PCHB_Treasure_PCHealthBoost_RS_WeeklyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {2E8B0F9F-53D5-4ADB-9E03-E0CE30255559} - System32\Tasks\{5C373065-DF21-4AF9-9F87-550EBFE19058} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    Task: {2F84A8D3-2FBE-42D6-854B-2554035EC350} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {3818EA77-913F-43E1-BE44-51C468269100} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {389A6973-7B0B-4CC4-9A9A-398B511B99E5} - System32\Tasks\PCHB_Treasure_PCHealthBoost_LogonTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {3987E97B-2649-431D-B902-9D1232E56D2C} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {3DE50AB9-8C13-45B4-BA5B-9B4C54D2BDF6} - System32\Tasks\RunAsStdUser Task => C:\Users\Treasure\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
    Task: {4B12E31E-417A-4EA5-B6CB-7B355DD44CE3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
    Task: {4D1DF6B2-C6AC-4E6B-8ACB-5BDE23F618E0} - System32\Tasks\{4727C8B3-92BE-4D20-B623-8E839E44F047} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
    Task: {50EAEAEA-6076-462B-A989-EFDE2319EEC7} - System32\Tasks\{1E99E987-1BD5-480F-979C-BE0CB5EEDF50} => C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [2012-03-08] (Microsoft Corporation)
    Task: {53771F36-BB86-4C48-9435-E0D5D718378C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-05-01] (Adobe Systems Incorporated)
    Task: {5591ECAC-32B3-40FB-98D9-511DC2B027C9} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {58F1FE9D-FA4A-4D76-B13B-629B44B02666} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {5B11D173-0CFC-4E40-ACC5-C62A1AD302CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5E18B0E3-9315-4AB9-9DBC-51E1E2426E9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
    Task: {6B9F85E6-0595-42D7-8099-7C0454784748} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {6E939202-517A-4AF8-9785-10733FFF2EA3} - \GoforFilesUpdate -> No File <==== ATTENTION
    Task: {7519EF7B-163F-4CA8-A76E-F2CDF4C9F8EA} - System32\Tasks\{4DE69AF2-1D2B-488B-B7BF-CC4C71AEE3F4} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe"
    Task: {789D8384-FD92-4A4F-96F4-25F3255B8492} - System32\Tasks\Symantec\Norton Error Analyzer 18.6.0.29 => C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
    Task: {7904A0AB-C18B-4462-B711-BC1162BF3D5D} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {7CB6B879-2FE1-47A1-A11F-008A5F1646A8} - System32\Tasks\{4A4D13AB-5A06-451B-B106-A6B784C7F814} => Firefox.exe Download Skype for Desktop
    Task: {7E57A683-F57E-41E3-A7E6-2F2D2E8E63AD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
    Task: {7FF82615-7F8D-4150-833E-48A925BBD31D} - System32\Tasks\5024 => Wscript.exe C:\Users\Treasure\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {80F74E26-7982-43CE-A8B6-41F07967BFD5} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
    Task: {83353970-2D18-4434-9678-73A741AD7CC2} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {852CA635-D910-4590-91CC-3246448BE19C} - System32\Tasks\{FFD36EDB-E838-4735-9F38-6EEDCD6C35D4} => C:\Program Files (x86)\Blaze Audio\Voice Cloak Plus Trial\VoiceCloakPlus.exe [2007-11-28] (Blaze Audio)
    Task: {892A2725-43CB-4977-B6B2-C52BB2A896A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
    Task: {8BBA13CE-530F-40CF-B1C1-DB3307C20908} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {94A1B75E-72B2-4E2C-A014-4E3E48A179E7} - \DTChk -> No File <==== ATTENTION
    Task: {98180B1F-71F2-4C08-8C33-A0E38991081F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {996063EF-0CB0-4412-9B8D-DFF389D18421} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-05-02] (RealNetworks, Inc.)
    Task: {9BD82F88-1EF8-4EDB-8591-0915FBAE0E0D} - System32\Tasks\PCHB_Treasure_PCHealthBoost_RS_DailyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {A0D43E12-C79C-45A0-B0D6-0EB4E5DA514C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {A5F6C84E-E2EC-4F5F-9029-441FBD6E0657} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
    Task: {AC589A27-F2E4-4B34-BD01-96BB1AF075B6} - System32\Tasks\{183E00AE-51CE-43A8-9C6B-A9BFC2B124D4} => C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [2012-03-08] (Microsoft Corporation)
    Task: {AE34CDB9-030A-4D1F-A92C-337A076DCF7C} - System32\Tasks\Symantec\Norton Error Processor 18.6.0.29 => C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
    Task: {B6AEDA45-F58A-491A-8568-5F2215524633} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
    Task: {B7E4CA0F-46E3-4675-97E0-7EFEF88DDB9B} - System32\Tasks\PCHB_Treasure_PCHealthBoost_LG_DailyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {BB1F5A0B-10D2-41A1-98AD-F31685311F6F} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
    Task: {C68A2496-316F-4154-A477-0958ED2BBDD2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {C9805AEC-61F5-4428-8330-C461D79D2376} - System32\Tasks\{7FC97B14-D397-41D6-8384-9EC19B473DAD} => C:\Program Files (x86)\Blaze Audio\Voice Cloak Plus Trial\VoiceCloakPlus.exe [2007-11-28] (Blaze Audio)
    Task: {CBAE9843-A9FD-49BB-B479-B7A26EAA015C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {CEB33E11-AEF7-46D3-9275-FECAE95B76F3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {DC464AE1-B8D0-43C3-B843-706AA4437CBF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {DF7521AD-6E3D-42C6-97D3-0E0521A13C2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {E30F1185-5477-4ABB-A360-BC2B18A82C2E} - System32\Tasks\{465DF414-5E87-4998-8F6D-E791FB8DE07F} => C:\Program Files (x86)\Blaze Audio\Voice Cloak Plus Trial\VoiceCloakPlus.exe [2007-11-28] (Blaze Audio)
    Task: {F2C4E63A-DB79-463A-B702-B2CD71E2C611} - System32\Tasks\{F70EE51D-628C-4509-859C-716AC56F6047} => Firefox.exe Download Skype for Desktop
    Task: {F5A558C5-C39A-49C9-AB04-D1AE0AAF113E} - System32\Tasks\{9024E20B-E074-40A0-B252-B4B54D61D5C0} => pcalua.exe -a "C:\Program Files (x86)\7-Zip\Uninstall.exe"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\0915wtUpdateInfo.job => C:\ProgramData\Avg_Update_0915wt\0915wt_{72079223-C646-46E8-8FAA-CE8912BCCF22}.exe
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f56ba7386524.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core1d0f57b6e4bac2.job => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-19 20:48 - 2010-07-19 20:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-10-11 20:37 - 2012-10-11 20:37 - 00389488 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    2012-09-12 04:34 - 2012-09-12 04:34 - 00529408 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    2013-09-11 03:40 - 2013-09-11 03:40 - 01542320 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2015-09-22 16:49 - 2015-09-22 16:49 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-09-22 16:49 - 2015-09-22 16:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-09-25 16:54 - 2015-09-25 16:54 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092501\algo.dll
    2015-09-27 13:29 - 2015-09-27 13:29 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092700\algo.dll
    2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-10-11 20:32 - 2012-10-11 20:32 - 00700272 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
    2011-06-03 06:23 - 2011-06-03 06:23 - 00147456 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
    2011-06-03 06:23 - 2011-06-03 06:23 - 03703808 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
    2011-06-03 06:23 - 2011-06-03 06:23 - 00224256 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
    2013-08-15 04:41 - 2013-08-15 04:41 - 00194048 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\curllib.dll
    2013-08-15 04:41 - 2013-08-15 04:41 - 00110592 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\OpenLDAP.dll
    2013-08-15 04:41 - 2013-08-15 04:41 - 00070920 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\libsasl.dll
    2014-05-02 23:36 - 2014-05-02 23:36 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2015-09-22 16:50 - 2015-09-22 16:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-09-22 15:33 - 2015-09-18 18:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
    2015-09-22 15:33 - 2015-09-18 18:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
    AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
    AlternateDataStreams: C:\ProgramData\TEMP:3A0561F3
    AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
    AlternateDataStreams: C:\ProgramData\TEMP:49EB69E2
    AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0
    AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
    AlternateDataStreams: C:\ProgramData\TEMP:6C74C778
    AlternateDataStreams: C:\ProgramData\TEMP:87E3D720
    AlternateDataStreams: C:\ProgramData\TEMP:89C6F032
    AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
    AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
    AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3
    AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
    AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
    AlternateDataStreams: C:\ProgramData\TEMP3331ADB
    AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2
    AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
    AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
    AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OEStandardProperty

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\bnkofamerica.com -> www.bnkofamerica.com
    IE trusted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\msn.com -> hxxps://www.msn.com
    IE trusted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\yahoo.com -> hxxp://toolbar.yahoo.com

    IE restricted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\iminent.com -> hxxp://search.iminent.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2628051247-848522789-837856156-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    MSCONFIG\startupreg: BitTorrent => "C:\Users\Treasure\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
    MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Google Update => "C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_5D6C64979C49241F5AC5FB0E9A7423D2 => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
    MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SearchProtection => "C:\Users\Treasure\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SiteRanker => "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: Spotify => "C:\Users\Treasure\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Treasure\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{036A2F94-E1CE-41B4-9044-132582253A96}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{95958B28-0306-4B52-AEA3-8A9FE2163BE8}] => (Allow) LPort=2869
    FirewallRules: [{373DAED4-330F-4CA2-8E31-8ECD465C9653}] => (Allow) LPort=1900
    FirewallRules: [{D5F9DE79-62B6-4A4C-BC7E-CA18367B1022}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{3466E698-89BA-4D4C-91ED-39709D968696}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{A1772FDD-59D7-4C85-9428-CB8836650847}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{40D36913-AB97-4927-AAC7-055800DC3CA4}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{3C1C06F4-5C37-410E-8698-8F2E17D5F6C3}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{20EFEC8B-616A-4FD4-AF2E-556A66B58191}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{181D79DC-2B67-4998-B2EB-C61D76DBF6EB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [{057B198A-6C0B-493C-9D4B-919D60C5CED8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{84DBD02D-4380-40EF-AFE2-3ACDDFB2B9F4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{99816CF5-CF03-4CF2-80E5-5A72942A3993}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{915B4F0F-8069-4C3A-90FF-395AEE81B846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E85EE136-D889-4030-AE07-8B3A915A6B35}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{14FEF73C-4EFF-445E-B7A6-B12F221F9E52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4A2A31D6-71E4-4111-A9FD-76CFC8C75402}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{FF6C6049-5FEB-4F20-B0F6-2D6E960ED916}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [UDP Query User{2854EC5D-66EA-4DD9-8C4E-501B238569C7}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [TCP Query User{322FD440-3CD0-4EB9-A6C3-96E7DFC12B35}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
    FirewallRules: [UDP Query User{9FCA2C65-81D8-4EB0-82A2-41362332BDC4}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
    FirewallRules: [TCP Query User{BC368573-FC2C-4B4B-9742-EF928FB6EEEE}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
    FirewallRules: [UDP Query User{13607647-1B9A-4E08-8A1C-B05CE7DB7AF4}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
    FirewallRules: [TCP Query User{E806CA78-511C-4F96-A94E-B4FED98F7222}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [UDP Query User{88A205BC-58F4-4206-94D9-DAE116B649F2}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [{D20FE713-A18A-48BA-8342-D800709710FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{96128AEB-2F86-4516-A4F9-13163620F9E1}] => (Allow) LPort=9322
    FirewallRules: [{EF9CA9F1-6710-4A0D-94AC-3759418AAC45}] => (Allow) LPort=9323
    FirewallRules: [{4A3BA433-D658-449F-B3C7-8DB5A1201283}] => (Allow) LPort=9323
    FirewallRules: [{CD0E8482-07F7-4523-83C4-78CD076FF5D2}] => (Allow) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
    FirewallRules: [{C32AB55C-4AA6-48EF-B574-854B7FDB368D}] => (Allow) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
    FirewallRules: [{9FEA2864-8E06-4260-B6A9-E34C3651C731}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{B9E82E00-1C68-4C95-B0C9-5D9763C464BA}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{B2033A8B-B9CF-43B3-AE03-AA99650B2528}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
    FirewallRules: [{AC9A73F6-47AC-4EF1-BDD8-049383DE5FDF}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
    FirewallRules: [{A11CCED1-916A-4C82-980E-A0A3BA621EC6}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{F6764E45-F35F-4A61-BA67-1DA889227FC0}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{041DAB72-BEEA-4397-B0DA-B97C946C14D0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{87C98D6B-049F-43B0-980A-0DA558C383A1}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{EE716C9A-0AB1-4A90-AA7E-3787EF537255}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{4D1D5835-A395-40C1-B3A1-1BAA0F048439}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{6B33F332-1F20-4D26-ABFE-FB5E9B4350FF}] => (Allow) C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    FirewallRules: [{0715C4E7-9697-4C03-BE5A-E56066648338}] => (Allow) C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    FirewallRules: [{C9AE7F41-6F40-4BC1-AE3F-006E31954D59}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    FirewallRules: [{271AB243-6A92-4BFB-98E2-A416964472CA}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    FirewallRules: [TCP Query User{368BBC98-3910-425B-B9FD-288C6606FE92}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{DE15DD62-4AA8-40C2-AB60-72A6A42ABFC1}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{95ECDC1D-B30F-4F00-9570-CF3C04A83E98}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{66606AA2-D329-455E-B683-BF2FF001C03E}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{05F14CB5-6D8A-4826-B6B9-7AFD659C5727}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{77F41BF2-5348-4950-86A4-E89B30FA68CB}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
    FirewallRules: [{43BCD5F4-3873-4191-BA99-6D6990D3566D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{CAE0E83F-F431-4D91-93D2-3A99768B5AB9}] => (Allow) C:\Users\Treasure\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{085B0FDC-0C0A-4396-9019-64896F5FD8A6}] => (Allow) C:\Users\Treasure\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{32800063-066F-4BC2-8A90-8CDFD4F49D22}] => (Allow) LPort=9322
    FirewallRules: [{FCC79B44-AD9A-4052-91C4-548DD91529CC}] => (Allow) LPort=5353
    FirewallRules: [{0EE95917-DA27-43AD-8863-0540B9C2EEF0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
    FirewallRules: [{4315AF94-8308-441D-85C6-7E46ED52B5C4}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
    FirewallRules: [{056E93C2-4EE2-46D5-866D-E295D57D13AD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
    FirewallRules: [{85DDFADB-2AD0-459F-A6E4-7C71284A95BC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
    FirewallRules: [{A1CB4F83-7096-4838-A42E-C3156CDDF133}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
    FirewallRules: [{B8271A18-C41B-4250-899D-035C28246E12}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
    FirewallRules: [{C862B941-A821-4794-9447-0A2B1232B599}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
    FirewallRules: [{A0802D6E-709F-4E26-8813-5E97E63873AF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
    FirewallRules: [{8B3B4067-875C-4BDC-868F-316C43EE853F}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
    FirewallRules: [{D3E71816-F7BD-4167-9022-481E97A92C0A}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
    FirewallRules: [{27F598EF-5964-4C75-983B-711751D7BA62}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{1CDF5F4B-84D8-45D2-A143-82975487FD6A}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{A227A85A-3EC1-478F-A971-2D6A0F1F6AC3}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{ED4AD3D4-C2D5-441A-9228-E4F4EB8A29FC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{9B7E2890-B800-4F0B-9937-C32C8FB57CA1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{4F8D4BD5-BF75-49FD-8B38-C99BE82B432D}] => (Allow) C:\Users\Treasure\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [{3C60AB4B-BC87-4573-9A3C-661DE02897F2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{16E73232-7B4B-4FCA-A935-65D80FF0E44E}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{C764DFFC-25A3-4FB2-B44F-3C82FDF7C729}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{519A0E1E-D234-4218-BBC3-FA1842F3248D}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{2F795429-46B5-4F83-8CC6-F7707B0C28B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{587D5DF1-1A62-4FA3-A45E-4BE4C607D5EB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{7B41C135-7B7C-428A-83C6-375BE7C1BA57}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{14FC43C6-AB4E-417A-AA12-FC2091FAE016}] => (Allow) C:\Users\Treasure\AppData\Local\Temp\7zS40F6.tmp\SymNRT.exe
    FirewallRules: [{8F723C6F-5635-4EE1-8D9E-70DA64A44DAB}] => (Allow) C:\Users\Treasure\AppData\Local\Temp\7zS40F6.tmp\SymNRT.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/27/2015 01:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (09/27/2015 01:26:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 15.1.168.192.in-addr.arpa. PTR Treasure-PC.local.

    Error: (09/27/2015 01:26:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.15:5353 21 15.1.168.192.in-addr.arpa. PTR Treasure-PC-2.local.

    Error: (09/27/2015 01:26:16 PM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Invalid configuration file

    Error: (09/27/2015 01:26:16 PM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Cannot Open Service Log File: C:\Program Files (x86)\Hotspot Shield\log\oas.log

    Error: (09/26/2015 01:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 15.1.168.192.in-addr.arpa. PTR Treasure-PC.local.

    Error: (09/26/2015 01:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.15:5353 21 15.1.168.192.in-addr.arpa. PTR Treasure-PC-2.local.

    Error: (09/26/2015 01:24:26 AM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Invalid configuration file

    Error: (09/26/2015 01:24:26 AM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Cannot Open Service Log File: C:\Program Files (x86)\Hotspot Shield\log\oas.log

    Error: (09/24/2015 07:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15600


    System errors:
    =============
    Error: (09/27/2015 01:33:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (09/27/2015 01:27:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (09/27/2015 01:27:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (09/27/2015 01:26:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TelevisionFanaticService service failed to start due to the following error:
    %%2

    Error: (09/27/2015 01:26:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter service to connect.

    Error: (09/27/2015 01:25:25 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume C:.

    Error: (09/27/2015 01:25:25 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume TI106045W0C encountered a non-retryable error and could not start. The data contains the error code.

    Error: (09/26/2015 01:25:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Superfetch service terminated with service-specific error %%0.

    Error: (09/26/2015 01:25:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Remote Access Connection Manager service terminated with service-specific error %%-1073610704.

    Error: (09/26/2015 01:24:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TelevisionFanaticService service failed to start due to the following error:
    %%2


    CodeIntegrity:
    ===================================
    Date: 2013-10-18 13:36:50.712
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-18 13:36:50.535
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-18 13:36:39.758
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-18 13:36:39.571
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 76%
    Total physical RAM: 3890.68 MB
    Available physical RAM: 897.96 MB
    Total Virtual: 7779.56 MB
    Available Virtual: 4734.18 MB

    ==================== Drives ================================

    Drive c: (TI106045W0C) (Fixed) (Total:582.67 GB) (Free:220.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 62FD86AC)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=582.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

    ==================== End of Addition.txt ============================

  4. #4
    Member
    Join Date
    Sep 2015
    Posts
    15
    Points
    0

    Default Bad image popup error

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-09-2015 01
    Ran by Treasure (administrator) on TREASURE-PC (27-09-2015 13:33:51)
    Running from C:\Users\Treasure\Desktop
    Loaded Profiles: Treasure (Available Profiles: Treasure)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    () C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    (PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    (TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
    (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
    (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\sdclt.exe
    (Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
    (Microsoft Corporation) C:\Windows\System32\CompatTel\diagtrackrunner.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-09-22] (AVAST Software)
    HKLM-x32\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg"&"inst=NzctMjE3MzcwMjA4Mi1TVDEwRk9JKzEtVFJNMjkrMS1UUk0zMCsxLUNJRDI0MFUrM (the data entry has 81 more characters).
    HKLM-x32\...\runonceex: [] => [X]
    Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-30] (SUPERAntiSpyware)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Run: [Google Update] => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-22] (Google Inc.)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Run: [Google Photos Backup] => C:\Users\Treasure\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3787080 2015-08-26] (Google, Inc)
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\MountPoints2: F - F:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\MountPoints2: {9d910f2a-5889-11e3-a78a-1c750871bbcc} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\MountPoints2: {bc84e147-587d-11e3-87b0-1c750871bbcc} - E:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2088.1.A02B07 PID_0083 {01D42BF0-ED08-463f-8A28-99EB6FEE962B}
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess?
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => No File
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => No File
    AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => No File
    AppInit_DLLs-x32: c:\progra~2\gs-ena~1\assist~1.dll => c:\Program Files (x86)\GS-ENA~1\ASSIST~1.DLL [20 2015-01-03] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-22] (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{3C460369-B635-4B40-8879-C4CD5E685DD7}: [NameServer] 8.8.8.8 8.8.4.4
    Tcpip\..\Interfaces\{5F01FA5E-4FF0-4BD2-AC15-05CAF79AE3CD}: [DhcpNameServer] 8.8.8.8
    Tcpip\..\Interfaces\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}: [NameServer] 8.8.8.8
    Tcpip\..\Interfaces\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}: [DhcpNameServer] 192.168.1.1
    Tcpip\..\Interfaces\{AF3BD8A0-665D-4F81-9386-378CE0B9B7DA}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130874852228954854&GUID=00000000-0000-0000-0000-000000000000
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130874852243925710&GUID=00000000-0000-0000-0000-000000000000
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130874852258306533&GUID=00000000-0000-0000-0000-000000000000
    SearchScopes: HKLM -> DefaultScope {6FC856EE-A927-4952-967E-47B0A176C814} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {6FC856EE-A927-4952-967E-47B0A176C814} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM-x32 -> DefaultScope {6295F795-E3AA-40B1-BEDA-ED399866A41B} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=2F13A612A5DD444DA7FD207A1089C501&tb_oid=06-03-2013&tb_mrud=06-03-2013
    SearchScopes: HKLM-x32 -> {AE502EA7-347F-4129-BE99-A29D30F77A03} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    SearchScopes: HKU\.DEFAULT -> DefaultScope {AE502EA7-347F-4129-BE99-A29D30F77A03} URL =
    SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=509F0963-3363-4146-B18A-163105FAE963&apn_sauid=85343A21-EA40-4503-AB64-131DB00794DB
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> DefaultScope {406BA7AA-C1D2-4EF7-936B-B171CD6CDD24} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {0A6AE8B0-A6B8-4E94-8186-12A8C6695459} URL = hxxp://answers.microsoft.com/en-us/Search/Search?SearchTerm={searchTerms}
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {406BA7AA-C1D2-4EF7-936B-B171CD6CDD24} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {6FC856EE-A927-4952-967E-47B0A176C814} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    BHO: SiteRanker -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> No File
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2014-04-06] (RealDownloader)
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-22] (AVAST Software)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
    BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
    BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn9\yt.dll [2013-08-07] (Yahoo! Inc.)
    BHO-x32: No Name -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> C:\Program Files (x86)\SiteRanker\SiteRank.dll [2014-04-03] (Crawler, LLC)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2014-04-06] (RealDownloader)
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO-x32: No Name -> {871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062} -> No File
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-22] (AVAST Software)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-18] (Oracle Corporation)
    BHO-x32: GretechBHO Class -> {F0181C6E-9218-4792-9F3C-E8DF52B2F1AC} -> C:\Program Files (x86)\GRETECH\GomPicker\GomPickerBHO.dll [2013-10-24] (Gretech Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
    BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2011-10-06] (Yahoo! Inc)
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
    DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926
    FF SearchEngineOrder.3: Bing
    FF DefaultSearchEngine: Bing
    FF SelectedSearchEngine: Bing
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
    FF Homepage: hxxp://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\system32\Adobe\Director\np32dsw.dll [No File]
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2013-10-01] ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\windows\SysWOW64\npDeployJava1.dll [2012-11-18] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll [No File]
    FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2012-11-18] (Oracle Corporation)
    FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2011-11-24] (Yahoo! Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-27] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-05-02] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2014-04-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-04-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=17.0.9 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2014-04-06] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=17.0.9.17 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-05-02] (RealPlayer Cloud)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Treasure\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Treasure\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Treasure\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-22] (Google Inc.)
    FF Plugin HKU\S-1-5-21-2628051247-848522789-837856156-1001: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Treasure\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-10-19] (Yahoo! Inc.)
    FF user.js: detected! => C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\user.js [2014-08-07]
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\searchplugins\bingp.xml [2015-05-02]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\sweettunes_search.xml [2013-12-15]
    FF Extension: Ask Toolbar - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\Extensions\toolbar@ask.com [2013-12-13]
    FF Extension: QuickShare Widget - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\Extensions\{817a8d7a-a5e5-114c-3cb9-930b20c6db19} [2013-10-13]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2013-12-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
    FF Extension: No Name - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha606\ff [not found]
    FF Extension: No Name - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\extensions\4fdacf00-e9c4-4ad5-b4cf-bf9800f184f6@36857116-74e0-4973-936f-860cd2a102a9.com [not found]
    FF Extension: No Name - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\extensions\speedanalysis03@SpeedAnalysis.com.xpi [not found]
    FF Extension: No Name - C:\Users\Treasure\AppData\Roaming\Mozilla\Firefox\Profiles\3d6t9isi.default-1377276169926\extensions\e2fd07a6-e282-4f2e-8965-85565fcb6384@b69158e6-3c3b-476c-9d98-ae5838c5b707.com [not found]
    FF Extension: No Name - C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta559\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha563\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1899\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha4355\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home8958\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode7614\ff [not found]
    FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release4833\ff [not found]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HomePage: Default -> hxxp://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    CHR Profile: C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Avast Online Security) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-09-22]
    CHR Extension: (RealPlayer Downloader) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-01-17]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-09-22]
    CHR Extension: (Skype Click to Call) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-09-22]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-22]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2014-04-06]
    CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - <no Path/update_url>
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-22] (AVAST Software)
    R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4048280 2015-09-22] (Avast Software)
    R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-01-20] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-01-20] (BlueStack Systems, Inc.)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
    S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
    R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [408576 2010-06-07] (Red Bend Ltd.) [File not signed]
    S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [523632 2012-10-12] (AnchorFree Inc.)
    R2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [389488 2012-10-11] ()
    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
    R2 KinoniSvc; C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [529408 2012-09-12] () [File not signed]
    R2 Kodak Cloud Software Connector; C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe [1542320 2013-09-11] () [File not signed]
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-07-19] ()
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
    R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39568 2014-04-06] ()
    R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-05-02] (RealNetworks, Inc.)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-04-07] () [File not signed]
    R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [911872 2010-06-07] (Intel(R) Corporation) [File not signed]
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
    S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
    S2 TelevisionFanaticService; C:\PROGRA~2\TELEVI~2\bar\1.bin\64barsvc.exe [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2010-10-18] (Google Inc)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-22] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-22] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-22] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-22] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-09-22] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-09-22] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-09-22] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-22] (AVAST Software)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [115472 2014-01-20] (BlueStack Systems)
    S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
    R1 ElRawDisk; C:\windows\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
    R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
    R3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2012-09-12] (Windows (R) Win 7 DDK provider)
    R3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2012-09-12] (Windows (R) Win 7 DDK provider)
    S3 massfilter_hs; C:\windows\system32\drivers\massfilter_hs.sys [20232 2012-06-20] (HandSet Incorporated)
    R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
    R0 ngvss; C:\Windows\System32\Drivers\ngvss.sys [132656 2015-09-22] (AVAST Software)
    S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
    S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [274336 2015-09-22] (Avast Software)
    S3 cpuz136; \??\C:\Users\Treasure\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 13:33 - 2015-09-27 13:35 - 00031567 _____ C:\Users\Treasure\Desktop\FRST.txt
    2015-09-27 13:32 - 2015-09-27 13:34 - 00000000 ____D C:\FRST
    2015-09-27 13:30 - 2015-09-27 13:31 - 02192384 _____ (Farbar) C:\Users\Treasure\Desktop\FRST64.exe
    2015-09-23 20:47 - 2015-09-25 17:24 - 00015225 _____ C:\Users\Treasure\Desktop\hijackthis.log
    2015-09-23 19:46 - 2015-09-23 19:46 - 00388608 _____ (Trend Micro Inc.) C:\Users\Treasure\Desktop\HijackThis.exe
    2015-09-23 17:52 - 2015-09-23 18:28 - 00574732 _____ C:\Users\Treasure\Desktop\avgremover.log
    2015-09-23 17:43 - 2015-09-23 17:50 - 01819488 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Treasure\Desktop\avg_remover_stf_x64_2011_1322.exe
    2015-09-22 19:06 - 2015-09-22 19:07 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
    2015-09-22 19:06 - 2015-09-22 19:06 - 00958104 _____ C:\Users\Treasure\Desktop\Norton_Removal_Tool.exe
    2015-09-22 18:23 - 2015-09-22 18:23 - 00000000 ____D C:\Users\Treasure\AppData\Local\{5DDAB071-8F25-4999-8AF8-CF7C26ABD7E5}
    2015-09-22 17:09 - 2015-09-22 17:09 - 00000868 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core1d0f57b6e4bac2.job
    2015-09-22 16:58 - 2015-09-22 17:08 - 00000000 ____D C:\windows\SysWOW64\vbox
    2015-09-22 16:58 - 2015-09-22 17:08 - 00000000 ____D C:\windows\system32\vbox
    2015-09-22 16:56 - 2015-09-22 16:56 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\AVAST Software
    2015-09-22 16:51 - 2015-09-22 16:51 - 00001933 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-09-22 16:51 - 2015-09-22 16:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-09-22 16:50 - 2015-09-22 16:50 - 00448968 _____ (AVAST Software) C:\windows\system32\Drivers\aswSP.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00378880 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
    2015-09-22 16:50 - 2015-09-22 16:50 - 00274808 _____ (AVAST Software) C:\windows\system32\Drivers\aswVmm.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00153744 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00093528 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00090968 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00065224 _____ (AVAST Software) C:\windows\system32\Drivers\aswRvrt.sys
    2015-09-22 16:50 - 2015-09-22 16:50 - 00028656 _____ (AVAST Software) C:\windows\system32\Drivers\aswHwid.sys
    2015-09-22 16:50 - 2015-09-22 16:49 - 01049880 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
    2015-09-22 16:50 - 2015-09-22 16:49 - 00132656 _____ (AVAST Software) C:\windows\system32\Drivers\ngvss.sys
    2015-09-22 16:49 - 2015-09-22 16:49 - 00043112 _____ (AVAST Software) C:\windows\avastSS.scr
    2015-09-22 16:46 - 2015-09-22 16:46 - 00000000 ____D C:\Program Files\AVAST Software
    2015-09-22 16:42 - 2015-09-22 16:42 - 05481336 _____ (Avast Software s.r.o.) C:\Users\Treasure\Downloads\avast_free_antivirus_setup_online_cnet.exe
    2015-09-22 16:42 - 2015-09-22 16:42 - 00000000 ____D C:\ProgramData\AVAST Software
    2015-09-22 15:19 - 2015-09-22 15:19 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f56ba7386524.job
    2015-09-22 00:32 - 2015-09-25 23:40 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
    2015-09-22 00:25 - 2015-09-22 06:54 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-09-22 00:25 - 2015-09-22 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-09-22 00:25 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
    2015-09-22 00:25 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
    2015-09-22 00:25 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
    2015-09-22 00:23 - 2015-09-22 00:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-09-22 00:20 - 2015-09-22 00:21 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Treasure\Downloads\mbam-setup-2.1.8.1057.exe
    2015-09-21 23:40 - 2015-09-21 23:40 - 18819272 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
    2015-09-21 22:44 - 2015-09-21 22:44 - 00000000 ____D C:\SUPERDelete
    2015-09-21 22:35 - 2015-09-21 22:35 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\SUPERAntiSpyware.com
    2015-09-21 22:34 - 2015-09-22 06:54 - 00001857 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    2015-09-21 22:33 - 2015-09-21 22:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-09-21 22:33 - 2015-09-21 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-09-21 22:33 - 2015-09-21 22:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-09-21 22:29 - 2015-09-21 22:29 - 23467080 _____ (SUPERAntiSpyware) C:\Users\Treasure\Downloads\SUPERAntiSpyware.exe
    2015-09-20 17:58 - 2015-09-20 17:58 - 00000368 _____ C:\windows\Tasks\0915wtUpdateInfo.job
    2015-09-20 17:58 - 2015-09-20 17:58 - 00000000 ____D C:\ProgramData\Avg_Update_0915wt
    2015-09-19 23:10 - 2015-09-22 06:54 - 00001047 _____ C:\Users\Public\Desktop\KeyFinder.lnk
    2015-09-19 23:10 - 2015-09-19 23:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
    2015-09-19 23:10 - 2015-09-19 23:10 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
    2015-09-19 23:08 - 2015-09-19 23:08 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Treasure\Downloads\KeyFinderInstaller.exe
    2015-09-05 21:08 - 2015-09-05 21:08 - 390134666 _____ C:\windows\MEMORY.DMP
    2015-09-05 21:08 - 2015-09-05 21:08 - 00262144 _____ C:\windows\Minidump\090515-122647-01.dmp
    2015-09-01 22:26 - 2015-09-01 22:26 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\dvdcss

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-09-27 13:35 - 2010-10-29 00:08 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    2015-09-27 13:31 - 2009-07-14 00:45 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-09-27 13:31 - 2009-07-14 00:45 - 00019248 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-09-27 13:31 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
    2015-09-27 13:26 - 2013-02-01 21:05 - 00065536 _____ C:\windows\system32\Ikeext.etl
    2015-09-27 13:26 - 2012-02-12 16:27 - 00000000 ____D C:\ProgramData\Kodak
    2015-09-27 13:26 - 2011-12-01 23:48 - 00000050 _____ C:\windows\system32\SupplicantTest.log
    2015-09-27 13:26 - 2010-10-29 00:08 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    2015-09-27 13:25 - 2014-08-03 20:03 - 00070260 _____ C:\windows\setupact.log
    2015-09-27 13:25 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
    2015-09-26 01:20 - 2011-12-01 23:21 - 01212365 _____ C:\windows\WindowsUpdate.log
    2015-09-26 01:06 - 2014-02-14 11:57 - 00000920 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job
    2015-09-26 00:40 - 2014-01-17 17:01 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
    2015-09-25 22:57 - 2012-05-12 07:47 - 00000940 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job
    2015-09-25 22:07 - 2012-01-14 11:40 - 00000000 ____D C:\ProgramData\TEMP
    2015-09-25 19:57 - 2012-05-12 07:47 - 00000918 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job
    2015-09-23 18:29 - 2012-07-12 21:44 - 00495616 ___SH C:\Users\Treasure\Desktop\Thumbs.db
    2015-09-23 18:09 - 2012-07-26 18:44 - 00000000 ____D C:\Program Files (x86)\BearShare Applications
    2015-09-22 19:36 - 2011-12-07 20:06 - 00000000 ____D C:\Users\Treasure\AppData\Local\Google
    2015-09-22 19:14 - 2014-08-03 22:01 - 03012436 _____ C:\windows\PFRO.log
    2015-09-22 19:11 - 2011-12-01 23:51 - 00000000 ____D C:\ProgramData\Norton
    2015-09-22 19:11 - 2011-12-01 23:51 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
    2015-09-22 18:24 - 2011-12-11 11:56 - 00000000 ____D C:\Users\Treasure\AppData\Local\CrashDumps
    2015-09-22 18:06 - 2012-02-11 10:51 - 00000000 ____D C:\Users\Treasure\AppData\Local\Conduit
    2015-09-22 17:09 - 2014-02-14 11:57 - 00000868 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job
    2015-09-22 17:04 - 2013-12-31 23:23 - 00000000 ____D C:\Program Files (x86)\AVG
    2015-09-22 16:58 - 2013-12-31 23:15 - 00000000 ____D C:\ProgramData\MFAData
    2015-09-22 16:24 - 2012-06-08 09:29 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\BitTorrent
    2015-09-22 15:34 - 2014-01-17 17:02 - 00002073 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2015-09-22 07:18 - 2014-08-16 15:29 - 00000000 ____D C:\Program Files (x86)\GS-ENA~1
    2015-09-22 07:18 - 2014-03-07 13:03 - 00000000 ____D C:\ProgramData\50Coupoins
    2015-09-22 07:18 - 2012-05-14 12:23 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
    2015-09-22 07:14 - 2009-07-14 00:45 - 00333072 _____ C:\windows\system32\FNTCACHE.DAT
    2015-09-22 07:12 - 2009-07-13 23:20 - 00000000 ____D C:\windows\IME
    2015-09-22 06:54 - 2015-08-20 08:39 - 00000913 _____ C:\Users\Public\Desktop\CyberGhost VPN.lnk
    2015-09-22 06:54 - 2014-10-30 13:50 - 00001071 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-09-22 06:54 - 2014-08-03 19:22 - 00000871 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2015-09-22 06:54 - 2014-08-03 17:56 - 00002039 _____ C:\Users\Public\Desktop\PC HealthBoost.lnk
    2015-09-22 06:54 - 2014-06-07 18:19 - 00000971 _____ C:\Users\Public\Desktop\BitTorrent Sync.lnk
    2015-09-22 06:54 - 2014-05-02 23:37 - 00001004 _____ C:\Users\Public\Desktop\RealPlayer Cloud.lnk
    2015-09-22 06:54 - 2014-04-19 13:42 - 00002125 _____ C:\Users\Public\Desktop\Play Games.lnk
    2015-09-22 06:54 - 2014-02-08 15:39 - 00002023 _____ C:\Users\Public\Desktop\KODAK Cloud Software Connector.lnk
    2015-09-22 06:54 - 2014-02-08 14:02 - 00001951 _____ C:\Users\Public\Desktop\PrintProjects.lnk
    2015-09-22 06:54 - 2014-02-08 14:01 - 00002161 _____ C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
    2015-09-22 06:54 - 2014-02-08 14:00 - 00002080 _____ C:\Users\Public\Desktop\Get CleanPrint.lnk
    2015-09-22 06:54 - 2014-02-05 16:10 - 00001258 _____ C:\Users\Public\Desktop\More Great Games.lnk
    2015-09-22 06:54 - 2014-02-03 18:38 - 00001865 _____ C:\Users\Public\Desktop\Apps.lnk
    2015-09-22 06:54 - 2014-02-03 18:38 - 00001812 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
    2015-09-22 06:54 - 2013-12-14 20:02 - 00001178 _____ C:\Users\Public\Desktop\GOM Video Converter.lnk
    2015-09-22 06:54 - 2013-10-05 19:37 - 00001788 _____ C:\Users\Public\Desktop\iTunes.lnk
    2015-09-22 06:54 - 2013-08-29 20:47 - 00001008 _____ C:\Users\Public\Desktop\RZ MP4 To DVD Converter.lnk
    2015-09-22 06:54 - 2013-08-29 19:58 - 00001002 _____ C:\Users\Public\Desktop\RZ Free Burner.lnk
    2015-09-22 06:54 - 2013-02-01 07:58 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-09-22 06:54 - 2012-05-11 17:57 - 00001140 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    2015-09-22 06:54 - 2012-03-28 21:03 - 00001932 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
    2015-09-22 06:54 - 2012-03-28 21:03 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
    2015-09-22 06:54 - 2011-12-11 15:04 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2015-09-22 06:54 - 2011-12-01 23:56 - 00001722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
    2015-09-22 06:54 - 2011-12-01 23:49 - 00002123 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00001469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    2015-09-22 06:54 - 2010-10-29 00:13 - 00001316 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    2015-09-22 06:54 - 2010-10-29 00:07 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
    2015-09-22 06:54 - 2010-10-28 23:13 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    2015-09-22 06:54 - 2010-10-28 23:13 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001352 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    2015-09-22 06:54 - 2009-07-14 00:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    2015-09-22 06:54 - 2009-07-14 00:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    2015-09-22 06:53 - 2015-08-20 11:02 - 00001077 _____ C:\Users\Treasure\Desktop\VLC media player.lnk
    2015-09-22 06:53 - 2014-06-07 18:19 - 00000983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BitTorrent Sync.lnk
    2015-09-22 06:53 - 2014-01-04 17:04 - 00001424 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-09-22 06:53 - 2013-10-31 15:49 - 00000889 _____ C:\Users\Treasure\Desktop\BitTorrent.lnk
    2015-09-22 06:53 - 2013-10-31 15:49 - 00000869 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
    2015-09-22 06:53 - 2012-11-22 05:06 - 00001835 _____ C:\Users\Treasure\Desktop\Spotify.lnk
    2015-09-22 06:53 - 2012-11-22 05:06 - 00001821 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
    2015-09-22 06:53 - 2012-11-02 17:20 - 00001157 _____ C:\Users\Treasure\Desktop\Hotspot Shield Launch.lnk
    2015-09-22 06:53 - 2012-06-05 22:53 - 00000960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
    2015-09-22 06:53 - 2012-04-09 21:47 - 00001208 _____ C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Video Converter.lnk
    2015-09-22 06:53 - 2011-12-10 18:09 - 00000990 _____ C:\Users\Treasure\Desktop\Tixati.lnk
    2015-09-22 06:53 - 2009-07-14 01:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
    2015-09-22 06:53 - 2009-07-14 00:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
    2015-09-22 06:52 - 2013-12-15 01:17 - 00000000 ____D C:\Users\Treasure\AppData\Local\NativeMessaging
    2015-09-22 06:52 - 2012-06-10 13:58 - 00000000 ____D C:\ProgramData\InstallMate
    2015-09-22 06:50 - 2012-12-06 19:36 - 00000000 ____D C:\Program Files (x86)\YourFileDownloader
    2015-09-21 23:40 - 2012-05-11 17:57 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
    2015-09-21 23:40 - 2011-12-09 00:42 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
    2015-09-21 22:47 - 2012-05-20 05:34 - 00000000 ____D C:\Users\Treasure\AppData\Local\The Weather Channel
    2015-09-20 00:42 - 2013-08-20 22:51 - 00000000 ____D C:\windows\system32\MRT
    2015-09-19 16:09 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\NDF
    2015-09-19 15:36 - 2013-12-07 08:43 - 00069666 _____ C:\Users\Treasure\AppData\Local\installer.log
    2015-09-05 21:08 - 2013-03-03 11:02 - 00000000 ____D C:\windows\Minidump
    2015-09-02 00:51 - 2011-12-10 18:09 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\tixati
    2015-09-02 00:48 - 2014-10-30 13:50 - 00000000 ____D C:\Users\Treasure\AppData\Roaming\vlc
    2015-09-01 21:44 - 2014-01-17 17:01 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
    2015-09-01 20:48 - 2012-07-12 19:20 - 00000000 ____D C:\windows\SysWOW64\cache
    2015-08-28 14:29 - 2009-07-14 01:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
    2015-08-28 14:25 - 2011-12-07 20:05 - 00059488 _____ C:\Users\Treasure\AppData\Local\GDIPFONTCACHEV1.DAT

    ==================== Files in the root of some directories =======

    2013-09-28 01:12 - 2014-01-08 20:52 - 0003736 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
    2013-11-26 19:30 - 2013-11-26 23:47 - 0000570 _____ () C:\Users\Treasure\AppData\Roaming\com.zoosk.Desktop_state.xml
    2012-01-13 22:22 - 2012-01-14 18:18 - 0007744 _____ () C:\Users\Treasure\AppData\Roaming\db6a8a10
    2013-08-02 06:29 - 2013-08-02 18:39 - 0000077 _____ () C:\Users\Treasure\AppData\Roaming\Rim.Desktop.Exception.log
    2013-08-01 23:53 - 2013-10-13 17:49 - 0002021 _____ () C:\Users\Treasure\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2013-08-02 06:29 - 2013-08-02 18:39 - 0000077 _____ () C:\Users\Treasure\AppData\Roaming\Rim.DesktopHelper.Exception.log
    2012-01-13 22:22 - 2012-01-14 18:18 - 0007720 _____ () C:\Users\Treasure\AppData\Local\d1d93724
    2013-01-31 19:43 - 2015-08-18 05:02 - 0020992 _____ () C:\Users\Treasure\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-12-07 08:43 - 2015-09-19 15:36 - 0069666 _____ () C:\Users\Treasure\AppData\Local\installer.log
    2014-10-09 12:26 - 2014-10-09 12:26 - 0004592 _____ () C:\Users\Treasure\AppData\Local\recently-used.xbel
    2012-01-13 22:22 - 2012-01-14 18:18 - 0007745 _____ () C:\ProgramData\8d876bf8
    2013-06-30 16:14 - 2013-06-30 16:28 - 0000000 _____ () C:\ProgramData\g252qs.txt
    2013-01-27 21:08 - 2013-01-27 21:09 - 0000319 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
    ZeroAccess:
    C:\Users\Treasure\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\Program Files (x86)\Google\Desktop\Install

    Some files in TEMP:
    ====================
    C:\Users\Treasure\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\Treasure\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\Treasure\AppData\Local\Temp\jtxmvex8.dll
    C:\Users\Treasure\AppData\Local\Temp\lowproc.exe
    C:\Users\Treasure\AppData\Local\Temp\MachineIdCreator.exe
    C:\Users\Treasure\AppData\Local\Temp\oi_{5EE1E3DA-9921-4803-8725-E079066EC7B2}.exe
    C:\Users\Treasure\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\Treasure\AppData\Local\Temp\SDShelEx-x64.dll
    C:\Users\Treasure\AppData\Local\Temp\SkypeSetup.exe
    C:\Users\Treasure\AppData\Local\Temp\stubhelper.dll
    C:\Users\Treasure\AppData\Local\Temp\UNINSTALL.EXE
    C:\Users\Treasure\AppData\Local\Temp\uttD183.tmp.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\windows\system32\winlogon.exe => File is digitally signed
    C:\windows\system32\wininit.exe => File is digitally signed
    C:\windows\SysWOW64\wininit.exe => File is digitally signed
    C:\windows\explorer.exe => File is digitally signed
    C:\windows\SysWOW64\explorer.exe => File is digitally signed
    C:\windows\system32\svchost.exe => File is digitally signed
    C:\windows\SysWOW64\svchost.exe => File is digitally signed
    C:\windows\system32\services.exe => File is digitally signed
    C:\windows\system32\User32.dll => File is digitally signed
    C:\windows\SysWOW64\User32.dll => File is digitally signed
    C:\windows\system32\userinit.exe => File is digitally signed
    C:\windows\SysWOW64\userinit.exe => File is digitally signed
    C:\windows\system32\rpcss.dll => File is digitally signed
    C:\windows\system32\dnsapi.dll => File is digitally signed
    C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender


    LastRegBack: 2015-09-06 16:25

    ==================== End of FRST.txt ============================

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
    Ran by Treasure (2015-09-27 13:36:33)
    Running from C:\Users\Treasure\Desktop
    Windows 7 Home Premium Service Pack 1 (X64) (2011-12-08 00:04:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2628051247-848522789-837856156-500 - Administrator - Disabled)
    Guest (S-1-5-21-2628051247-848522789-837856156-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2628051247-848522789-837856156-1002 - Limited - Enabled)
    Treasure (S-1-5-21-2628051247-848522789-837856156-1001 - Administrator - Enabled) => C:\Users\Treasure

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.1.3 - )
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
    Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
    aioprnt (x32 Version: 3.12.0000.0000 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 3.12.0000.0000 - Eastman Kodak Company) Hidden
    aioscnnr (x32 Version: 7.6.13.10 - Your Company Name) Hidden
    Amazon Kindle (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Amazon Kindle) (Version: - Amazon)
    Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
    ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
    ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
    ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
    ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
    ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
    ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
    BearShare (x32 Version: 10.0.0.126209 - Musiclab, LLC) Hidden
    Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.2.0.6 - )
    BitTorrent (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\BitTorrent) (Version: 7.9.5.41074 - BitTorrent Inc.)
    BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 1.3.105 - )
    BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
    BlueStacks Notification Center (HKLM-x32\...\{783DCCCB-FBD0-4D1D-928D-7075DA8015E6}) (Version: 0.8.5.3042 - BlueStack Systems, Inc.)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Cake Mania - Lights, Camera, Action!(TM) (x32 Version: 2.2.0.95 - WildTangent) Hidden
    CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
    CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    center (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
    Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Connect DLC 5 Toolbar for IE (HKLM-x32\...\IECT3306061) (Version: 6.17.2.8 - Connect DLC 5) <==== ATTENTION
    CoreAAC (HKLM-x32\...\CoreAAC) (Version: - )
    CyberGhost VPN (HKLM\...\CyberGhost VPN_is1) (Version: - CyberGhost S.R.L.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Defaulttab (HKLM-x32\...\DefaultTab) (Version: 2.4.8.1 - Search Results, LLC) <==== ATTENTION
    ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    essentials (x32 Version: 7.7.2.0 - Eastman Kodak Company) Hidden
    ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
    essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    GigaClicks Crawler (HKLM-x32\...\GigaClicks Crawler) (Version: 3.0.31.0 - GigaClicks Inc.) <==== ATTENTION
    GOM Picker (HKLM-x32\...\GOM Picker) (Version: 1.0.0.5 - Gretech Corporation)
    GOM Video Converter (HKLM-x32\...\GOM Video Converter) (Version: 1.1.0.60 - Gretech Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.99 - Google Inc.)
    Google Photos Backup (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Google Photos Backup) (Version: 1.1.0.248 - Google, Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Hotspot Shield 2.74 (HKLM-x32\...\HotspotShield) (Version: 2.74 - AnchorFree)
    ImTOO iPod Computer Transfer (HKLM-x32\...\ImTOO iPod Computer Transfer) (Version: 5.1.0.0117 - ImTOO)
    Intel WiMAX Tutorial (HKLM\...\{4F26C164-9373-4974-8F43-E0F2176AF937}) (Version: 1.5.4.0 - Intel Corporation)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2993 - Intel Corporation)
    Intel(R) PROSet/Wireless WiFi Software (HKLM\...\{4327107B-E95E-415C-9194-458FCED6BF12}) (Version: 13.03.0000 - Intel Corporation)
    Intel® PROSet/Wireless WiMAX Software (HKLM\...\{6548B189-BEA4-4041-80E0-AEB60548E046}) (Version: 2.03.0005 - Intel Corporation)
    Intel® Wireless Display (HKLM\...\{C298FF86-AB23-4B58-AC53-A23383C07B3A}) (Version: 1.2.20.0 - Intel Corporation)
    Internet Explorer Toolbar 4.6 by SweetPacks (HKLM-x32\...\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}) (Version: 4.6.0004 - SweetIM Technologies Ltd.) <==== ATTENTION
    IPP Run-Time 5.3 (HKLM-x32\...\IPP Run-Time 5.3) (Version: - )
    iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.)
    Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
    Java(TM) 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
    JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
    JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.44.1 - JMicron Technology Corp.)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kaspersky Security Scan (HKLM-x32\...\{5D4875F6-89D1-4E9C-B7B9-9164C9D20C9C}) (Version: 1.0.0.500 - KSS)
    KeyBar 1.13 Toolbar (HKLM-x32\...\KeyBar_1.13 Toolbar) (Version: 6.14.0.28 - KeyBar 1.13)
    kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
    kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
    KinoniDrivers 2.7.1 (HKLM-x32\...\KinoniDrivers) (Version: 2.7.1 - Kinoni)
    Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
    KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
    KODAK Cloud Software Connector (HKLM-x32\...\{12A985FE-1E10-4FB2-B3F9-C8B4FB4D905F}) (Version: 1.0.9.20 - Eastman Kodak Company)
    Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    MediaPlayerLite 0.3 (HKLM-x32\...\MediaPlayerLite) (Version: 0.3 - Amnis Technology Ltd)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Home and Business 2010 - English (HKLM-x32\...\{90140011-0062-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Mozilla Firefox 26.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
    MPEG2 Codec(libmpeg2/mad) (HKLM-x32\...\MPEG2 Codec(libmpeg2/mad)) (Version: - )
    Mplayer 0.6.9 (HKLM-x32\...\Mplayer) (Version: 0.6.9 - )
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
    netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
    OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
    PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
    PDF Reader (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\PDF Reader) (Version: - )
    PL-2303 USB-to-Serial (x32 Version: 1.00.000 - Prolific Technology INC) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    Plus-HD-2.2 (HKLM-x32\...\Plus-HD-2.2) (Version: 1.27.153.10 - Plus HD) <==== ATTENTION
    Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
    PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
    PrintProjects (HKLM-x32\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
    RealDownloader (x32 Version: 17.0.9 - RealNetworks, Inc.) Hidden
    RealNetworks - Microsoft Visual C++ 2005 Runtime (x32 Version: 8.0 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.9 - RealNetworks)
    Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.20.503.2010 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    RZ Free Burner (HKLM-x32\...\{5ED1A10B-1287-416D-A7FE-54EE365D91E1}) (Version: 3.00 - RealZeal Soft)
    RZ MP4 To DVD Converter (HKLM-x32\...\{41BC14E8-DED0-434D-8448-C33C1AE04340}) (Version: 3.20 - RealZeal Soft)
    SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
    SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
    SiteRanker (HKLM-x32\...\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1) (Version: 1.0.0.29 - Crawler, LLC) <==== ATTENTION
    skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
    Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
    Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden
    SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
    Spotify (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Spotify) (Version: 1.0.3.101.gbfa97dfe - Spotify AB)
    staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Strongvault Online Backup (x32 Version: 5.0.2.34 - Strongvault Online Backup) Hidden <==== ATTENTION
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1204 - SUPERAntiSpyware.com)
    SweetIM for Messenger 3.7 (HKLM-x32\...\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}) (Version: 3.7.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
    SweetPacks bundle uninstaller (HKLM-x32\...\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}) (Version: 1.0.0001 - SweetIM Technologies Ltd.) <==== ATTENTION
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
    TelevisionFanatic Firefox Toolbar (HKLM-x32\...\TelevisionFanaticbar Uninstall Firefox) (Version: - Mindspark Interactive Network) <==== ATTENTION
    The Treasures of Montezuma 3 (HKLM-x32\...\BFG-The Treasures of Montezuma 3) (Version: - )
    Tixati (HKLM-x32\...\tixati) (Version: - )
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
    Toshiba Book Place (HKLM-x32\...\{39187A4B-7538-4BE7-8BAD-9E83303793AA}) (Version: 2.0.5271 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
    TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.2.12-A - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.18.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
    TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.26C - TOSHIBA CORPORATION)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.4 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.6.22 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.8.64 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.1.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.16.64 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.1.2 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.16 - TOSHIBA Corporation)
    ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
    Tube2File (HKLM-x32\...\Tube2File) (Version: - )
    Un-Zip for Windows 9.22beta (HKLM-x32\...\Un-Zip for Windows) (Version: - )
    Update Manager for SweetPacks 1.1 (HKLM-x32\...\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}) (Version: 1.1.0008 - SweetIM Technologies Ltd.) <==== ATTENTION
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
    Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.1.5 - WildTangent)
    WildTangent ORB Game Console (x32 Version: - WildTangent) Hidden
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
    Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\Yahoo! BrowserPlus) (Version: - Yahoo! Inc.)
    Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
    Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )
    Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Restore Points =========================

    23-09-2015 03:16:30 Windows Modules Installer
    23-09-2015 04:29:21 Windows Modules Installer
    23-09-2015 10:31:29 Windows Modules Installer
    23-09-2015 12:55:52 Windows Modules Installer
    24-09-2015 03:00:38 Windows Update
    25-09-2015 16:55:33 Windows Update

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0281094E-35BB-4F6C-BC7F-371711CBC789} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2012-02-03] (PC Tools)
    Task: {06A8BEE5-D4B4-41F5-A347-DDA77D919C3B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
    Task: {0ADB0A5D-4DC5-4AF4-919A-86EF6ACE3642} - \DTReg -> No File <==== ATTENTION
    Task: {10CA8B24-CC23-45D1-975A-EB8A592B7374} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {2340C153-4790-4462-B512-2FBEF138A2DA} - System32\Tasks\PCHB_Treasure_PCHealthBoost_RS_WeeklyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {2E8B0F9F-53D5-4ADB-9E03-E0CE30255559} - System32\Tasks\{5C373065-DF21-4AF9-9F87-550EBFE19058} => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    Task: {2F84A8D3-2FBE-42D6-854B-2554035EC350} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {3818EA77-913F-43E1-BE44-51C468269100} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {389A6973-7B0B-4CC4-9A9A-398B511B99E5} - System32\Tasks\PCHB_Treasure_PCHealthBoost_LogonTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {3987E97B-2649-431D-B902-9D1232E56D2C} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {3DE50AB9-8C13-45B4-BA5B-9B4C54D2BDF6} - System32\Tasks\RunAsStdUser Task => C:\Users\Treasure\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
    Task: {4B12E31E-417A-4EA5-B6CB-7B355DD44CE3} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
    Task: {4D1DF6B2-C6AC-4E6B-8ACB-5BDE23F618E0} - System32\Tasks\{4727C8B3-92BE-4D20-B623-8E839E44F047} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TheWeatherChannelCustomUninstall.exe"
    Task: {50EAEAEA-6076-462B-A989-EFDE2319EEC7} - System32\Tasks\{1E99E987-1BD5-480F-979C-BE0CB5EEDF50} => C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [2012-03-08] (Microsoft Corporation)
    Task: {53771F36-BB86-4C48-9435-E0D5D718378C} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-05-01] (Adobe Systems Incorporated)
    Task: {5591ECAC-32B3-40FB-98D9-511DC2B027C9} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {58F1FE9D-FA4A-4D76-B13B-629B44B02666} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {5B11D173-0CFC-4E40-ACC5-C62A1AD302CE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {5E18B0E3-9315-4AB9-9DBC-51E1E2426E9A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
    Task: {6B9F85E6-0595-42D7-8099-7C0454784748} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {6E939202-517A-4AF8-9785-10733FFF2EA3} - \GoforFilesUpdate -> No File <==== ATTENTION
    Task: {7519EF7B-163F-4CA8-A76E-F2CDF4C9F8EA} - System32\Tasks\{4DE69AF2-1D2B-488B-B7BF-CC4C71AEE3F4} => pcalua.exe -a "C:\Program Files (x86)\The Weather Channel FW\Desktop\TheWeatherChannelCustomUninstall.exe"
    Task: {789D8384-FD92-4A4F-96F4-25F3255B8492} - System32\Tasks\Symantec\Norton Error Analyzer 18.6.0.29 => C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
    Task: {7904A0AB-C18B-4462-B711-BC1162BF3D5D} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {7CB6B879-2FE1-47A1-A11F-008A5F1646A8} - System32\Tasks\{4A4D13AB-5A06-451B-B106-A6B784C7F814} => Firefox.exe Download Skype for Desktop
    Task: {7E57A683-F57E-41E3-A7E6-2F2D2E8E63AD} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
    Task: {7FF82615-7F8D-4150-833E-48A925BBD31D} - System32\Tasks\5024 => Wscript.exe C:\Users\Treasure\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {80F74E26-7982-43CE-A8B6-41F07967BFD5} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
    Task: {83353970-2D18-4434-9678-73A741AD7CC2} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {852CA635-D910-4590-91CC-3246448BE19C} - System32\Tasks\{FFD36EDB-E838-4735-9F38-6EEDCD6C35D4} => C:\Program Files (x86)\Blaze Audio\Voice Cloak Plus Trial\VoiceCloakPlus.exe [2007-11-28] (Blaze Audio)
    Task: {892A2725-43CB-4977-B6B2-C52BB2A896A1} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
    Task: {8BBA13CE-530F-40CF-B1C1-DB3307C20908} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {94A1B75E-72B2-4E2C-A014-4E3E48A179E7} - \DTChk -> No File <==== ATTENTION
    Task: {98180B1F-71F2-4C08-8C33-A0E38991081F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
    Task: {996063EF-0CB0-4412-9B8D-DFF389D18421} - System32\Tasks\Real Player online update program => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [2014-05-02] (RealNetworks, Inc.)
    Task: {9BD82F88-1EF8-4EDB-8591-0915FBAE0E0D} - System32\Tasks\PCHB_Treasure_PCHealthBoost_RS_DailyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {A0D43E12-C79C-45A0-B0D6-0EB4E5DA514C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {A5F6C84E-E2EC-4F5F-9029-441FBD6E0657} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
    Task: {AC589A27-F2E4-4B34-BD01-96BB1AF075B6} - System32\Tasks\{183E00AE-51CE-43A8-9C6B-A9BFC2B124D4} => C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe [2012-03-08] (Microsoft Corporation)
    Task: {AE34CDB9-030A-4D1F-A92C-337A076DCF7C} - System32\Tasks\Symantec\Norton Error Processor 18.6.0.29 => C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\SymErr.exe
    Task: {B6AEDA45-F58A-491A-8568-5F2215524633} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
    Task: {B7E4CA0F-46E3-4675-97E0-7EFEF88DDB9B} - System32\Tasks\PCHB_Treasure_PCHealthBoost_LG_DailyTask => C:\Program Files (x86)\PC HealthBoost\PCHealthBoost.exe
    Task: {BB1F5A0B-10D2-41A1-98AD-F31685311F6F} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)
    Task: {C68A2496-316F-4154-A477-0958ED2BBDD2} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {C9805AEC-61F5-4428-8330-C461D79D2376} - System32\Tasks\{7FC97B14-D397-41D6-8384-9EC19B473DAD} => C:\Program Files (x86)\Blaze Audio\Voice Cloak Plus Trial\VoiceCloakPlus.exe [2007-11-28] (Blaze Audio)
    Task: {CBAE9843-A9FD-49BB-B479-B7A26EAA015C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-04-07] (RealNetworks, Inc.)
    Task: {CEB33E11-AEF7-46D3-9275-FECAE95B76F3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    Task: {D52657E2-C022-4D01-970A-46DA917D2E2C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {D9C52A47-31C8-4467-AFD8-0D8429C925D7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {DC464AE1-B8D0-43C3-B843-706AA4437CBF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2628051247-848522789-837856156-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2014-04-06] (RealNetworks, Inc.)
    Task: {DF7521AD-6E3D-42C6-97D3-0E0521A13C2B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-22] (Google Inc.)
    Task: {E30F1185-5477-4ABB-A360-BC2B18A82C2E} - System32\Tasks\{465DF414-5E87-4998-8F6D-E791FB8DE07F} => C:\Program Files (x86)\Blaze Audio\Voice Cloak Plus Trial\VoiceCloakPlus.exe [2007-11-28] (Blaze Audio)
    Task: {F2C4E63A-DB79-463A-B702-B2CD71E2C611} - System32\Tasks\{F70EE51D-628C-4509-859C-716AC56F6047} => Firefox.exe Download Skype for Desktop
    Task: {F5A558C5-C39A-49C9-AB04-D1AE0AAF113E} - System32\Tasks\{9024E20B-E074-40A0-B252-B4B54D61D5C0} => pcalua.exe -a "C:\Program Files (x86)\7-Zip\Uninstall.exe"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\windows\Tasks\0915wtUpdateInfo.job => C:\ProgramData\Avg_Update_0915wt\0915wt_{72079223-C646-46E8-8FAA-CE8912BCCF22}.exe
    Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job => C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f56ba7386524.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core1d0f57b6e4bac2.job => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job => C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2010-07-19 20:48 - 2010-07-19 20:48 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
    2012-10-11 20:37 - 2012-10-11 20:37 - 00389488 _____ () C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    2012-09-12 04:34 - 2012-09-12 04:34 - 00529408 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    2013-09-11 03:40 - 2013-09-11 03:40 - 01542320 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\KCPConnector.exe
    2014-04-06 23:00 - 2014-04-06 23:00 - 00039568 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    2014-04-07 03:06 - 2014-04-07 03:06 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2015-09-22 16:49 - 2015-09-22 16:49 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-09-22 16:49 - 2015-09-22 16:49 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-09-25 16:54 - 2015-09-25 16:54 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092501\algo.dll
    2015-09-27 13:29 - 2015-09-27 13:29 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092700\algo.dll
    2011-09-27 08:23 - 2011-09-27 08:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2011-09-27 08:22 - 2011-09-27 08:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-10-11 20:32 - 2012-10-11 20:32 - 00700272 _____ () C:\Program Files (x86)\Hotspot Shield\bin\af_proxy.dll
    2011-06-03 06:23 - 2011-06-03 06:23 - 00147456 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avutil-51.dll
    2011-06-03 06:23 - 2011-06-03 06:23 - 03703808 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\avcodec-53.dll
    2011-06-03 06:23 - 2011-06-03 06:23 - 00224256 _____ () C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\swscale-0.dll
    2013-08-15 04:41 - 2013-08-15 04:41 - 00194048 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\curllib.dll
    2013-08-15 04:41 - 2013-08-15 04:41 - 00110592 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\OpenLDAP.dll
    2013-08-15 04:41 - 2013-08-15 04:41 - 00070920 _____ () C:\Program Files (x86)\Kodak\CloudPrinting\libsasl.dll
    2014-05-02 23:36 - 2014-05-02 23:36 - 00859224 _____ () c:\program files (x86)\real\realplayer\RPDS\Plugins\cldplin.dll
    2015-09-22 16:50 - 2015-09-22 16:50 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-09-22 15:33 - 2015-09-18 18:13 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libglesv2.dll
    2015-09-22 15:33 - 2015-09-18 18:13 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.99\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
    AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
    AlternateDataStreams: C:\ProgramData\TEMP:3A0561F3
    AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
    AlternateDataStreams: C:\ProgramData\TEMP:49EB69E2
    AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0
    AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
    AlternateDataStreams: C:\ProgramData\TEMP:6C74C778
    AlternateDataStreams: C:\ProgramData\TEMP:87E3D720
    AlternateDataStreams: C:\ProgramData\TEMP:89C6F032
    AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
    AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
    AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3
    AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
    AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
    AlternateDataStreams: C:\ProgramData\TEMP3331ADB
    AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2
    AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
    AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
    AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OEStandardProperty

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\bnkofamerica.com -> www.bnkofamerica.com
    IE trusted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\msn.com -> hxxps://www.msn.com
    IE trusted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\yahoo.com -> hxxp://toolbar.yahoo.com

    IE restricted site: HKU\S-1-5-21-2628051247-848522789-837856156-1001\...\iminent.com -> hxxp://search.iminent.com

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2628051247-848522789-837856156-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Treasure\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 8.8.8.8
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealPlayer Cloud Service UI.lnk => C:\windows\pss\RealPlayer Cloud Service UI.lnk.CommonStartup
    MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AVG_TRAY => C:\Program Files (x86)\AVG\AVG10\avgtray.exe
    MSCONFIG\startupreg: BitTorrent => "C:\Users\Treasure\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    MSCONFIG\startupreg: BitTorrent Sync => "C:\Program Files (x86)\BitTorrent Sync\BTSync.exe" /MINIMIZED
    MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
    MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
    MSCONFIG\startupreg: EKIJ5000StatusMonitor => C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe
    MSCONFIG\startupreg: EKStatusMonitor => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    MSCONFIG\startupreg: Facebook Update => "C:\Users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    MSCONFIG\startupreg: Google Update => "C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_5D6C64979C49241F5AC5FB0E9A7423D2 => "c:\program files (x86)\google\chrome\application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
    MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
    MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    MSCONFIG\startupreg: IgfxTray => C:\windows\system32\igfxtray.exe
    MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
    MSCONFIG\startupreg: IntelliType Pro => "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
    MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    MSCONFIG\startupreg: IntelWirelessWiMAX => "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    MSCONFIG\startupreg: KeNotify => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    MSCONFIG\startupreg: Persistence => C:\windows\system32\igfxpers.exe
    MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    MSCONFIG\startupreg: SearchProtection => "C:\Users\Treasure\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart
    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    MSCONFIG\startupreg: SiteRanker => "C:\Program Files (x86)\SiteRanker\SiteRankTray.exe"
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    MSCONFIG\startupreg: SmartFaceVWatcher => %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
    MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
    MSCONFIG\startupreg: Spotify => "C:\Users\Treasure\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
    MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Treasure\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
    MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
    MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    MSCONFIG\startupreg: Teco => "C:\Program Files\TOSHIBA\TECO\Teco.exe" /r
    MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
    MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
    MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    MSCONFIG\startupreg: TosWaitSrv => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
    MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
    MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    MSCONFIG\startupreg: TWebCamera => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{036A2F94-E1CE-41B4-9044-132582253A96}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{95958B28-0306-4B52-AEA3-8A9FE2163BE8}] => (Allow) LPort=2869
    FirewallRules: [{373DAED4-330F-4CA2-8E31-8ECD465C9653}] => (Allow) LPort=1900
    FirewallRules: [{D5F9DE79-62B6-4A4C-BC7E-CA18367B1022}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{3466E698-89BA-4D4C-91ED-39709D968696}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{A1772FDD-59D7-4C85-9428-CB8836650847}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{40D36913-AB97-4927-AAC7-055800DC3CA4}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    FirewallRules: [{3C1C06F4-5C37-410E-8698-8F2E17D5F6C3}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{20EFEC8B-616A-4FD4-AF2E-556A66B58191}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    FirewallRules: [{181D79DC-2B67-4998-B2EB-C61D76DBF6EB}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
    FirewallRules: [{057B198A-6C0B-493C-9D4B-919D60C5CED8}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{84DBD02D-4380-40EF-AFE2-3ACDDFB2B9F4}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
    FirewallRules: [{99816CF5-CF03-4CF2-80E5-5A72942A3993}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{915B4F0F-8069-4C3A-90FF-395AEE81B846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{E85EE136-D889-4030-AE07-8B3A915A6B35}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{14FEF73C-4EFF-445E-B7A6-B12F221F9E52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4A2A31D6-71E4-4111-A9FD-76CFC8C75402}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [TCP Query User{FF6C6049-5FEB-4F20-B0F6-2D6E960ED916}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [UDP Query User{2854EC5D-66EA-4DD9-8C4E-501B238569C7}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [TCP Query User{322FD440-3CD0-4EB9-A6C3-96E7DFC12B35}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
    FirewallRules: [UDP Query User{9FCA2C65-81D8-4EB0-82A2-41362332BDC4}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
    FirewallRules: [TCP Query User{BC368573-FC2C-4B4B-9742-EF928FB6EEEE}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
    FirewallRules: [UDP Query User{13607647-1B9A-4E08-8A1C-B05CE7DB7AF4}C:\program files (x86)\bearshare applications\bearshare\bearshare.exe] => (Allow) C:\program files (x86)\bearshare applications\bearshare\bearshare.exe
    FirewallRules: [TCP Query User{E806CA78-511C-4F96-A94E-B4FED98F7222}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [UDP Query User{88A205BC-58F4-4206-94D9-DAE116B649F2}C:\program files (x86)\tixati\tixati.exe] => (Allow) C:\program files (x86)\tixati\tixati.exe
    FirewallRules: [{D20FE713-A18A-48BA-8342-D800709710FD}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{96128AEB-2F86-4516-A4F9-13163620F9E1}] => (Allow) LPort=9322
    FirewallRules: [{EF9CA9F1-6710-4A0D-94AC-3759418AAC45}] => (Allow) LPort=9323
    FirewallRules: [{4A3BA433-D658-449F-B3C7-8DB5A1201283}] => (Allow) LPort=9323
    FirewallRules: [{CD0E8482-07F7-4523-83C4-78CD076FF5D2}] => (Allow) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
    FirewallRules: [{C32AB55C-4AA6-48EF-B574-854B7FDB368D}] => (Allow) C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe
    FirewallRules: [{9FEA2864-8E06-4260-B6A9-E34C3651C731}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{B9E82E00-1C68-4C95-B0C9-5D9763C464BA}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
    FirewallRules: [{B2033A8B-B9CF-43B3-AE03-AA99650B2528}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
    FirewallRules: [{AC9A73F6-47AC-4EF1-BDD8-049383DE5FDF}] => (Allow) C:\Windows\SysWOW64\msiexec.exe
    FirewallRules: [{A11CCED1-916A-4C82-980E-A0A3BA621EC6}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{F6764E45-F35F-4A61-BA67-1DA889227FC0}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{041DAB72-BEEA-4397-B0DA-B97C946C14D0}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{87C98D6B-049F-43B0-980A-0DA558C383A1}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{EE716C9A-0AB1-4A90-AA7E-3787EF537255}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{4D1D5835-A395-40C1-B3A1-1BAA0F048439}] => (Allow) C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe
    FirewallRules: [{6B33F332-1F20-4D26-ABFE-FB5E9B4350FF}] => (Allow) C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    FirewallRules: [{0715C4E7-9697-4C03-BE5A-E56066648338}] => (Allow) C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    FirewallRules: [{C9AE7F41-6F40-4BC1-AE3F-006E31954D59}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    FirewallRules: [{271AB243-6A92-4BFB-98E2-A416964472CA}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    FirewallRules: [TCP Query User{368BBC98-3910-425B-B9FD-288C6606FE92}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{DE15DD62-4AA8-40C2-AB60-72A6A42ABFC1}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [TCP Query User{95ECDC1D-B30F-4F00-9570-CF3C04A83E98}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [UDP Query User{66606AA2-D329-455E-B683-BF2FF001C03E}C:\users\treasure\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\treasure\appdata\roaming\spotify\spotify.exe
    FirewallRules: [{05F14CB5-6D8A-4826-B6B9-7AFD659C5727}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{77F41BF2-5348-4950-86A4-E89B30FA68CB}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
    FirewallRules: [{43BCD5F4-3873-4191-BA99-6D6990D3566D}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
    FirewallRules: [{CAE0E83F-F431-4D91-93D2-3A99768B5AB9}] => (Allow) C:\Users\Treasure\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{085B0FDC-0C0A-4396-9019-64896F5FD8A6}] => (Allow) C:\Users\Treasure\AppData\Roaming\BitTorrent\BitTorrent.exe
    FirewallRules: [{32800063-066F-4BC2-8A90-8CDFD4F49D22}] => (Allow) LPort=9322
    FirewallRules: [{FCC79B44-AD9A-4052-91C4-548DD91529CC}] => (Allow) LPort=5353
    FirewallRules: [{0EE95917-DA27-43AD-8863-0540B9C2EEF0}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
    FirewallRules: [{4315AF94-8308-441D-85C6-7E46ED52B5C4}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe
    FirewallRules: [{056E93C2-4EE2-46D5-866D-E295D57D13AD}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
    FirewallRules: [{85DDFADB-2AD0-459F-A6E4-7C71284A95BC}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\Kodak.Statistics.exe
    FirewallRules: [{A1CB4F83-7096-4838-A42E-C3156CDDF133}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
    FirewallRules: [{B8271A18-C41B-4250-899D-035C28246E12}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Center\NetworkPrinterDiscovery.exe
    FirewallRules: [{C862B941-A821-4794-9447-0A2B1232B599}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
    FirewallRules: [{A0802D6E-709F-4E26-8813-5E97E63873AF}] => (Allow) C:\Program Files (x86)\Kodak\AiO\Firmware\KodakAiOUpdater.exe
    FirewallRules: [{8B3B4067-875C-4BDC-868F-316C43EE853F}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
    FirewallRules: [{D3E71816-F7BD-4167-9022-481E97A92C0A}] => (Allow) C:\ProgramData\Kodak\Installer\Setup.exe
    FirewallRules: [{27F598EF-5964-4C75-983B-711751D7BA62}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{1CDF5F4B-84D8-45D2-A143-82975487FD6A}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{A227A85A-3EC1-478F-A971-2D6A0F1F6AC3}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
    FirewallRules: [{ED4AD3D4-C2D5-441A-9228-E4F4EB8A29FC}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{9B7E2890-B800-4F0B-9937-C32C8FB57CA1}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgmfapx.exe
    FirewallRules: [{4F8D4BD5-BF75-49FD-8B38-C99BE82B432D}] => (Allow) C:\Users\Treasure\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
    FirewallRules: [{3C60AB4B-BC87-4573-9A3C-661DE02897F2}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{16E73232-7B4B-4FCA-A935-65D80FF0E44E}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
    FirewallRules: [{C764DFFC-25A3-4FB2-B44F-3C82FDF7C729}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{519A0E1E-D234-4218-BBC3-FA1842F3248D}] => (Allow) C:\Program Files (x86)\AVG\AVG10\avgemca.exe
    FirewallRules: [{2F795429-46B5-4F83-8CC6-F7707B0C28B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{587D5DF1-1A62-4FA3-A45E-4BE4C607D5EB}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{7B41C135-7B7C-428A-83C6-375BE7C1BA57}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
    FirewallRules: [{14FC43C6-AB4E-417A-AA12-FC2091FAE016}] => (Allow) C:\Users\Treasure\AppData\Local\Temp\7zS40F6.tmp\SymNRT.exe
    FirewallRules: [{8F723C6F-5635-4EE1-8D9E-70DA64A44DAB}] => (Allow) C:\Users\Treasure\AppData\Local\Temp\7zS40F6.tmp\SymNRT.exe

    ==================== Faulty Device Manager Devices =============

    Name: Teredo Tunneling Pseudo-Interface
    Description: Microsoft Teredo Tunneling Adapter
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: tunnel
    Problem: : This device cannot start. (Code10)
    Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (09/27/2015 01:28:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Client application bug: DNSServiceResolve(mobile._epoccam._tcp.local.) active for over two minutes. This places considerable burden on the network.

    Error: (09/27/2015 01:26:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 15.1.168.192.in-addr.arpa. PTR Treasure-PC.local.

    Error: (09/27/2015 01:26:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.15:5353 21 15.1.168.192.in-addr.arpa. PTR Treasure-PC-2.local.

    Error: (09/27/2015 01:26:16 PM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Invalid configuration file

    Error: (09/27/2015 01:26:16 PM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Cannot Open Service Log File: C:\Program Files (x86)\Hotspot Shield\log\oas.log

    Error: (09/26/2015 01:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 19 15.1.168.192.in-addr.arpa. PTR Treasure-PC.local.

    Error: (09/26/2015 01:24:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.15:5353 21 15.1.168.192.in-addr.arpa. PTR Treasure-PC-2.local.

    Error: (09/26/2015 01:24:26 AM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Invalid configuration file

    Error: (09/26/2015 01:24:26 AM) (Source: hshld) (EventID: 10105) (User: )
    Description: hshld error: 0OPENVPNAS: Cannot Open Service Log File: C:\Program Files (x86)\Hotspot Shield\log\oas.log

    Error: (09/24/2015 07:23:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 15600


    System errors:
    =============
    Error: (09/27/2015 01:33:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Windows Update service hung on starting.

    Error: (09/27/2015 01:27:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

    Error: (09/27/2015 01:27:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

    Error: (09/27/2015 01:26:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TelevisionFanaticService service failed to start due to the following error:
    %%2

    Error: (09/27/2015 01:26:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the GS-Supporter service to connect.

    Error: (09/27/2015 01:25:25 PM) (Source: Ntfs) (EventID: 55) (User: )
    Description: The file system structure on the disk is corrupt and unusable.
    Please run the chkdsk utility on the volume C:.

    Error: (09/27/2015 01:25:25 PM) (Source: Ntfs) (EventID: 137) (User: )
    Description: The default transaction resource manager on volume TI106045W0C encountered a non-retryable error and could not start. The data contains the error code.

    Error: (09/26/2015 01:25:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Superfetch service terminated with service-specific error %%0.

    Error: (09/26/2015 01:25:19 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
    Description: The Remote Access Connection Manager service terminated with service-specific error %%-1073610704.

    Error: (09/26/2015 01:24:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The TelevisionFanaticService service failed to start due to the following error:
    %%2


    CodeIntegrity:
    ===================================
    Date: 2013-10-18 13:36:50.712
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-18 13:36:50.535
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-18 13:36:39.758
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2013-10-18 13:36:39.571
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
    Percentage of memory in use: 76%
    Total physical RAM: 3890.68 MB
    Available physical RAM: 897.96 MB
    Total Virtual: 7779.56 MB
    Available Virtual: 4734.18 MB

    ==================== Drives ================================

    Drive c: (TI106045W0C) (Fixed) (Total:582.67 GB) (Free:220.46 GB) NTFS ==>[system with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 62FD86AC)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=582.7 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=12 GB) - (Type=17)

    ==================== End of Addition.txt ============================

  5. #5
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system, and that is the course we strongly recommend.


    Let us know what you want to do ?

  6. #6
    Member
    Join Date
    Sep 2015
    Posts
    15
    Points
    0

    Default

    Please help me reformat. I don't have an installation disk for my laptop. It was preinstalled.

  7. #7
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Can't reformat without a disk, and you do not have a recovery partition.

    We can clean it up if you want.

    Please remove these programs from your programs an features list, Start > Control panel > Programs an features. In the list find the program listed below and uninstall it.

    Programs to remove,
    • Connect DLC 5 Toolbar for IE
    • Defaulttab (HKLM-x32\
    • GigaClicks Crawler
    • Plus-HD-2.2
    • SiteRanke
    • Strongvault Online Backup
    • SweetIM for Messenger 3.7
    • SweetPacks bundle uninstaller
    • Update Manager for SweetPacks


    If a program will not remove skip it and move to the next

    Next
    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    Code:
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\runonceex: [] => [X]
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess?
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => No File
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => No File
    AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => No File
    AppInit_DLLs-x32: c:\progra~2\gs-ena~1\assist~1.dll => c:\Program Files (x86)\GS-ENA~1\ASSIST~1.DLL [20 2015-01-03] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-22] (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {6FC856EE-A927-4952-967E-47B0A176C814} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKLM-x32 -> DefaultScope {6295F795-E3AA-40B1-BEDA-ED399866A41B} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=2F13A612A5DD444DA7FD207A1089C501&tb_oid=06-03-2013&tb_mrud=06-03-2013
    SearchScopes: HKLM-x32 -> {AE502EA7-347F-4129-BE99-A29D30F77A03} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    SearchScopes: HKU\.DEFAULT -> DefaultScope {AE502EA7-347F-4129-BE99-A29D30F77A03} URL =
    SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=509F0963-3363-4146-B18A-163105FAE963&apn_sauid=85343A21-EA40-4503-AB64-131DB00794DB
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> DefaultScope {406BA7AA-C1D2-4EF7-936B-B171CD6CDD24} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {6FC856EE-A927-4952-967E-47B0A176C814} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    BHO: SiteRanker -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> No File
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO-x32: No Name -> {871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
    c:\progra~2\gs-ena~1\AssistantSvc.dll
    S3 cpuz136; \??\C:\Users\Treasure\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
    2015-09-22 07:18 - 2014-08-16 15:29 - 00000000 ____D C:\Program Files (x86)\GS-ENA~1
    2015-09-22 07:18 - 2014-03-07 13:03 - 00000000 ____D C:\ProgramData\50Coupoins
    2015-09-22 07:18 - 2012-05-14 12:23 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
    2015-09-22 18:06 - 2012-02-11 10:51 - 00000000 ____D C:\Users\Treasure\AppData\Local\Conduit
    2015-09-22 07:18 - 2012-05-14 12:23 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
    2015-09-22 06:52 - 2012-06-10 13:58 - 00000000 ____D C:\ProgramData\InstallMate
    2015-09-22 06:50 - 2012-12-06 19:36 - 00000000 ____D C:\Program Files (x86)\YourFileDownloader
    ZeroAccess: C:\Users\Treasure\AppData\Local\Google\Desktop\Install
    ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    Task: {06A8BEE5-D4B4-41F5-A347-DDA77D919C3B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
    Task: {0ADB0A5D-4DC5-4AF4-919A-86EF6ACE3642} - \DTReg -> No File <==== ATTENTION
    Task: {3987E97B-2649-431D-B902-9D1232E56D2C} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {3DE50AB9-8C13-45B4-BA5B-9B4C54D2BDF6} - System32\Tasks\RunAsStdUser Task => C:\Users\Treasure\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
    Task: {5591ECAC-32B3-40FB-98D9-511DC2B027C9} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {6B9F85E6-0595-42D7-8099-7C0454784748} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {6E939202-517A-4AF8-9785-10733FFF2EA3} - \GoforFilesUpdate -> No File <==== ATTENTION
    Task: {7FF82615-7F8D-4150-833E-48A925BBD31D} - System32\Tasks\5024 => Wscript.exe C:\Users\Treasure\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {80F74E26-7982-43CE-A8B6-41F07967BFD5} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
    Task: {83353970-2D18-4434-9678-73A741AD7CC2} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {94A1B75E-72B2-4E2C-A014-4E3E48A179E7} - \DTChk -> No File <==== ATTENTION
    Task: {CEB33E11-AEF7-46D3-9275-FECAE95B76F3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
    AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
    AlternateDataStreams: C:\ProgramData\TEMP:3A0561F3
    AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
    AlternateDataStreams: C:\ProgramData\TEMP:49EB69E2
    AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0
    AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
    AlternateDataStreams: C:\ProgramData\TEMP:6C74C778
    AlternateDataStreams: C:\ProgramData\TEMP:87E3D720
    AlternateDataStreams: C:\ProgramData\TEMP:89C6F032
    AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
    AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
    AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3
    AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
    AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
    AlternateDataStreams: C:\ProgramData\TEMP3331ADB
    AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2
    AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
    AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
    AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OEStandardProperty
    FirewallRules: [{A11CCED1-916A-4C82-980E-A0A3BA621EC6}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{F6764E45-F35F-4A61-BA67-1DA889227FC0}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{C9AE7F41-6F40-4BC1-AE3F-006E31954D59}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    FirewallRules: [{271AB243-6A92-4BFB-98E2-A416964472CA}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:
    • Click Format and ensure Wordwrap is unchecked.
    • Save as Fixlist.txt to your Desktop (Must be in this location)
    • Run FRST/FRST64 and press the Fix button just once and wait.
    • If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    • The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.


    Next

    Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
    • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
      Vista/Windows 7 users right-click and select Run As Administrator.[/*]
    • If TDSSKiller does not run, try renaming it.[/*]
    • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.[/*]
    • Click the Start Scan button.[/*]
    • Do not use the computer during the scan[/*]
    • If the scan completes with nothing found, click Close to exit.[/*]
    • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.[/*]
    • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
      Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.[/*]
    • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C.[/*]
    • Copy and paste the contents of that file in your next reply.[/*]


    Post the fix log.txt
    Post the TDSSKILLER log
    Last edited by zep516; 09-28-2015 at 08:04 PM.

  8. The Following User Says Thank You to zep516 For This Useful Post:


  9. #8
    Member
    Join Date
    Sep 2015
    Posts
    15
    Points
    0

    Default

    Fix result of Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
    Ran by Treasure (2015-09-28 16:21:10) Run:1
    Running from C:\Users\Treasure\Desktop
    Loaded Profiles: Treasure (Available Profiles: Treasure)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CloseProcesses:
    CreateRestorePoint:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\runonceex: [] => [X]
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\...409d6c4515e9\InprocServer32: [Default-shell32] SHELL32.dllATTENTION! ====> ZeroAccess?
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll => No File
    AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll => No File
    AppInit_DLLs: C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL => No File
    AppInit_DLLs-x32: c:\progra~2\gs-ena~1\assist~1.dll => c:\Program Files (x86)\GS-ENA~1\ASSIST~1.DLL [20 2015-01-03] ()
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-22] (AVAST Software)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {6FC856EE-A927-4952-967E-47B0A176C814} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {6295F795-E3AA-40B1-BEDA-ED399866A41B} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {443789B7-F39C-4b5c-9287-DA72D38F4FE6} URL = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=843&q={searchTerms}&s_it=amonetizetest1-ie&s_qt=sb&tb_uuid=2F13A612A5DD444DA7FD207A1089C501&tb_oid=06-03-2013&tb_mrud=06-03-2013
    SearchScopes: HKLM-x32 -> {AE502EA7-347F-4129-BE99-A29D30F77A03} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
    SearchScopes: HKU\.DEFAULT -> DefaultScope {AE502EA7-347F-4129-BE99-A29D30F77A03} URL =
    SearchScopes: HKU\.DEFAULT -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=DIC3V5&o=13736&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=D6&apn_dtid=YYYYYYYYUS&apn_uid=509F0963-3363-4146-B18A-163105FAE963&apn_sauid=85343A21-EA40-4503-AB64-131DB00794DB
    SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> DefaultScope {406BA7AA-C1D2-4EF7-936B-B171CD6CDD24} URL = hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {6FC856EE-A927-4952-967E-47B0A176C814} URL =
    SearchScopes: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD21} URL =
    BHO: SiteRanker -> {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} -> No File
    BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -> No File
    BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
    BHO-x32: No Name -> {5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} -> No File
    BHO-x32: No Name -> {871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062} -> No File
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-2628051247-848522789-837856156-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    S2 e81a9dc1; "C:\windows\system32\rundll32.exe" "c:\progra~2\gs-ena~1\AssistantSvc.dll",service
    c:\progra~2\gs-ena~1\AssistantSvc.dll
    S3 cpuz136; \??\C:\Users\Treasure\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
    2015-09-22 07:18 - 2014-08-16 15:29 - 00000000 ____D C:\Program Files (x86)\GS-ENA~1
    2015-09-22 07:18 - 2014-03-07 13:03 - 00000000 ____D C:\ProgramData\50Coupoins
    2015-09-22 07:18 - 2012-05-14 12:23 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
    2015-09-22 18:06 - 2012-02-11 10:51 - 00000000 ____D C:\Users\Treasure\AppData\Local\Conduit
    2015-09-22 07:18 - 2012-05-14 12:23 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
    2015-09-22 06:52 - 2012-06-10 13:58 - 00000000 ____D C:\ProgramData\InstallMate
    2015-09-22 06:50 - 2012-12-06 19:36 - 00000000 ____D C:\Program Files (x86)\YourFileDownloader
    ZeroAccess: C:\Users\Treasure\AppData\Local\Google\Desktop\Install
    ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install
    ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
    Task: {06A8BEE5-D4B4-41F5-A347-DDA77D919C3B} - \BackgroundContainer Startup Task -> No File <==== ATTENTION
    Task: {0ADB0A5D-4DC5-4AF4-919A-86EF6ACE3642} - \DTReg -> No File <==== ATTENTION
    Task: {3987E97B-2649-431D-B902-9D1232E56D2C} - \AdobeFlashPlayerUpdate 2 -> No File <==== ATTENTION
    Task: {3DE50AB9-8C13-45B4-BA5B-9B4C54D2BDF6} - System32\Tasks\RunAsStdUser Task => C:\Users\Treasure\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe <==== ATTENTION
    Task: {5591ECAC-32B3-40FB-98D9-511DC2B027C9} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {6B9F85E6-0595-42D7-8099-7C0454784748} - \AdobeFlashPlayerUpdate -> No File <==== ATTENTION
    Task: {6E939202-517A-4AF8-9785-10733FFF2EA3} - \GoforFilesUpdate -> No File <==== ATTENTION
    Task: {7FF82615-7F8D-4150-833E-48A925BBD31D} - System32\Tasks\5024 => Wscript.exe C:\Users\Treasure\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {80F74E26-7982-43CE-A8B6-41F07967BFD5} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
    Task: {83353970-2D18-4434-9678-73A741AD7CC2} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe <==== ATTENTION
    Task: {94A1B75E-72B2-4E2C-A014-4E3E48A179E7} - \DTChk -> No File <==== ATTENTION
    Task: {CEB33E11-AEF7-46D3-9275-FECAE95B76F3} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
    AlternateDataStreams: C:\ProgramData\TEMP:302ECBD6
    AlternateDataStreams: C:\ProgramData\TEMP:3086B95F
    AlternateDataStreams: C:\ProgramData\TEMP:3A0561F3
    AlternateDataStreams: C:\ProgramData\TEMP:3BC173E4
    AlternateDataStreams: C:\ProgramData\TEMP:49EB69E2
    AlternateDataStreams: C:\ProgramData\TEMP:4BEE39B0
    AlternateDataStreams: C:\ProgramData\TEMP:57B374AB
    AlternateDataStreams: C:\ProgramData\TEMP:6C74C778
    AlternateDataStreams: C:\ProgramData\TEMP:87E3D720
    AlternateDataStreams: C:\ProgramData\TEMP:89C6F032
    AlternateDataStreams: C:\ProgramData\TEMP:A3E39C6A
    AlternateDataStreams: C:\ProgramData\TEMP:B65E763D
    AlternateDataStreams: C:\ProgramData\TEMP:C76EDAC3
    AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F
    AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1
    AlternateDataStreams: C:\ProgramData\TEMP3331ADB
    AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2
    AlternateDataStreams: C:\ProgramData\TEMP:E6B95E40
    AlternateDataStreams: C:\ProgramData\TEMP:E8AEB2BF
    AlternateDataStreams: C:\ProgramData\TEMP:ED92736E
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OECustomProperty
    AlternateDataStreams: C:\Users\Treasure\Documents\1FB14C80-0000013A.eml:OEStandardProperty
    FirewallRules: [{A11CCED1-916A-4C82-980E-A0A3BA621EC6}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{F6764E45-F35F-4A61-BA67-1DA889227FC0}] => (Allow) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
    FirewallRules: [{C9AE7F41-6F40-4BC1-AE3F-006E31954D59}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    FirewallRules: [{271AB243-6A92-4BFB-98E2-A416964472CA}] => (Allow) C:\Program Files (x86)\Shop to Win 28\TroubleShooter.exe
    CMD: bitsadmin /reset /allusers
    CMD: netsh winsock reset catalog
    CMD: ipconfig /flushdns
    RemoveProxy:
    hosts:
    Emptytemp:

    *****************

    Processes closed successfully.
    Restore point was successfully created.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\runonceex\\ => value removed successfully
    "HKU\S-1-5-21-2628051247-848522789-837856156-1001\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully
    "C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll" => Value data removed successfully.
    "C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll" => Value data removed successfully.
    "C:\PROGRA~2\GS-ENA~1\ASSIST~2.DLL" => Value data removed successfully.
    "c:\progra~2\gs-ena~1\assist~1.dll" => Value data removed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
    "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => key removed successfully
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AE502EA7-347F-4129-BE99-A29D30F77A03}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{AE502EA7-347F-4129-BE99-A29D30F77A03} => key not found.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}" => key removed successfully
    HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => key not found.
    "HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4b71-B0A3-3D82E62A6909}" => key removed successfully
    HKCR\CLSID\{483830EE-A4CD-4b71-B0A3-3D82E62A6909} => key not found.
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-2628051247-848522789-837856156-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6FC856EE-A927-4952-967E-47B0A176C814}" => key removed successfully
    HKCR\CLSID\{6FC856EE-A927-4952-967E-47B0A176C814} => key not found.
    "HKU\S-1-5-21-2628051247-848522789-837856156-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}" => key removed successfully
    HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21} => key not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} => key not found.
    "HKCR\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
    HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB}" => key removed successfully
    HKCR\CLSID\{5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}" => key removed successfully
    HKCR\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{5CDD1F91-2327-8AFB-76B0-0ED6E4A485FB} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{871ec07c-cdb5-42cf-9bfc-b8a7a7e0c062} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} => key not found.
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value removed successfully
    HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => key not found.
    e81a9dc1 => service removed successfully
    "c:\progra~2\gs-ena~1\AssistantSvc.dll" => File/Folder not found.
    cpuz136 => service removed successfully
    C:\Program Files (x86)\GS-ENA~1 => moved successfully
    C:\ProgramData\50Coupoins => moved successfully
    C:\Program Files (x86)\iMesh Applications => moved successfully
    C:\Users\Treasure\AppData\Local\Conduit => moved successfully
    "C:\Program Files (x86)\iMesh Applications" => File/Folder not found.
    C:\ProgramData\InstallMate => moved successfully
    C:\Program Files (x86)\YourFileDownloader => moved successfully
    ZeroAccess: C:\Users\Treasure\AppData\Local\Google\Desktop\Install => Error: No automatic fix found for this entry.
    ZeroAccess: C:\Program Files (x86)\Google\Desktop\Install => Error: No automatic fix found for this entry.
    "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started:
    "C:\Program Files\Windows Defender\en-US" =>Deleting reparse point and unlocking completed.
    "C:\Program Files\Windows Defender" =>Deleting reparse point and unlocking completed.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06A8BEE5-D4B4-41F5-A347-DDA77D919C3B}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06A8BEE5-D4B4-41F5-A347-DDA77D919C3B}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0ADB0A5D-4DC5-4AF4-919A-86EF6ACE3642}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0ADB0A5D-4DC5-4AF4-919A-86EF6ACE3642}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTReg => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{3987E97B-2649-431D-B902-9D1232E56D2C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3987E97B-2649-431D-B902-9D1232E56D2C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate 2" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DE50AB9-8C13-45B4-BA5B-9B4C54D2BDF6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DE50AB9-8C13-45B4-BA5B-9B4C54D2BDF6}" => key removed successfully
    C:\windows\System32\Tasks\RunAsStdUser Task => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5591ECAC-32B3-40FB-98D9-511DC2B027C9}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5591ECAC-32B3-40FB-98D9-511DC2B027C9}" => key removed successfully
    C:\windows\System32\Tasks\GC_Informer => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Informer" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B9F85E6-0595-42D7-8099-7C0454784748}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B9F85E6-0595-42D7-8099-7C0454784748}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AdobeFlashPlayerUpdate" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E939202-517A-4AF8-9785-10733FFF2EA3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E939202-517A-4AF8-9785-10733FFF2EA3}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FF82615-7F8D-4150-833E-48A925BBD31D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FF82615-7F8D-4150-833E-48A925BBD31D}" => key removed successfully
    C:\windows\System32\Tasks\5024 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5024" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{80F74E26-7982-43CE-A8B6-41F07967BFD5}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80F74E26-7982-43CE-A8B6-41F07967BFD5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83353970-2D18-4434-9678-73A741AD7CC2}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83353970-2D18-4434-9678-73A741AD7CC2}" => key removed successfully
    C:\windows\System32\Tasks\GC_Scheduler => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GC_Scheduler" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94A1B75E-72B2-4E2C-A014-4E3E48A179E7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94A1B75E-72B2-4E2C-A014-4E3E48A179E7}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DTChk => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEB33E11-AEF7-46D3-9275-FECAE95B76F3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEB33E11-AEF7-46D3-9275-FECAE95B76F3}" => key removed successfully
    C:\windows\System32\Tasks\0 => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\TEMP => ":302ECBD6" ADS removed successfully.
    C:\ProgramData\TEMP => ":3086B95F" ADS removed successfully.
    C:\ProgramData\TEMP => ":3A0561F3" ADS removed successfully.
    C:\ProgramData\TEMP => ":3BC173E4" ADS removed successfully.
    C:\ProgramData\TEMP => ":49EB69E2" ADS removed successfully.
    C:\ProgramData\TEMP => ":4BEE39B0" ADS removed successfully.
    C:\ProgramData\TEMP => ":57B374AB" ADS removed successfully.
    C:\ProgramData\TEMP => ":6C74C778" ADS removed successfully.
    C:\ProgramData\TEMP => ":87E3D720" ADS removed successfully.
    C:\ProgramData\TEMP => ":89C6F032" ADS removed successfully.
    C:\ProgramData\TEMP => ":A3E39C6A" ADS removed successfully.
    C:\ProgramData\TEMP => ":B65E763D" ADS removed successfully.
    C:\ProgramData\TEMP => ":C76EDAC3" ADS removed successfully.
    C:\ProgramData\TEMP => ":CF391C0F" ADS removed successfully.
    "AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1" => "AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1" ADS not found.
    "AlternateDataStreams: C:\ProgramData\TEMP3331ADB" => "AlternateDataStreams: C:\ProgramData\TEMP3331ADB" ADS not found.
    "AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2" => "AlternateDataStreams: C:\ProgramData\TEMPFC5A2B2" ADS not found.
    C:\ProgramData\TEMP => ":E6B95E40" ADS removed successfully.
    C:\ProgramData\TEMP => ":E8AEB2BF" ADS removed successfully.
    C:\ProgramData\TEMP => ":ED92736E" ADS removed successfully.
    C:\Users\Treasure\Documents\1FB14C80-0000013A.eml => ":OECustomProperty" ADS removed successfully.
    C:\Users\Treasure\Documents\1FB14C80-0000013A.eml => ":OEStandardProperty" ADS removed successfully.
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A11CCED1-916A-4C82-980E-A0A3BA621EC6} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F6764E45-F35F-4A61-BA67-1DA889227FC0} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C9AE7F41-6F40-4BC1-AE3F-006E31954D59} => value removed successfully
    HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{271AB243-6A92-4BFB-98E2-A416964472CA} => value removed successfully

    ========= bitsadmin /reset /allusers =========


    BITSADMIN version 3.0 [ 7.5.7601 ]
    BITS administration utility.
    (C) Copyright 2000-2006 Microsoft Corp.

    BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
    Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

    Unable to cancel {62DEFCCA-570F-4547-BB35-04F1FD679A66}.
    {E150D70D-5DAF-4722-AE7C-7B80B3FD14EC} canceled.
    {7C29F894-C1B9-4E9A-8E80-003939B084EE} canceled.
    {49BD3AF1-6CF1-4155-86A7-451BD1742760} canceled.
    {0F017E3B-A83A-4B92-B888-EB1EDE38FB4C} canceled.
    {ACE5E67F-1CAA-44D5-89D8-F6036CF14841} canceled.
    {BCD40D34-B89B-4FDE-89CE-56E41480315D} canceled.
    6 out of 7 jobs canceled.

    ========= End of CMD: =========


    ========= netsh winsock reset catalog =========


    Sucessfully reset the Winsock Catalog.
    You must restart the computer in order to complete the reset.


    ========= End of CMD: =========


    ========= ipconfig /flushdns =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= RemoveProxy: =========

    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
    HKU\S-1-5-21-2628051247-848522789-837856156-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


    ========= End of RemoveProxy: =========

    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.
    EmptyTemp: => 3.4 GB temporary data Removed.


    The system needed a reboot..

    ==== End of Fixlog 16:32:04 ====

    16:54:15.0992 0x1954 TDSS rootkit removing tool 3.1.0.5 Jul 24 2015 12:29:57
    16:54:49.0066 0x1954 ============================================================
    16:54:49.0066 0x1954 Current date / time: 2015/09/28 16:54:49.0066
    16:54:49.0066 0x1954 SystemInfo:
    16:54:49.0066 0x1954
    16:54:49.0066 0x1954 OS Version: 6.1.7601 ServicePack: 1.0
    16:54:49.0066 0x1954 Product type: Workstation
    16:54:49.0066 0x1954 ComputerName: TREASURE-PC
    16:54:49.0066 0x1954 UserName: Treasure
    16:54:49.0066 0x1954 Windows directory: C:\windows
    16:54:49.0066 0x1954 System windows directory: C:\windows
    16:54:49.0066 0x1954 Running under WOW64
    16:54:49.0066 0x1954 Processor architecture: Intel x64
    16:54:49.0066 0x1954 Number of processors: 4
    16:54:49.0066 0x1954 Page size: 0x1000
    16:54:49.0066 0x1954 Boot type: Normal boot
    16:54:49.0066 0x1954 ============================================================
    16:54:58.0520 0x1954 KLMD registered as C:\windows\system32\drivers\97795077.sys
    16:55:01.0031 0x1954 System UUID: {4D06D403-2492-34F0-AF85-E4A38B8FA00B}
    16:55:05.0541 0x1954 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:55:06.0289 0x1954 ============================================================
    16:55:06.0289 0x1954 \Device\Harddisk0\DR0:
    16:55:06.0352 0x1954 MBR partitions:
    16:55:06.0352 0x1954 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48D59800
    16:55:06.0352 0x1954 ============================================================
    16:55:06.0648 0x1954 C: <-> \Device\Harddisk0\DR0\Partition1
    16:55:07.0350 0x1954 ============================================================
    16:55:07.0350 0x1954 Initialize success
    16:55:07.0350 0x1954 ============================================================
    16:55:20.0723 0x1b28 ============================================================
    16:55:20.0723 0x1b28 Scan started
    16:55:20.0723 0x1b28 Mode: Manual;
    16:55:20.0723 0x1b28 ============================================================
    16:55:20.0723 0x1b28 KSN ping started
    16:55:25.0980 0x1b28 KSN ping finished: true
    16:55:32.0376 0x1b28 ================ Scan system memory ========================
    16:55:32.0376 0x1b28 System memory - ok
    16:55:32.0376 0x1b28 ================ Scan services =============================
    16:55:32.0937 0x1b28 [ 970C70F6B2953ED43822D3797855D84C, CB22723678B514277BC6E6DDDD206F3B2377CD889C9D473A47A7056BE597BC6B ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    16:55:33.0015 0x1b28 !SASCORE - ok
    16:55:40.0503 0x1b28 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    16:55:40.0581 0x1b28 1394ohci - ok
    16:55:41.0533 0x1b28 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    16:55:41.0627 0x1b28 ACDaemon - ok
    16:55:42.0001 0x1b28 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
    16:55:42.0063 0x1b28 ACPI - ok
    16:55:42.0266 0x1b28 [ 12C5274CD87449A2A37A607CDB321922, 50FA524E66A8FA04037DC954D3AB5383C633898F111A3B7488630B649B897370 ] acpials C:\windows\system32\DRIVERS\acpials.sys
    16:55:42.0438 0x1b28 acpials - ok
    16:55:42.0609 0x1b28 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    16:55:42.0656 0x1b28 AcpiPmi - ok
    16:55:43.0187 0x1b28 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:55:43.0249 0x1b28 AdobeARMservice - ok
    16:55:47.0882 0x1b28 [ C6D147C12C424373B016C0AB0A6C61EB, 043D44F3C942CFC3558E782938C26849BF648A58A7AA62C4A526E37DE4136C27 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:55:47.0945 0x1b28 AdobeFlashPlayerUpdateSvc - ok
    16:55:48.0225 0x1b28 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    16:55:48.0413 0x1b28 adp94xx - ok
    16:55:48.0600 0x1b28 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    16:55:48.0678 0x1b28 adpahci - ok
    16:55:48.0787 0x1b28 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    16:55:48.0959 0x1b28 adpu320 - ok
    16:55:49.0099 0x1b28 [ 83BFCCAC53795E8A5055A93672D0C46C, B2B03473D950A5BA9DE59D81E7B14C1FAFF17B2A4D8A5808588F5CC21D63B291 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    16:55:49.0317 0x1b28 AeLookupSvc - ok
    16:55:49.0551 0x1b28 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\windows\system32\drivers\afd.sys
    16:55:49.0676 0x1b28 AFD - ok
    16:55:49.0848 0x1b28 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
    16:55:49.0926 0x1b28 agp440 - ok
    16:55:50.0035 0x1b28 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
    16:55:50.0082 0x1b28 ALG - ok
    16:55:50.0191 0x1b28 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
    16:55:50.0300 0x1b28 aliide - ok
    16:55:50.0347 0x1b28 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
    16:55:50.0456 0x1b28 amdide - ok
    16:55:50.0643 0x1b28 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    16:55:50.0706 0x1b28 AmdK8 - ok
    16:55:50.0831 0x1b28 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    16:55:50.0909 0x1b28 AmdPPM - ok
    16:55:51.0033 0x1b28 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
    16:55:51.0314 0x1b28 amdsata - ok
    16:55:51.0579 0x1b28 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    16:55:51.0626 0x1b28 amdsbs - ok
    16:55:51.0751 0x1b28 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
    16:55:51.0860 0x1b28 amdxata - ok
    16:55:52.0110 0x1b28 [ FAD35699987BAA96E22E13B24FF44769, 2320DA30E04BCE7E39570AF56BD1E7846D5A9E1043B1DBF3DA962C4AC9D822CE ] androidusb C:\windows\system32\Drivers\androidusb.sys
    16:55:52.0203 0x1b28 androidusb - ok
    16:55:52.0531 0x1b28 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\windows\system32\drivers\appid.sys
    16:55:52.0781 0x1b28 AppID - ok
    16:55:52.0921 0x1b28 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\windows\System32\appidsvc.dll
    16:55:53.0061 0x1b28 AppIDSvc - ok
    16:55:53.0311 0x1b28 [ 978DC0A1FBE9CC91B21B40AF66CB396A, 90BAFF81D98F5AFD743D8BD65F716666A7A7BD2DA612492E03C79B29E9A0F8C2 ] Appinfo C:\windows\System32\appinfo.dll
    16:55:53.0342 0x1b28 Appinfo - ok
    16:55:54.0278 0x1b28 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:55:54.0403 0x1b28 Apple Mobile Device - ok
    16:55:54.0777 0x1b28 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
    16:55:54.0933 0x1b28 arc - ok
    16:55:55.0027 0x1b28 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    16:55:55.0277 0x1b28 arcsas - ok
    16:55:58.0022 0x1b28 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:55:58.0615 0x1b28 aspnet_state - ok
    16:55:58.0880 0x1b28 [ 30E7D7B63BE378C6DCD31434E1C5EBEB, 6F38FBD6B45506E57D4EC6C84C83F0829F280167E14B65643F583B41AA23C18B ] aswHwid C:\windows\system32\drivers\aswHwid.sys
    16:55:58.0989 0x1b28 aswHwid - ok
    16:55:59.0442 0x1b28 [ 6C3B7781075271AD9DFBD77BC7FBB9F7, AC53FD0EE1D7695219225440D3922EEF0B953F45F0ED3034CF5F1630A6B40607 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
    16:55:59.0520 0x1b28 aswMonFlt - ok
    16:55:59.0894 0x1b28 [ 3C04B80B49697EB7DFE5FA43620F8728, 4BC11901898348318BA807938BEA888BC54FE80ADA17C209C728F14EA4E91F21 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
    16:56:00.0050 0x1b28 aswRdr - ok
    16:56:00.0206 0x1b28 [ AA8CB23B3B4A4B16F49CB54CA04FE0D9, A94D214B43EDAEC52656EA36C2A830E76C40B90E8F4BABEF4F16BA679A429586 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
    16:56:00.0362 0x1b28 aswRvrt - ok
    16:56:01.0283 0x1b28 [ E40965585B901AA60AF26279E09959E0, F3EACB4F1E78903D648DE75CC01642BFACA76C0605A6831EC24201292891B5DE ] aswSnx C:\windows\system32\drivers\aswSnx.sys
    16:56:01.0407 0x1b28 aswSnx - ok
    16:56:01.0891 0x1b28 [ B54E400C1B044D6D7D9EF95BA865741E, C929B53F53EFD15D3EE64FED23686A01F77E8F7BC74623D02D10D4CFEC3D6BF2 ] aswSP C:\windows\system32\drivers\aswSP.sys
    16:56:01.0953 0x1b28 aswSP - ok
    16:56:02.0156 0x1b28 [ 0652346DF90731A87E4C7C9A9C45A8E0, 38B8A760B532254A8CB2FD6B922269A1B96BB5E5F243D130B4BBD09ED50DEDB8 ] aswStm C:\windows\system32\drivers\aswStm.sys
    16:56:02.0297 0x1b28 aswStm - ok
    16:56:02.0546 0x1b28 [ 54230972D23E6E4D034D7CB577DC784C, 7F51E81CBAFB143982AF2C68675CF0D46DD17A9A17A8805EBF628FAE84DFF8A9 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
    16:56:02.0609 0x1b28 aswVmm - ok
    16:56:02.0780 0x1b28 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    16:56:02.0843 0x1b28 AsyncMac - ok
    16:56:02.0952 0x1b28 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
    16:56:02.0952 0x1b28 atapi - ok
    16:56:03.0295 0x1b28 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    16:56:03.0420 0x1b28 AudioEndpointBuilder - ok
    16:56:03.0591 0x1b28 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\windows\System32\Audiosrv.dll
    16:56:03.0591 0x1b28 AudioSrv - ok
    16:56:04.0262 0x1b28 [ 11120878E5276B367E1A10FF8C9B595B, 7C02EEF3733307C31BAC4DA9975EC017AC40D0893D88228C30FFAA536DAA73FB ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    16:56:04.0278 0x1b28 avast! Antivirus - ok
    16:56:05.0042 0x1b28 [ CF5F47B708C539A40EBBDD7E4675FADA, F324726EB8E5B5A3DB74DC7E78B7141999E2677F1B607D6DEF809C1DA92D4A68 ] AvastVBoxSvc C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
    16:56:05.0167 0x1b28 AvastVBoxSvc - ok
    16:56:05.0261 0x1b28 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
    16:56:05.0261 0x1b28 AxInstSV - ok
    16:56:05.0323 0x1b28 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    16:56:05.0339 0x1b28 b06bdrv - ok
    16:56:05.0385 0x1b28 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    16:56:05.0401 0x1b28 b57nd60a - ok
    16:56:05.0463 0x1b28 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
    16:56:05.0479 0x1b28 BDESVC - ok
    16:56:05.0495 0x1b28 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
    16:56:05.0510 0x1b28 Beep - ok
    16:56:05.0807 0x1b28 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
    16:56:05.0822 0x1b28 BFE - ok
    16:56:06.0041 0x1b28 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
    16:56:06.0618 0x1b28 BITS - ok
    16:56:06.0649 0x1b28 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    16:56:06.0649 0x1b28 blbdrive - ok
    16:56:06.0992 0x1b28 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:56:07.0008 0x1b28 Bonjour Service - ok
    16:56:07.0070 0x1b28 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    16:56:07.0086 0x1b28 bowser - ok
    16:56:07.0117 0x1b28 [ F46DD257FAD7D2D097EF32E72220A06C, 073232E10CE9654D39360B3031BDEACA15FFAD879DAE41B866762AA207050B59 ] bpenum C:\windows\system32\DRIVERS\bpenum.sys
    16:56:07.0133 0x1b28 bpenum - ok
    16:56:07.0164 0x1b28 [ E82060AED0F28ED8909F2B07FA276185, E2F76FFDEC62ABFD8708E0936CD6AB301F5AE1C2058CA14C592A65055F5289F5 ] bpmp C:\windows\system32\DRIVERS\bpmp.sys
    16:56:07.0179 0x1b28 bpmp - ok
    16:56:07.0226 0x1b28 [ FC6313A5A45C1AE53D0491F0057D5A4D, C1663B37F9D17BD54B89B345BDDA411FC45C255A6BA5BFCE7463A551FD1FBE41 ] bpusb C:\windows\system32\Drivers\bpusb.sys
    16:56:07.0226 0x1b28 bpusb - ok
    16:56:07.0273 0x1b28 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    16:56:07.0304 0x1b28 BrFiltLo - ok
    16:56:07.0335 0x1b28 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    16:56:07.0335 0x1b28 BrFiltUp - ok
    16:56:07.0382 0x1b28 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
    16:56:07.0382 0x1b28 Browser - ok
    16:56:07.0413 0x1b28 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
    16:56:07.0429 0x1b28 Brserid - ok
    16:56:07.0460 0x1b28 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    16:56:07.0460 0x1b28 BrSerWdm - ok
    16:56:07.0476 0x1b28 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    16:56:07.0476 0x1b28 BrUsbMdm - ok
    16:56:07.0507 0x1b28 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    16:56:07.0507 0x1b28 BrUsbSer - ok
    16:56:07.0772 0x1b28 [ 61B335353CA68295F6CF0471E2F33E12, 12716ED923EEF7D48FF488AAC2620FB620DB6517D6F6E4F1D09ECD64CCBC2612 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
    16:56:07.0788 0x1b28 BstHdAndroidSvc - ok
    16:56:07.0850 0x1b28 [ CA89DF45447E77419DD26E40E8F6185C, 3038CCA852E7DD812CECD11D5D1D489D86874F535170E5CB4656D16E9235C153 ] BstHdDrv C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
    16:56:07.0866 0x1b28 BstHdDrv - ok
    16:56:07.0944 0x1b28 [ A4C49FB1C20742D262858D0534525366, D210BD2F158A038EF47396F5068BE8E4B8F987B34B718EB46CA5E3BF0A6DF587 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    16:56:07.0959 0x1b28 BstHdLogRotatorSvc - ok
    16:56:07.0991 0x1b28 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    16:56:07.0991 0x1b28 BTHMODEM - ok
    16:56:08.0037 0x1b28 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
    16:56:08.0037 0x1b28 bthserv - ok
    16:56:08.0583 0x1b28 [ FECA9F830A5C6BAB9978E6781A26AE2B, CA1681A2F4FA849815B8E823805E078DB9C050CEE86E9E394B2A37B57CC474A6 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    16:56:08.0646 0x1b28 c2cautoupdatesvc - ok
    16:56:09.0036 0x1b28 [ 5B33709F7FE59BB625F113EED86AFC5C, 8D29FE242D55526FDEB2CB4009B5DE19C93972E872BE6328AD3305E360A3D44B ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    16:56:09.0083 0x1b28 c2cpnrsvc - ok
    16:56:09.0114 0x1b28 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    16:56:09.0145 0x1b28 cdfs - ok
    16:56:09.0223 0x1b28 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    16:56:09.0239 0x1b28 cdrom - ok
    16:56:09.0301 0x1b28 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
    16:56:09.0317 0x1b28 CertPropSvc - ok
    16:56:09.0660 0x1b28 [ 1EDBC1DBDEAAB7B185B4491BF6129701, A033B6F0BC976FB3B5DA41CA315C9649EE19874CD5544639DB49F78FEB3C799B ] CGVPNCliSrvc C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
    16:56:09.0738 0x1b28 CGVPNCliSrvc - ok
    16:56:09.0785 0x1b28 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
    16:56:09.0785 0x1b28 circlass - ok
    16:56:09.0878 0x1b28 [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS C:\windows\system32\CLFS.sys
    16:56:09.0894 0x1b28 CLFS - ok
    16:56:10.0019 0x1b28 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:56:10.0050 0x1b28 clr_optimization_v2.0.50727_32 - ok
    16:56:10.0097 0x1b28 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:56:10.0112 0x1b28 clr_optimization_v2.0.50727_64 - ok
    16:56:10.0175 0x1b28 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:56:10.0440 0x1b28 clr_optimization_v4.0.30319_32 - ok
    16:56:10.0502 0x1b28 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:56:10.0627 0x1b28 clr_optimization_v4.0.30319_64 - ok
    16:56:10.0658 0x1b28 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    16:56:10.0658 0x1b28 CmBatt - ok
    16:56:10.0705 0x1b28 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
    16:56:10.0705 0x1b28 cmdide - ok
    16:56:10.0986 0x1b28 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\windows\system32\Drivers\cng.sys
    16:56:10.0986 0x1b28 CNG - ok
    16:56:11.0017 0x1b28 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    16:56:11.0033 0x1b28 Compbatt - ok
    16:56:11.0095 0x1b28 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    16:56:11.0111 0x1b28 CompositeBus - ok
    16:56:11.0126 0x1b28 COMSysApp - ok
    16:56:11.0157 0x1b28 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    16:56:11.0173 0x1b28 crcdisk - ok
    16:56:11.0251 0x1b28 [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc C:\windows\system32\cryptsvc.dll
    16:56:11.0251 0x1b28 CryptSvc - ok
    16:56:11.0407 0x1b28 [ B4D1D62A09F09CB2DFD55628350CDAFB, 7DD3CE77D88B5AFAC4B6187F4CA6D50B7BD3398207163B2A1E4C76467801FF28 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    16:56:11.0423 0x1b28 cvhsvc - ok
    16:56:11.0501 0x1b28 [ E6CE7188CC47AE5DAFDAF552D370C52F, D68E48F137BF8C6CD0BE4248F9F9D7C68F273C34304641756A76364E915BF428 ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
    16:56:11.0516 0x1b28 dc3d - ok
    16:56:11.0594 0x1b28 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
    16:56:11.0641 0x1b28 DcomLaunch - ok
    16:56:11.0657 0x1b28 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
    16:56:11.0672 0x1b28 defragsvc - ok
    16:56:11.0719 0x1b28 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
    16:56:11.0735 0x1b28 DfsC - ok
    16:56:11.0797 0x1b28 [ 388039F99CE8769024EE0438352ACA99, B61D14884E6129B2D12F4C67CCB7B546A6FE0A2EE9EAB11FD6D168B2EFDE30B0 ] dg_ssudbus C:\windows\system32\DRIVERS\ssudbus.sys
    16:56:11.0859 0x1b28 dg_ssudbus - ok
    16:56:11.0922 0x1b28 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
    16:56:11.0922 0x1b28 Dhcp - ok
    16:56:12.0062 0x1b28 [ AA5319FA8602676B5D3A2B4A1355896D, 57532E16FF0DDE3D62B6B6DC35E2598DD453140E9277247965A1E835645E588A ] DiagTrack C:\windows\system32\diagtrack.dll
    16:56:12.0093 0x1b28 DiagTrack - ok
    16:56:12.0125 0x1b28 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
    16:56:12.0171 0x1b28 discache - ok
    16:56:12.0296 0x1b28 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
    16:56:12.0312 0x1b28 Disk - ok
    16:56:12.0437 0x1b28 [ 61458C120CDDFE7514E2DB125568CA59, EFC2F2364520C0AF8E74D28702231FB5824B42494550B4A3BD408AE32DE2898D ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    16:56:12.0437 0x1b28 DMAgent - ok
    16:56:12.0483 0x1b28 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
    16:56:12.0483 0x1b28 Dnscache - ok
    16:56:12.0577 0x1b28 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
    16:56:12.0593 0x1b28 dot3svc - ok
    16:56:12.0639 0x1b28 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
    16:56:12.0655 0x1b28 DPS - ok
    16:56:12.0717 0x1b28 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    16:56:12.0717 0x1b28 drmkaud - ok
    16:56:12.0998 0x1b28 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    16:56:13.0029 0x1b28 DXGKrnl - ok
    16:56:13.0061 0x1b28 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
    16:56:13.0076 0x1b28 EapHost - ok
    16:56:13.0685 0x1b28 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    16:56:13.0825 0x1b28 ebdrv - ok
    16:56:13.0872 0x1b28 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] EFS C:\windows\System32\lsass.exe
    16:56:13.0903 0x1b28 EFS - ok
    16:56:13.0997 0x1b28 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    16:56:14.0012 0x1b28 ehRecvr - ok
    16:56:14.0059 0x1b28 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
    16:56:14.0059 0x1b28 ehSched - ok
    16:56:14.0137 0x1b28 [ 4778EEECB75C6FB419745BEED3530B9D, 8683639FF5CC4DB9955C61C28922637D10BB9CDAA20AD260292F8E90DE198205 ] ElRawDisk C:\windows\system32\drivers\rsdrvx64.sys
    16:56:14.0153 0x1b28 ElRawDisk - ok
    16:56:14.0246 0x1b28 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    16:56:14.0262 0x1b28 elxstor - ok
    16:56:14.0293 0x1b28 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
    16:56:14.0293 0x1b28 ErrDev - ok
    16:56:14.0418 0x1b28 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
    16:56:14.0433 0x1b28 EventSystem - ok
    16:56:14.0605 0x1b28 [ BDFCB7E8C108D042B213957D2B044E7E, 2840637123E40ACEB6F78A618C7C230B62388C36C49D5AD9BE795A1063FA5845 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    16:56:14.0636 0x1b28 EvtEng - ok
    16:56:14.0667 0x1b28 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
    16:56:14.0667 0x1b28 exfat - ok
    16:56:14.0683 0x1b28 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
    16:56:14.0699 0x1b28 fastfat - ok
    16:56:14.0777 0x1b28 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
    16:56:14.0808 0x1b28 Fax - ok
    16:56:14.0839 0x1b28 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
    16:56:14.0870 0x1b28 fdc - ok
    16:56:14.0901 0x1b28 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
    16:56:14.0901 0x1b28 fdPHost - ok
    16:56:14.0917 0x1b28 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
    16:56:14.0917 0x1b28 FDResPub - ok
    16:56:14.0933 0x1b28 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    16:56:14.0948 0x1b28 FileInfo - ok
    16:56:14.0964 0x1b28 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    16:56:14.0964 0x1b28 Filetrace - ok
    16:56:14.0979 0x1b28 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    16:56:14.0979 0x1b28 flpydisk - ok
    16:56:15.0011 0x1b28 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    16:56:15.0026 0x1b28 FltMgr - ok
    16:56:15.0245 0x1b28 [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache C:\windows\system32\FntCache.dll
    16:56:15.0276 0x1b28 FontCache - ok
    16:56:15.0369 0x1b28 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:56:15.0401 0x1b28 FontCache3.0.0.0 - ok
    16:56:15.0432 0x1b28 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    16:56:15.0447 0x1b28 FsDepends - ok
    16:56:15.0510 0x1b28 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    16:56:15.0525 0x1b28 Fs_Rec - ok
    16:56:15.0572 0x1b28 [ 340BA7CABB1F314E3650A7EF59F0A371, B3B11FCC0C8AFD668CA6ED180B632C3983BD66026DAAEC150A23C83C9A0A6DCE ] FTDIBUS C:\windows\system32\drivers\ftdibus.sys
    16:56:15.0572 0x1b28 FTDIBUS - ok
    16:56:15.0619 0x1b28 [ A19D6F0356DBABB94293894B84C27D27, 93B4E3314302F6F1524E776EF0FBF29221D10B642E3BA649D6E68FFAB2B7B16B ] FTSER2K C:\windows\system32\drivers\ftser2k.sys
    16:56:15.0619 0x1b28 FTSER2K - ok
    16:56:15.0681 0x1b28 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    16:56:15.0681 0x1b28 fvevol - ok
    16:56:15.0713 0x1b28 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    16:56:15.0713 0x1b28 gagp30kx - ok
    16:56:15.0791 0x1b28 [ 1FDA0DF739234C4023851A282DD28704, 993187336366C53B125A989DD264506B000AA65789C1B6907DF85CFC64E894C7 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    16:56:15.0822 0x1b28 GameConsoleService - ok
    16:56:15.0884 0x1b28 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    16:56:15.0884 0x1b28 GEARAspiWDM - ok
    16:56:16.0134 0x1b28 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
    16:56:16.0165 0x1b28 gpsvc - ok
    16:56:16.0274 0x1b28 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:56:16.0274 0x1b28 gupdate - ok
    16:56:16.0290 0x1b28 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:56:16.0290 0x1b28 gupdatem - ok
    16:56:16.0477 0x1b28 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    16:56:16.0508 0x1b28 gusvc - ok
    16:56:16.0539 0x1b28 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    16:56:16.0555 0x1b28 hcw85cir - ok
    16:56:16.0711 0x1b28 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    16:56:16.0742 0x1b28 HdAudAddService - ok
    16:56:16.0805 0x1b28 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    16:56:16.0836 0x1b28 HDAudBus - ok
    16:56:16.0929 0x1b28 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    16:56:16.0945 0x1b28 HECIx64 - ok
    16:56:16.0992 0x1b28 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    16:56:17.0023 0x1b28 HidBatt - ok
    16:56:17.0039 0x1b28 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    16:56:17.0054 0x1b28 HidBth - ok
    16:56:17.0085 0x1b28 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    16:56:17.0085 0x1b28 HidIr - ok
    16:56:17.0117 0x1b28 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
    16:56:17.0117 0x1b28 hidserv - ok
    16:56:17.0195 0x1b28 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys
    16:56:17.0210 0x1b28 HidUsb - ok
    16:56:17.0257 0x1b28 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
    16:56:17.0288 0x1b28 hkmsvc - ok
    16:56:17.0351 0x1b28 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
    16:56:17.0366 0x1b28 HomeGroupListener - ok
    16:56:17.0429 0x1b28 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    16:56:17.0444 0x1b28 HomeGroupProvider - ok
    16:56:17.0507 0x1b28 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    16:56:17.0507 0x1b28 HpSAMD - ok
    16:56:17.0850 0x1b28 [ 917AD8239B7FFE908FF8F715A534D273, 11DBC6D45B02F28EE402825499D3F76C8EF6AE456DC12FC61C96417F78EB1450 ] hshld C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
    16:56:17.0865 0x1b28 hshld - ok
    16:56:17.0990 0x1b28 [ BBC89DA4065BDCE34257BE95B2F636EE, 75614CC1C92BD61ED3AEC6432D3F863CA816EE10132DF3ED5508D19506231F64 ] HssDRV6 C:\windows\system32\DRIVERS\hssdrv6.sys
    16:56:18.0006 0x1b28 HssDRV6 - ok
    16:56:18.0084 0x1b28 [ BB4B1326F64C3E1C1102258DC453851E, BCC76665ABCC546BC3FB02D16A4C7E7143065D2595C358A51EA2ECF3F8A41DCE ] HssWd C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
    16:56:18.0099 0x1b28 HssWd - ok
    16:56:18.0411 0x1b28 [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP C:\windows\system32\drivers\HTTP.sys
    16:56:18.0443 0x1b28 HTTP - ok
    16:56:18.0458 0x1b28 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    16:56:18.0474 0x1b28 hwpolicy - ok
    16:56:18.0536 0x1b28 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    16:56:18.0536 0x1b28 i8042prt - ok
    16:56:18.0692 0x1b28 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    16:56:18.0723 0x1b28 iaStorV - ok
    16:56:18.0879 0x1b28 [ DAF66902F08796F9C694901660E5A64A, F4A4764DED05980426BAB54AAF040BC27A39C80315F5161E8D0B4C7F694BD8E6 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    16:56:19.0020 0x1b28 IDriverT - ok
    16:56:19.0098 0x1b28 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:56:19.0113 0x1b28 idsvc - ok
    16:56:19.0160 0x1b28 IEEtwCollectorService - ok
    16:56:21.0251 0x1b28 [ C458A0B66D11CBABD113EAC828276A8C, FF31B49BAF36358A16FA5478036C6431DE877BA30D6F6DF85FD0A2FA6E6CB0E1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    16:56:21.0656 0x1b28 igfx - ok
    16:56:21.0765 0x1b28 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    16:56:21.0781 0x1b28 iirsp - ok
    16:56:21.0921 0x1b28 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
    16:56:21.0953 0x1b28 IKEEXT - ok
    16:56:21.0999 0x1b28 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
    16:56:22.0046 0x1b28 Impcd - ok
    16:56:22.0343 0x1b28 [ 490947A9AFF7CA31EF2E08F5776105EB, C817D60DBA6B276AD4EF2E0FDF5547F152294AFEF6264C28B8F4DC20B3A85515 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
    16:56:22.0405 0x1b28 IntcAzAudAddService - ok
    16:56:22.0967 0x1b28 [ AE594CC17C33AC146739494615E14851, 0E4FA415C1B4065083D761A458450FAE9C6A6EE6E49B3A598B43871D6F01B3EC ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
    16:56:23.0013 0x1b28 IntcDAud - ok
    16:56:23.0060 0x1b28 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
    16:56:23.0060 0x1b28 intelide - ok
    16:56:23.0107 0x1b28 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    16:56:23.0107 0x1b28 intelppm - ok
    16:56:23.0169 0x1b28 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
    16:56:23.0185 0x1b28 IPBusEnum - ok
    16:56:23.0216 0x1b28 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    16:56:23.0232 0x1b28 IpFilterDriver - ok
    16:56:23.0435 0x1b28 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    16:56:23.0466 0x1b28 iphlpsvc - ok
    16:56:23.0497 0x1b28 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    16:56:23.0513 0x1b28 IPMIDRV - ok
    16:56:23.0544 0x1b28 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
    16:56:23.0544 0x1b28 IPNAT - ok
    16:56:23.0871 0x1b28 [ 6660920D05A32DF2DC1260CEF0B6D172, 2C4361B59CD9F41519FDF14EC69F2E37E1B0635ACA476E4BEF2152C925E35F9F ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:56:23.0949 0x1b28 iPod Service - ok
    16:56:23.0996 0x1b28 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
    16:56:24.0012 0x1b28 IRENUM - ok
    16:56:24.0043 0x1b28 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
    16:56:24.0059 0x1b28 isapnp - ok
    16:56:24.0137 0x1b28 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    16:56:24.0183 0x1b28 iScsiPrt - ok
    16:56:24.0230 0x1b28 [ 19496FE93696C929392F1595ED1F8BB3, 374503566D19D69CAB93BC60F6A9E1D9E177DD98FFEBD450AC1C01F8705818C6 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
    16:56:24.0246 0x1b28 JMCR - ok
    16:56:24.0308 0x1b28 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    16:56:24.0324 0x1b28 kbdclass - ok
    16:56:24.0355 0x1b28 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
    16:56:24.0371 0x1b28 kbdhid - ok
    16:56:24.0402 0x1b28 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] KeyIso C:\windows\system32\lsass.exe
    16:56:24.0402 0x1b28 KeyIso - ok
    16:56:24.0792 0x1b28 [ EDF96FDBA037497E5D4B8A7BA8A1A4B8, 3409E240274A87169113DD33CF83C0AE0407BEBF493F3E2A265D0670C11DC424 ] KinoniSvc C:\Program Files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe
    16:56:24.0823 0x1b28 KinoniSvc - ok
    16:56:25.0057 0x1b28 [ 85103196D89B1C12F1C1F420F03A7ED0, BF8866408327C632CF1A3C828DF1D9C4AF0E4CFAA57F5C0993E0CA00333CF5D3 ] kinonivd C:\windows\system32\DRIVERS\kinonivd.sys
    16:56:25.0119 0x1b28 kinonivd - ok
    16:56:25.0213 0x1b28 [ 78A59237AF7729733D828E51A76236A9, 577136D548152F250D5C4348BB6B96CFCF31FF755DBA01348FCDD5D9164F2FAC ] KINONI_Wave C:\windows\system32\drivers\kinonivad.sys
    16:56:25.0229 0x1b28 KINONI_Wave - ok
    16:56:25.0541 0x1b28 [ 140692763A50BFFF322CDC076300587E, 4B6D9AE479EDDB429C1DE36406517FA65C2B3927B20792B3A27CEE05A6B7A3AB ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    16:56:25.0572 0x1b28 Kodak AiO Network Discovery Service - ok
    16:56:25.0790 0x1b28 [ E29F999616D7C08B0E91296908C47CAF, 285594B526A15911238B89E5FCBCFFA48A6C69CCC481918D2C474C6BB12869E6 ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
    16:56:25.0837 0x1b28 Kodak AiO Status Monitor Service - ok
    16:56:25.0899 0x1b28 Kodak Cloud Software Connector - ok
    16:56:25.0962 0x1b28 [ C0A6C3D6E02B61B5D100FE17306C276F, F57C7BCC39B30F1DF739D07B76BA18EB68D12D8D1BD13B6AC8DC712C29119495 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    16:56:26.0009 0x1b28 KSecDD - ok
    16:56:26.0040 0x1b28 [ 7A7328E427694CC7244235C3BC299F80, 7FC2E1F3F93B3334C3A8961CA58B4F38524650F6D8DA9FFA1FB43E1A2B86B710 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    16:56:26.0040 0x1b28 KSecPkg - ok
    16:56:26.0118 0x1b28 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    16:56:26.0133 0x1b28 ksthunk - ok
    16:56:26.0165 0x1b28 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
    16:56:26.0180 0x1b28 KtmRm - ok
    16:56:26.0243 0x1b28 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
    16:56:26.0289 0x1b28 LanmanServer - ok
    16:56:26.0352 0x1b28 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    16:56:26.0367 0x1b28 LanmanWorkstation - ok
    16:56:26.0445 0x1b28 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    16:56:26.0445 0x1b28 lltdio - ok
    16:56:26.0586 0x1b28 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
    16:56:26.0601 0x1b28 lltdsvc - ok
    16:56:26.0633 0x1b28 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
    16:56:26.0664 0x1b28 lmhosts - ok
    16:56:26.0789 0x1b28 [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    16:56:26.0820 0x1b28 LMS - ok
    16:56:26.0882 0x1b28 [ 41E122F6D1448C94CC05196BC41D6BFB, DC027B897A14359669C6C93CCC7FCEEA2FDCEE281489589DDAEE008FAD0B15E2 ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
    16:56:26.0882 0x1b28 LPCFilter - ok
    16:56:26.0929 0x1b28 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    16:56:26.0929 0x1b28 LSI_FC - ok
    16:56:26.0960 0x1b28 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    16:56:26.0960 0x1b28 LSI_SAS - ok
    16:56:26.0976 0x1b28 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    16:56:26.0991 0x1b28 LSI_SAS2 - ok
    16:56:26.0991 0x1b28 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    16:56:27.0007 0x1b28 LSI_SCSI - ok
    16:56:27.0007 0x1b28 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
    16:56:27.0023 0x1b28 luafv - ok
    16:56:27.0101 0x1b28 [ D7F57860E779B84AB982E8F4F23E30D1, 118E98F8999A2CBA469FBFF8C776BFC9D92D0445AE30060EA4028731224C68B8 ] massfilter_hs C:\windows\system32\drivers\massfilter_hs.sys
    16:56:27.0101 0x1b28 massfilter_hs - ok
    16:56:27.0210 0x1b28 [ A8D28D5B3E2A528D1EF0E338E44F2820, 40D1EFDD253BC0A0D984A5AD8A2721C3E83B15F14D538204714E6D5B00D92CEB ] MBAMProtector C:\windows\system32\drivers\mbam.sys
    16:56:27.0210 0x1b28 MBAMProtector - ok
    16:56:27.0771 0x1b28 [ 83C982A395D00BAFF6515FB38424EA76, 0E1B66F84A483D47550347D4A9426B95A066DB5104C4284F606A16768A11DB0C ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    16:56:27.0834 0x1b28 MBAMService - ok
    16:56:27.0912 0x1b28 [ AE757332EA130E94E646621CC695B52A, E688CF34A4206F32B5C7301119D8459C3456FC178FA1DAA6215CE15F2C824C43 ] MBAMWebAccessControl C:\windows\system32\drivers\mwac.sys
    16:56:27.0912 0x1b28 MBAMWebAccessControl - ok
    16:56:27.0959 0x1b28 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    16:56:28.0099 0x1b28 Mcx2Svc - ok
    16:56:28.0146 0x1b28 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    16:56:28.0177 0x1b28 megasas - ok
    16:56:28.0317 0x1b28 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    16:56:28.0349 0x1b28 MegaSR - ok
    16:56:28.0395 0x1b28 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
    16:56:28.0395 0x1b28 MMCSS - ok
    16:56:28.0411 0x1b28 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
    16:56:28.0411 0x1b28 Modem - ok
    16:56:28.0427 0x1b28 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
    16:56:28.0427 0x1b28 monitor - ok
    16:56:28.0458 0x1b28 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    16:56:28.0458 0x1b28 mouclass - ok
    16:56:28.0520 0x1b28 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    16:56:28.0520 0x1b28 mouhid - ok
    16:56:28.0551 0x1b28 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    16:56:28.0567 0x1b28 mountmgr - ok
    16:56:28.0614 0x1b28 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
    16:56:28.0629 0x1b28 mpio - ok
    16:56:28.0645 0x1b28 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    16:56:28.0645 0x1b28 mpsdrv - ok
    16:56:28.0926 0x1b28 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
    16:56:28.0988 0x1b28 MpsSvc - ok
    16:56:29.0019 0x1b28 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    16:56:29.0035 0x1b28 MRxDAV - ok
    16:56:29.0082 0x1b28 [ 1877EB1495CFBDAB27D6A32F6DDF3818, 3818055C66AB12A335A905CFFE5D05347F15AE488861C5C183E62E8E0881DA86 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    16:56:29.0114 0x1b28 mrxsmb - ok
    16:56:29.0176 0x1b28 [ 21AF322605D8C7F2A627C22634D1C9C9, 6B783F95D093FEFB260EA9568926BBB3CB8ED0783184DB3A18733E211933BADD ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    16:56:29.0239 0x1b28 mrxsmb10 - ok
    16:56:29.0254 0x1b28 [ 45A03A0B6461EFBEE77E0A6AC2816EDA, CFB0C11387F2EC49FD6B69EF747962114EBA6F8B4B4DEC3627E9E969775C4D7E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    16:56:29.0286 0x1b28 mrxsmb20 - ok
    16:56:29.0301 0x1b28 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
    16:56:29.0301 0x1b28 msahci - ok
    16:56:29.0348 0x1b28 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
    16:56:29.0364 0x1b28 msdsm - ok
    16:56:29.0395 0x1b28 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
    16:56:29.0395 0x1b28 MSDTC - ok
    16:56:29.0426 0x1b28 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
    16:56:29.0426 0x1b28 Msfs - ok
    16:56:29.0488 0x1b28 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    16:56:29.0504 0x1b28 mshidkmdf - ok
    16:56:29.0535 0x1b28 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    16:56:29.0535 0x1b28 msisadrv - ok
    16:56:29.0566 0x1b28 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    16:56:29.0613 0x1b28 MSiSCSI - ok
    16:56:29.0613 0x1b28 msiserver - ok
    16:56:29.0644 0x1b28 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    16:56:29.0644 0x1b28 MSKSSRV - ok
    16:56:29.0676 0x1b28 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    16:56:29.0676 0x1b28 MSPCLOCK - ok
    16:56:29.0707 0x1b28 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    16:56:29.0738 0x1b28 MSPQM - ok
    16:56:29.0769 0x1b28 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    16:56:29.0785 0x1b28 MsRPC - ok
    16:56:29.0816 0x1b28 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    16:56:29.0832 0x1b28 mssmbios - ok
    16:56:29.0863 0x1b28 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    16:56:29.0878 0x1b28 MSTEE - ok
    16:56:29.0910 0x1b28 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    16:56:29.0910 0x1b28 MTConfig - ok
    16:56:29.0972 0x1b28 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
    16:56:29.0972 0x1b28 Mup - ok
    16:56:30.0159 0x1b28 [ 93CD1C4ECB8658A35E5E6EBA02D43E4F, 3439DBEEC3E6C9E7DCBF11B7065F7D596B5C11CFE2629821C9D46894053AD42A ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    16:56:30.0190 0x1b28 MyWiFiDHCPDNS - ok
    16:56:30.0253 0x1b28 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
    16:56:30.0268 0x1b28 napagent - ok
    16:56:30.0331 0x1b28 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    16:56:30.0346 0x1b28 NativeWifiP - ok
    16:56:30.0643 0x1b28 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
    16:56:30.0674 0x1b28 NDIS - ok
    16:56:30.0705 0x1b28 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    16:56:30.0721 0x1b28 NdisCap - ok
    16:56:30.0752 0x1b28 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    16:56:30.0752 0x1b28 NdisTapi - ok
    16:56:30.0814 0x1b28 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    16:56:30.0830 0x1b28 Ndisuio - ok
    16:56:30.0877 0x1b28 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    16:56:30.0892 0x1b28 NdisWan - ok
    16:56:30.0939 0x1b28 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    16:56:30.0955 0x1b28 NDProxy - ok
    16:56:30.0986 0x1b28 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    16:56:31.0002 0x1b28 NetBIOS - ok
    16:56:31.0048 0x1b28 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    16:56:31.0064 0x1b28 NetBT - ok
    16:56:31.0095 0x1b28 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] Netlogon C:\windows\system32\lsass.exe
    16:56:31.0095 0x1b28 Netlogon - ok
    16:56:31.0142 0x1b28 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
    16:56:31.0158 0x1b28 Netman - ok
    16:56:31.0563 0x1b28 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:31.0626 0x1b28 NetMsmqActivator - ok
    16:56:31.0641 0x1b28 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:31.0641 0x1b28 NetPipeActivator - ok
    16:56:31.0735 0x1b28 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
    16:56:31.0750 0x1b28 netprofm - ok
    16:56:31.0782 0x1b28 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:31.0782 0x1b28 NetTcpActivator - ok
    16:56:31.0782 0x1b28 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:56:31.0797 0x1b28 NetTcpPortSharing - ok
    16:56:32.0187 0x1b28 [ EB43840BABF5589E33186D094DE7381D, 028750D33516773258FEA120FE4108A2EEA3FC6FEC49C6B2C1926F57858173AC ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
    16:56:32.0499 0x1b28 NETwNs64 - ok
    16:56:32.0577 0x1b28 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    16:56:32.0608 0x1b28 nfrd960 - ok
    16:56:32.0702 0x1b28 [ 8AED7DEF1F9659C911E1B1C9DD3CE8CD, 3ECFF30C8D8E7CF4514055F4E63B36C900EF104ECC75F804B11AF6307874153B ] ngvss C:\windows\system32\drivers\ngvss.sys
    16:56:32.0718 0x1b28 ngvss - ok
    16:56:32.0764 0x1b28 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\windows\System32\nlasvc.dll
    16:56:32.0780 0x1b28 NlaSvc - ok
    16:56:32.0796 0x1b28 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
    16:56:32.0827 0x1b28 Npfs - ok
    16:56:32.0874 0x1b28 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
    16:56:32.0905 0x1b28 nsi - ok
    16:56:32.0920 0x1b28 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    16:56:32.0920 0x1b28 nsiproxy - ok
    16:56:33.0014 0x1b28 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    16:56:33.0061 0x1b28 Ntfs - ok
    16:56:33.0076 0x1b28 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
    16:56:33.0092 0x1b28 Null - ok
    16:56:33.0108 0x1b28 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
    16:56:33.0108 0x1b28 nvraid - ok
    16:56:33.0248 0x1b28 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
    16:56:33.0248 0x1b28 nvstor - ok
    16:56:33.0279 0x1b28 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    16:56:33.0279 0x1b28 nv_agp - ok
    16:56:33.0295 0x1b28 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    16:56:33.0310 0x1b28 ohci1394 - ok
    16:56:33.0373 0x1b28 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:56:33.0388 0x1b28 ose - ok
    16:56:33.0919 0x1b28 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:56:34.0044 0x1b28 osppsvc - ok
    16:56:34.0122 0x1b28 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    16:56:34.0137 0x1b28 p2pimsvc - ok
    16:56:34.0217 0x1b28 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
    16:56:34.0248 0x1b28 p2psvc - ok
    16:56:34.0280 0x1b28 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
    16:56:34.0295 0x1b28 Parport - ok
    16:56:34.0326 0x1b28 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
    16:56:34.0326 0x1b28 partmgr - ok
    16:56:34.0373 0x1b28 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\windows\System32\pcasvc.dll
    16:56:34.0373 0x1b28 PcaSvc - ok
    16:56:34.0420 0x1b28 [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe
    16:56:34.0436 0x1b28 PCCUJobMgr - ok
    16:56:34.0467 0x1b28 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
    16:56:34.0467 0x1b28 pci - ok
    16:56:34.0498 0x1b28 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
    16:56:34.0498 0x1b28 pciide - ok
    16:56:34.0514 0x1b28 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    16:56:34.0529 0x1b28 pcmcia - ok
    16:56:34.0810 0x1b28 [ 1171C834C5E6515765684C6938B609A1, 0809F8D4029DA7C4A7B6BF68DC0DFDB9FE88DEA66E3186A7ADF164BA19550967 ] PCToolsSSDMonitorSvc C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    16:56:34.0826 0x1b28 PCToolsSSDMonitorSvc - ok
    16:56:34.0872 0x1b28 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
    16:56:34.0888 0x1b28 pcw - ok
    16:56:34.0935 0x1b28 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\windows\system32\drivers\peauth.sys
    16:56:34.0982 0x1b28 PEAUTH - ok
    16:56:35.0590 0x1b28 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
    16:56:35.0606 0x1b28 PerfHost - ok
    16:56:35.0684 0x1b28 [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    16:56:35.0699 0x1b28 PGEffect - ok
    16:56:35.0886 0x1b28 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
    16:56:35.0933 0x1b28 pla - ok
    16:56:36.0011 0x1b28 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    16:56:36.0027 0x1b28 PlugPlay - ok
    16:56:36.0089 0x1b28 [ 06841F5CD8410B6BDC0B5A631B8F8787, 95CA940AAE0C713C7161899D7DD7109FC985B60A1B3817C4243ED9870DA5FDE0 ] pnetmdm C:\windows\system32\DRIVERS\pnetmdm64.sys
    16:56:36.0089 0x1b28 pnetmdm - ok
    16:56:36.0105 0x1b28 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    16:56:36.0105 0x1b28 PNRPAutoReg - ok
    16:56:36.0136 0x1b28 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    16:56:36.0136 0x1b28 PNRPsvc - ok
    16:56:36.0198 0x1b28 [ 5BC4D480DD527EB0CF33A67A090A130E, 25B5E34CF5CED4C5C5CB2175018905F0A49191DC1670CA3F797A8434D6F1AE82 ] Point64 C:\windows\system32\DRIVERS\point64.sys
    16:56:36.0198 0x1b28 Point64 - ok
    16:56:36.0261 0x1b28 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    16:56:36.0292 0x1b28 PolicyAgent - ok
    16:56:36.0323 0x1b28 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
    16:56:36.0339 0x1b28 Power - ok
    16:56:36.0386 0x1b28 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    16:56:36.0417 0x1b28 PptpMiniport - ok
    16:56:36.0448 0x1b28 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
    16:56:36.0464 0x1b28 Processor - ok
    16:56:36.0526 0x1b28 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\windows\system32\profsvc.dll
    16:56:36.0542 0x1b28 ProfSvc - ok
    16:56:36.0573 0x1b28 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] ProtectedStorage C:\windows\system32\lsass.exe
    16:56:36.0573 0x1b28 ProtectedStorage - ok
    16:56:36.0635 0x1b28 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
    16:56:36.0666 0x1b28 Psched - ok
    16:56:36.0760 0x1b28 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    16:56:36.0807 0x1b28 ql2300 - ok
    16:56:36.0822 0x1b28 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    16:56:36.0838 0x1b28 ql40xx - ok
    16:56:36.0869 0x1b28 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
    16:56:36.0869 0x1b28 QWAVE - ok
    16:56:36.0885 0x1b28 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    16:56:36.0885 0x1b28 QWAVEdrv - ok
    16:56:36.0916 0x1b28 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    16:56:36.0916 0x1b28 RasAcd - ok
    16:56:36.0932 0x1b28 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    16:56:36.0947 0x1b28 RasAgileVpn - ok
    16:56:36.0963 0x1b28 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
    16:56:36.0978 0x1b28 RasAuto - ok
    16:56:37.0025 0x1b28 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    16:56:37.0025 0x1b28 Rasl2tp - ok
    16:56:37.0088 0x1b28 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
    16:56:37.0134 0x1b28 RasMan - ok
    16:56:37.0150 0x1b28 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    16:56:37.0150 0x1b28 RasPppoe - ok
    16:56:37.0166 0x1b28 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    16:56:37.0166 0x1b28 RasSstp - ok
    16:56:37.0228 0x1b28 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    16:56:37.0259 0x1b28 rdbss - ok
    16:56:37.0275 0x1b28 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    16:56:37.0275 0x1b28 rdpbus - ok
    16:56:37.0306 0x1b28 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    16:56:37.0306 0x1b28 RDPCDD - ok
    16:56:37.0322 0x1b28 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    16:56:37.0322 0x1b28 RDPENCDD - ok
    16:56:37.0337 0x1b28 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    16:56:37.0337 0x1b28 RDPREFMP - ok
    16:56:37.0415 0x1b28 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    16:56:37.0431 0x1b28 RDPWD - ok
    16:56:37.0509 0x1b28 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    16:56:37.0524 0x1b28 rdyboost - ok
    16:56:37.0649 0x1b28 [ 2BFDFE9D19AE4A0CDD07291545D0C2A7, D1337D70043534F9EFBFC2D3302158BEBDB51F93626E75B7FEE3C84735A92213 ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    16:56:37.0680 0x1b28 RealNetworks Downloader Resolver Service - ok
    16:56:38.0226 0x1b28 [ E2AF9198E445D1742C5F2BB336381E18, 41B951C5E0E3562AC182F369912A70B2001DFE99CF51619FFA4387C1CC2E2BA9 ] RealPlayer Cloud Service c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
    16:56:38.0258 0x1b28 RealPlayer Cloud Service - ok
    16:56:38.0382 0x1b28 [ 2DF2235DB8AF585BA5F2E11911BF08D2, 11ACC1A94681503BDBFE181B7BD6C24AD9D556D923A16638556EE2F382344AC6 ] RealPlayerUpdateSvc C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    16:56:38.0382 0x1b28 RealPlayerUpdateSvc - ok
    16:56:38.0616 0x1b28 [ A6BAEA839CC888D4961AB5FE16BB8C4A, A3DD50446BEDAE38A3DA8AC9809F3BCE95EA418C2DEF5DB433DB614591C6B51B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    16:56:38.0648 0x1b28 RegSrvc - ok
    16:56:38.0694 0x1b28 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
    16:56:38.0694 0x1b28 RemoteAccess - ok
    16:56:38.0726 0x1b28 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
    16:56:38.0726 0x1b28 RemoteRegistry - ok
    16:56:38.0772 0x1b28 [ 6D850FAD4CC9498D1F382B77BA4035CC, 689B8D90BFA404F2ABEF3F7CD098382DAA81A4CF6BF3784C9CC24DAF33F10660 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
    16:56:38.0804 0x1b28 RimUsb - ok
    16:56:38.0866 0x1b28 [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort C:\windows\system32\DRIVERS\RimSerial_AMD64.sys
    16:56:38.0944 0x1b28 RimVSerPort - ok
    16:56:39.0006 0x1b28 [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM C:\windows\system32\Drivers\RootMdm.sys
    16:56:39.0006 0x1b28 ROOTMODEM - ok
    16:56:39.0038 0x1b28 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    16:56:39.0053 0x1b28 RpcEptMapper - ok
    16:56:39.0069 0x1b28 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
    16:56:39.0069 0x1b28 RpcLocator - ok
    16:56:39.0131 0x1b28 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
    16:56:39.0147 0x1b28 RpcSs - ok
    16:56:39.0194 0x1b28 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    16:56:39.0194 0x1b28 rspndr - ok
    16:56:39.0240 0x1b28 [ BA3E57C89E6F63808D3F2B11E1A2AD3C, AD444BB6D8295170F3AD640DEB36EC19E16CA7D57B42F871D037070C20D4B8ED ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
    16:56:39.0256 0x1b28 RTL8167 - ok
    16:56:39.0272 0x1b28 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] SamSs C:\windows\system32\lsass.exe
    16:56:39.0272 0x1b28 SamSs - ok
    16:56:39.0381 0x1b28 [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    16:56:39.0396 0x1b28 SASDIFSV - ok
    16:56:39.0443 0x1b28 [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    16:56:39.0443 0x1b28 SASKUTIL - ok
    16:56:39.0521 0x1b28 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    16:56:39.0552 0x1b28 sbp2port - ok
    16:56:39.0599 0x1b28 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
    16:56:39.0599 0x1b28 SCardSvr - ok
    16:56:39.0646 0x1b28 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    16:56:39.0677 0x1b28 scfilter - ok
    16:56:39.0740 0x1b28 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
    16:56:39.0755 0x1b28 Schedule - ok
    16:56:39.0802 0x1b28 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
    16:56:39.0802 0x1b28 SCPolicySvc - ok
    16:56:39.0896 0x1b28 [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\windows\system32\drivers\ScreamingBAudio64.sys
    16:56:39.0927 0x1b28 ScreamBAudioSvc - ok
    16:56:40.0036 0x1b28 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\windows\system32\drivers\sdbus.sys
    16:56:40.0067 0x1b28 sdbus - ok
    16:56:40.0130 0x1b28 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
    16:56:40.0161 0x1b28 SDRSVC - ok
    16:56:40.0192 0x1b28 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
    16:56:40.0192 0x1b28 secdrv - ok
    16:56:40.0286 0x1b28 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
    16:56:40.0317 0x1b28 seclogon - ok
    16:56:40.0410 0x1b28 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
    16:56:40.0442 0x1b28 SENS - ok
    16:56:40.0535 0x1b28 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
    16:56:40.0535 0x1b28 SensrSvc - ok
    16:56:40.0566 0x1b28 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    16:56:40.0566 0x1b28 Serenum - ok
    16:56:40.0582 0x1b28 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
    16:56:40.0582 0x1b28 Serial - ok
    16:56:40.0629 0x1b28 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    16:56:40.0629 0x1b28 sermouse - ok
    16:56:40.0691 0x1b28 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
    16:56:40.0707 0x1b28 SessionEnv - ok
    16:56:40.0754 0x1b28 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    16:56:40.0754 0x1b28 sffdisk - ok
    16:56:40.0769 0x1b28 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    16:56:40.0769 0x1b28 sffp_mmc - ok
    16:56:40.0785 0x1b28 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    16:56:40.0785 0x1b28 sffp_sd - ok
    16:56:40.0800 0x1b28 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    16:56:40.0800 0x1b28 sfloppy - ok
    16:56:40.0878 0x1b28 [ 21AB491BBCC8C1B26FDC402A374AB196, DD973C9963C840200D153A15078152D499639730D065BB8122C6BE65D4372300 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
    16:56:40.0894 0x1b28 Sftfs - ok
    16:56:41.0003 0x1b28 [ 4E1BB8A9CCDB4BAF41F7F9A930EB121D, D994B20DACEB187BEB6530309E2185040B58105E4FD5AC1DA435712F9DE027D0 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    16:56:41.0019 0x1b28 sftlist - ok
    16:56:41.0097 0x1b28 [ 3B8D43FEEFF7A187534DDDFD675FE123, 9308D5C552FE3AF1121A3F7B7595547C6B892FF500377953F3B623511D84698C ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
    16:56:41.0112 0x1b28 Sftplay - ok
    16:56:41.0159 0x1b28 [ F1D1B1DC7A8765A09D7640FBF8D20970, 72E59B04BC44DAFFB88987C16CF3F9DC35438B15879E102FD83013673E0DB66F ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
    16:56:41.0159 0x1b28 Sftredir - ok
    16:56:41.0175 0x1b28 [ B3B9ADE7F8C4AF0C20E712E040588543, 9A6BB11DA046BF6F0239952871263E148FAE91FB21065613645114B5FA054EC5 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
    16:56:41.0190 0x1b28 Sftvol - ok
    16:56:41.0237 0x1b28 [ CECFDE5D3701B2D914862F5E6C3DFE18, E7627F90630C306324A39DC3C652B37D255F90636AC19D3302EE5B85BD504BD5 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    16:56:41.0253 0x1b28 sftvsa - ok
    16:56:41.0362 0x1b28 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
    16:56:41.0378 0x1b28 SharedAccess - ok
    16:56:41.0502 0x1b28 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
    16:56:41.0502 0x1b28 ShellHWDetection - ok
    16:56:41.0565 0x1b28 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    16:56:41.0565 0x1b28 SiSRaid2 - ok
    16:56:41.0580 0x1b28 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    16:56:41.0580 0x1b28 SiSRaid4 - ok
    16:56:41.0970 0x1a14 Object required for P2P: [ 11120878E5276B367E1A10FF8C9B595B ] avast! Antivirus
    16:56:42.0002 0x1b28 [ 4CA43B85F22C7739311788B651A779CB, 5F761B3ADBDB093A4198CE5FE3BB444AB3C063483815F45DFB186082DDEB8CBC ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    16:56:42.0095 0x1b28 Skype C2C Service - ok
    16:56:42.0282 0x1b28 [ 704B4F81729F676BBF034529FC334D82, 1E50DAF97836807A500284385D99272780A8B69CA88761250451060B207824F8 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:56:42.0314 0x1b28 SkypeUpdate - ok
    16:56:42.0376 0x1b28 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
    16:56:42.0392 0x1b28 Smb - ok
    16:56:42.0485 0x1b28 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
    16:56:42.0501 0x1b28 SNMPTRAP - ok
    16:56:42.0953 0x1b28 [ 12583AF6CBE0050651EAF2723B3AD7B3, 965D4F981B54669A96C5AB02D09BF0A9850D13862425B8981F1A9271350F28BB ] speedfan C:\windows\syswow64\speedfan.sys
    16:56:43.0000 0x1b28 speedfan - ok
    16:56:43.0031 0x1b28 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
    16:56:43.0031 0x1b28 spldr - ok
    16:56:43.0094 0x1b28 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
    16:56:43.0109 0x1b28 Spooler - ok
    16:56:43.0328 0x1b28 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
    16:56:43.0421 0x1b28 sppsvc - ok
    16:56:43.0484 0x1b28 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
    16:56:43.0484 0x1b28 sppuinotify - ok
    16:56:43.0562 0x1b28 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
    16:56:43.0562 0x1b28 srv - ok
    16:56:43.0593 0x1b28 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    16:56:43.0608 0x1b28 srv2 - ok
    16:56:43.0624 0x1b28 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    16:56:43.0624 0x1b28 srvnet - ok
    16:56:43.0718 0x1b28 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    16:56:43.0733 0x1b28 SSDPSRV - ok
    16:56:43.0749 0x1b28 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
    16:56:43.0764 0x1b28 SstpSvc - ok
    16:56:43.0780 0x1b28 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    16:56:43.0780 0x1b28 stexstor - ok
    16:56:43.0827 0x1b28 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
    16:56:43.0842 0x1b28 StillCam - ok
    16:56:43.0936 0x1b28 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
    16:56:43.0952 0x1b28 stisvc - ok
    16:56:44.0014 0x1b28 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
    16:56:44.0014 0x1b28 swenum - ok
    16:56:44.0045 0x1b28 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
    16:56:44.0061 0x1b28 swprv - ok
    16:56:44.0123 0x1b28 [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    16:56:44.0154 0x1b28 SynTP - ok
    16:56:44.0248 0x1b28 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
    16:56:44.0310 0x1b28 SysMain - ok
    16:56:44.0357 0x1b28 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
    16:56:44.0373 0x1b28 TabletInputService - ok
    16:56:44.0420 0x1b28 [ F9BE29D5E097F03F81D3CD12B794CB66, 5EC208DEAF7C721F4C36512E7DAD4AC66578AB935B9502A5E1E213BC91BE508C ] tap0901 C:\windows\system32\DRIVERS\tap0901.sys
    16:56:44.0451 0x1b28 tap0901 - ok
    16:56:44.0513 0x1b28 [ B70DF208E97536CA9F29289E609F5B16, 5D2AF3DE64A6DAF8F0EA8C1F05B13660EA9428450516A6B3FA8AB0C3B3218E2D ] taphss C:\windows\system32\DRIVERS\taphss.sys
    16:56:44.0513 0x1b28 taphss - ok
    16:56:44.0560 0x1b28 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
    16:56:44.0576 0x1b28 TapiSrv - ok
    16:56:44.0607 0x1b28 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
    16:56:44.0607 0x1b28 TBS - ok
    16:56:44.0716 0x1b28 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\windows\system32\drivers\tcpip.sys
    16:56:44.0763 0x1b28 Tcpip - ok
    16:56:44.0825 0x1b28 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    16:56:44.0888 0x1b28 TCPIP6 - ok
    16:56:44.0950 0x1b28 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    16:56:44.0966 0x1b28 tcpipreg - ok
    16:56:44.0997 0x1b28 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    16:56:45.0012 0x1b28 tdcmdpst - ok
    16:56:45.0028 0x1b28 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    16:56:45.0028 0x1b28 TDPIPE - ok
    16:56:45.0059 0x1b28 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    16:56:45.0059 0x1b28 TDTCP - ok
    16:56:45.0153 0x1a14 Object send P2P result: true
    16:56:45.0184 0x1b28 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\windows\system32\DRIVERS\tdx.sys
    16:56:45.0184 0x1b28 tdx - ok
    16:56:45.0215 0x1b28 TelevisionFanaticService - ok
    16:56:45.0262 0x1b28 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
    16:56:45.0262 0x1b28 TermDD - ok
    16:56:45.0324 0x1b28 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\windows\System32\termsrv.dll
    16:56:45.0340 0x1b28 TermService - ok
    16:56:45.0371 0x1b28 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
    16:56:45.0387 0x1b28 Themes - ok
    16:56:45.0449 0x1b28 [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
    16:56:45.0449 0x1b28 Thpdrv - ok
    16:56:45.0480 0x1b28 [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
    16:56:45.0480 0x1b28 Thpevm - ok
    16:56:45.0621 0x1b28 [ F6927BBA3B09AFF26A53A9191F7378F9, ECB6FD262882E9E2714DC61A634045B4C4906BF159A42ECB5D3166BD42EC65D1 ] Thpsrv C:\windows\system32\ThpSrv.exe
    16:56:45.0636 0x1b28 Thpsrv - ok
    16:56:45.0668 0x1b28 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
    16:56:45.0699 0x1b28 THREADORDER - ok
    16:56:45.0870 0x1b28 [ F120967184A27E927052E8DDBB727851, B54A1D2B4D52C0DF19AC81617A26CA164C5779C568DB86A6FD97D0A14D5FEEB4 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    16:56:45.0870 0x1b28 TMachInfo - ok
    16:56:45.0902 0x1b28 [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    16:56:45.0917 0x1b28 TODDSrv - ok
    16:56:46.0120 0x1b28 [ DB9719688C08F42705FEB3F6A0C98B91, D8E837F2F5C3838312001CCDD37448ABAE3DD6452CE6DC26241678E0F3A584CE ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    16:56:46.0151 0x1b28 TosCoSrv - ok
    16:56:46.0198 0x1b28 [ 152DA63A2843E7E63ECA8AE90D853763, 78DF112A09F95DD9309BF77FA89218FCA1CEE3B7AED34BC2BA9DF1185C3E4965 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    16:56:46.0198 0x1b28 TOSHIBA eco Utility Service - ok
    16:56:46.0229 0x1b28 [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    16:56:46.0245 0x1b28 TOSHIBA HDD SSD Alert Service - ok
    16:56:46.0276 0x1b28 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
    16:56:46.0307 0x1b28 tos_sps64 - ok
    16:56:46.0354 0x1b28 [ 6F9E17819BFA53CFF67CB1E16669500F, E95F9AA9CF3B55F6A56204CD118DEE80DC1655432E8CE2A25137E1F9B7CCFA61 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    16:56:46.0401 0x1b28 TPCHSrv - ok
    16:56:46.0432 0x1b28 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
    16:56:46.0432 0x1b28 TrkWks - ok
    16:56:46.0557 0x1b28 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    16:56:46.0588 0x1b28 TrustedInstaller - ok
    16:56:46.0619 0x1b28 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    16:56:46.0619 0x1b28 tssecsrv - ok
    16:56:46.0682 0x1b28 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    16:56:46.0682 0x1b28 TsUsbFlt - ok
    16:56:46.0728 0x1b28 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    16:56:46.0728 0x1b28 tunnel - ok
    16:56:46.0760 0x1b28 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    16:56:46.0775 0x1b28 TVALZ - ok
    16:56:46.0791 0x1b28 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    16:56:46.0806 0x1b28 TVALZFL - ok
    16:56:46.0822 0x1b28 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    16:56:46.0822 0x1b28 uagp35 - ok
    16:56:46.0931 0x1b28 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    16:56:46.0947 0x1b28 udfs - ok
    16:56:46.0994 0x1b28 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
    16:56:46.0994 0x1b28 UI0Detect - ok
    16:56:47.0040 0x1b28 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    16:56:47.0040 0x1b28 uliagpkx - ok
    16:56:47.0087 0x1b28 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
    16:56:47.0087 0x1b28 umbus - ok
    16:56:47.0118 0x1b28 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    16:56:47.0118 0x1b28 UmPass - ok
    16:56:47.0259 0x1b28 [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    16:56:47.0321 0x1b28 UNS - ok
    16:56:47.0446 0x1b28 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
    16:56:47.0477 0x1b28 upnphost - ok
    16:56:47.0571 0x1b28 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    16:56:47.0586 0x1b28 USBAAPL64 - ok
    16:56:47.0664 0x1b28 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    16:56:47.0680 0x1b28 usbccgp - ok
    16:56:47.0727 0x1b28 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
    16:56:47.0727 0x1b28 usbcir - ok
    16:56:47.0789 0x1b28 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
    16:56:47.0789 0x1b28 usbehci - ok
    16:56:47.0867 0x1b28 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    16:56:47.0867 0x1b28 usbhub - ok
    16:56:47.0898 0x1b28 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
    16:56:47.0914 0x1b28 usbohci - ok
    16:56:47.0976 0x1b28 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    16:56:47.0976 0x1b28 usbprint - ok
    16:56:48.0039 0x1b28 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
    16:56:48.0054 0x1b28 usbscan - ok
    16:56:48.0086 0x1b28 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    16:56:48.0101 0x1b28 USBSTOR - ok
    16:56:48.0132 0x1b28 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    16:56:48.0148 0x1b28 usbuhci - ok
    16:56:48.0226 0x1b28 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    16:56:48.0226 0x1b28 usbvideo - ok
    16:56:48.0273 0x1b28 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
    16:56:48.0304 0x1b28 UxSms - ok
    16:56:48.0351 0x1b28 [ 97D879A884E7CDFED51AD63348A35254, 256566B7039B640FFB72C2ED7F1F42E46FFC820637A8959A64F5F08DB2A06A3F ] VaultSvc C:\windows\system32\lsass.exe
    16:56:48.0351 0x1b28 VaultSvc - ok
    16:56:48.0772 0x1b28 [ 3470D2C83CA7A056B91216EA1D571304, 3189ABF6E8C08B1B0F406DB5E78F9ABD9A0AE3FF52615B681A8DEB1A38E26B83 ] VBoxAswDrv C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
    16:56:48.0772 0x1b28 VBoxAswDrv - ok
    16:56:48.0850 0x1b28 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    16:56:48.0866 0x1b28 vdrvroot - ok
    16:56:48.0975 0x1b28 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
    16:56:48.0990 0x1b28 vds - ok
    16:56:49.0037 0x1b28 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    16:56:49.0037 0x1b28 vga - ok
    16:56:49.0068 0x1b28 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
    16:56:49.0068 0x1b28 VgaSave - ok
    16:56:49.0146 0x1b28 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    16:56:49.0162 0x1b28 vhdmp - ok
    16:56:49.0209 0x1b28 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
    16:56:49.0209 0x1b28 viaide - ok
    16:56:49.0224 0x1b28 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
    16:56:49.0224 0x1b28 volmgr - ok
    16:56:49.0271 0x1b28 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    16:56:49.0302 0x1b28 volmgrx - ok
    16:56:49.0334 0x1b28 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
    16:56:49.0349 0x1b28 volsnap - ok
    16:56:49.0412 0x1b28 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    16:56:49.0412 0x1b28 vsmraid - ok
    16:56:49.0521 0x1b28 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
    16:56:49.0568 0x1b28 VSS - ok
    16:56:49.0599 0x1b28 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    16:56:49.0599 0x1b28 vwifibus - ok
    16:56:49.0661 0x1b28 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    16:56:49.0692 0x1b28 vwififlt - ok
    16:56:49.0708 0x1b28 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    16:56:49.0724 0x1b28 vwifimp - ok
    16:56:49.0786 0x1b28 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
    16:56:49.0802 0x1b28 W32Time - ok
    16:56:49.0833 0x1b28 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    16:56:49.0833 0x1b28 WacomPen - ok
    16:56:49.0864 0x1b28 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    16:56:49.0864 0x1b28 WANARP - ok
    16:56:49.0864 0x1b28 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    16:56:49.0880 0x1b28 Wanarpv6 - ok
    16:56:49.0958 0x1b28 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    16:56:49.0989 0x1b28 WatAdminSvc - ok
    16:56:50.0316 0x1b28 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
    16:56:50.0394 0x1b28 wbengine - ok
    16:56:50.0441 0x1b28 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    16:56:50.0457 0x1b28 WbioSrvc - ok
    16:56:50.0535 0x1b28 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
    16:56:50.0535 0x1b28 wcncsvc - ok
    16:56:50.0566 0x1b28 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    16:56:50.0566 0x1b28 WcsPlugInService - ok
    16:56:50.0597 0x1b28 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
    16:56:50.0597 0x1b28 Wd - ok
    16:56:50.0660 0x1b28 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    16:56:50.0691 0x1b28 Wdf01000 - ok
    16:56:50.0769 0x1b28 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\windows\system32\wdi.dll
    16:56:50.0769 0x1b28 WdiServiceHost - ok
    16:56:50.0769 0x1b28 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\windows\system32\wdi.dll
    16:56:50.0784 0x1b28 WdiSystemHost - ok
    16:56:50.0894 0x1b28 [ FE31110E39A0B11ABAE1BA43A2DC94F9, 5C520E0FB737A2113FB89F23FB1D36916980BBBD020638EEB04144C10A9D9522 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
    16:56:50.0894 0x1b28 wdkmd - ok
    16:56:50.0925 0x1b28 [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient C:\windows\System32\webclnt.dll
    16:56:50.0940 0x1b28 WebClient - ok
    16:56:50.0987 0x1b28 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
    16:56:51.0003 0x1b28 Wecsvc - ok
    16:56:51.0018 0x1b28 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
    16:56:51.0018 0x1b28 wercplsupport - ok
    16:56:51.0081 0x1b28 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
    16:56:51.0081 0x1b28 WerSvc - ok
    16:56:51.0190 0x1b28 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    16:56:51.0206 0x1b28 WfpLwf - ok
    16:56:51.0486 0x1b28 [ 8686E96E13F41AC9806A79CA8004FEEE, 1B8077D288B2169E7DFDAC7C90F6AD0C04A1A9590D83F4DBAC346ECA6D4F6184 ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    16:56:51.0502 0x1b28 WiMAXAppSrv - ok
    16:56:51.0533 0x1b28 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
    16:56:51.0533 0x1b28 WIMMount - ok
    16:56:51.0596 0x1b28 WinDefend - ok
    16:56:51.0627 0x1b28 WinHttpAutoProxySvc - ok
    16:56:51.0970 0x1b28 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    16:56:51.0986 0x1b28 Winmgmt - ok
    16:56:52.0126 0x1b28 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\windows\system32\WsmSvc.dll
    16:56:52.0188 0x1b28 WinRM - ok
    16:56:52.0266 0x1b28 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    16:56:52.0266 0x1b28 WinUsb - ok
    16:56:52.0391 0x1b28 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
    16:56:52.0422 0x1b28 Wlansvc - ok
    16:56:52.0485 0x1b28 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:56:52.0485 0x1b28 wlcrasvc - ok
    16:56:52.0875 0x1b28 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:56:52.0922 0x1b28 wlidsvc - ok
    16:56:52.0953 0x1b28 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    16:56:52.0968 0x1b28 WmiAcpi - ok
    16:56:53.0000 0x1b28 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    16:56:53.0000 0x1b28 wmiApSrv - ok
    16:56:53.0046 0x1b28 WMPNetworkSvc - ok
    16:56:53.0124 0x1b28 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
    16:56:53.0156 0x1b28 WPCSvc - ok
    16:56:53.0202 0x1b28 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    16:56:53.0202 0x1b28 WPDBusEnum - ok
    16:56:53.0234 0x1b28 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    16:56:53.0249 0x1b28 ws2ifsl - ok
    16:56:53.0280 0x1b28 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
    16:56:53.0280 0x1b28 wscsvc - ok
    16:56:53.0343 0x1b28 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
    16:56:53.0343 0x1b28 WSDPrintDevice - ok
    16:56:53.0499 0x1b28 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
    16:56:53.0514 0x1b28 WSDScan - ok
    16:56:53.0514 0x1b28 WSearch - ok
    16:56:53.0748 0x1b28 [ 499034D7F1F6AF49F9EE12F8822793CB, 55D591C4861AF66C6B9201BF78808B2ECE7B79D95C6BB07FF0ED87EFE63DD99E ] wuauserv C:\windows\system32\wuaueng.dll
    16:56:53.0842 0x1b28 wuauserv - ok
    16:56:53.0904 0x1b28 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    16:56:53.0936 0x1b28 WudfPf - ok
    16:56:53.0967 0x1b28 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    16:56:53.0967 0x1b28 wudfsvc - ok
    16:56:54.0029 0x1b28 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
    16:56:54.0092 0x1b28 WwanSvc - ok
    16:56:54.0326 0x1b28 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    16:56:54.0341 0x1b28 YahooAUService - ok
    16:56:54.0388 0x1b28 ================ Scan global ===============================
    16:56:54.0419 0x1b28 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
    16:56:54.0466 0x1b28 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
    16:56:54.0482 0x1b28 [ 2313AF8D5A9CEB4A55400A01DD311A95, A5779FE967EA2703E86BEDC32CD736617AF278C72048228F038DFC628E1E0AA2 ] C:\windows\system32\winsrv.dll
    16:56:54.0528 0x1b28 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
    16:56:54.0575 0x1b28 [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\windows\system32\services.exe
    16:56:54.0575 0x1b28 [ Global ] - ok
    16:56:54.0575 0x1b28 ================ Scan MBR ==================================
    16:56:54.0591 0x1b28 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    16:56:55.0402 0x1b28 \Device\Harddisk0\DR0 - ok
    16:56:55.0402 0x1b28 ================ Scan VBR ==================================
    16:56:55.0418 0x1b28 [ 7435FD853944C7870B9C51121F2D5BBD ] \Device\Harddisk0\DR0\Partition1
    16:56:55.0433 0x1b28 \Device\Harddisk0\DR0\Partition1 - ok
    16:56:55.0433 0x1b28 ================ Scan generic autorun ======================
    16:56:55.0964 0x1b28 [ D560554BAE63D2A18197B7D2B5DA045B, 2BC9256C5759070DCF970F8F39297F9A7A804BD845A49BD3DE66A7305E307C06 ] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe
    16:56:56.0073 0x1b28 EKStatusMonitor - ok
    16:56:57.0056 0x1b28 [ 123CE08362EE48BBA7F9F1D7EB50F24F, B78A49B186475805D7022E22AE163C535F3594F62CEA2759547EC514FA6CBFCC ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
    16:56:57.0290 0x1b28 AvastUI.exe - ok
    16:56:57.0555 0x1b28 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    16:56:57.0586 0x1b28 Sidebar - ok
    16:56:57.0617 0x1b28 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    16:56:57.0617 0x1b28 mctadmin - ok
    16:56:57.0648 0x1b28 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
    16:56:57.0680 0x1b28 Sidebar - ok
    16:56:57.0680 0x1b28 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
    16:56:57.0680 0x1b28 mctadmin - ok
    16:56:58.0163 0x1b28 [ 52BB1038DE18319F9AAC7B3603522AE4, 33F9054C58F6768327740EDCEBDAA05E6DD0692CCCA6284E89E715C2459B666E ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    16:56:58.0397 0x1b28 SUPERAntiSpyware - ok
    16:56:58.0694 0x1b28 [ 053EEEE1ABAE53F044F1E386E22AE525, 195C8B78C0CF68F3DC1C08E58CE2A7146764F9273C39EF369194A366FA8EE1AD ] C:\Users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe
    16:56:58.0725 0x1b28 Google Update - ok
    16:56:59.0364 0x1b28 [ 15BDAEAF2661CD5FFC70269D1FCB1A72, 25A3F25B095F6FB0BAF22D8DFFAC07CA33E6EC8331EAD1D78FCB8D2C1F5490CB ] C:\Users\Treasure\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
    16:56:59.0536 0x1b28 Google Photos Backup - ok
    16:56:59.0536 0x1b28 Waiting for KSN requests completion. In queue: 181
    16:57:00.0550 0x1b28 Waiting for KSN requests completion. In queue: 181
    16:57:01.0564 0x1b28 Waiting for KSN requests completion. In queue: 181
    16:57:02.0578 0x1b28 Waiting for KSN requests completion. In queue: 181
    16:57:03.0998 0x1b28 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 10.4.2233.1299 ), 0x41000 ( enabled : updated )
    16:57:04.0107 0x1b28 Win FW state via NFP2: enabled ( trusted )
    16:57:07.0246 0x1b28 ============================================================
    16:57:07.0246 0x1b28 Scan finished
    16:57:07.0246 0x1b28 ============================================================
    16:57:07.0277 0x1b38 Detected object count: 0
    16:57:07.0277 0x1b38 Actual detected object count: 0
    16:59:31.0209 0x1950 Deinitialize success

  10. #9
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,158
    Points
    1301

    Default

    Please run Combofix,

    You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

    1. Close any open browsers or any other programs that are open.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note 1: Do not mouseclick or mouse over combofix's window while it's running. That may cause it to stall

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the compute r



    Please post the Log from Combofix
    Last edited by zep516; 09-28-2015 at 08:08 PM.

  11. #10
    Member
    Join Date
    Sep 2015
    Posts
    15
    Points
    0

    Default

    ComboFix 15-09-25.01 - Treasure 09/29/2015 10:13:35.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2201 [GMT -4:00]
    Running from: c:\users\Treasure\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\END
    c:\program files (x86)\Google\Desktop\Install
    c:\program files (x86)\Google\Desktop\Install\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\9519~1\A535~1\E628~1\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\L\00000004.@
    c:\program files (x86)\Google\Desktop\Install\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\9519~1\A535~1\E628~1\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\L\201d3dde
    c:\program files (x86)\Google\Desktop\Install\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\9519~1\A535~1\E628~1\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\L\6715e287
    c:\program files (x86)\Google\Desktop\Install\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\9519~1\A535~1\E628~1\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\L\76603ac3
    c:\programdata\8d876bf8
    c:\programdata\ntuser.pol
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\yfh0LPb94X.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\wZtlVD.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\M0V05.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\hc5YK409L.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\b5Lo.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\icon48.png
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\background.html
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\BHKENbCzFa.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\content.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\yfh0LPb94X.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\wZtlVD.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\M0V05.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\hc5YK409L.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\b5Lo.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\icon48.png
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\background.html
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\BHKENbCzFa.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\content.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\yfh0LPb94X.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\wZtlVD.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\M0V05.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\hc5YK409L.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\b5Lo.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\icon48.png
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\manifest.json
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\background.html
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\BHKENbCzFa.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\content.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\lsdb.js
    c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\yfh0LPb94X.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\wZtlVD.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\M0V05.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\hc5YK409L.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\b5Lo.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\icon48.png
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\BHKENbCzFa.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\yfh0LPb94X.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\wZtlVD.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\M0V05.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\hc5YK409L.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\b5Lo.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\icon48.png
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\BHKENbCzFa.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\cgcdknfbdhckjphjnnmfpkpjdaekleab\1.0\yfh0LPb94X.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\fmpgfomlfbjkghdjooppakigmncbdcna\2.7\wZtlVD.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\M0V05.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ggjjhmlbgcoibebdacdejmkoggkiioil\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\hc5YK409L.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\kllnfbmaonhofpolkaamigjchphfhohf\2.7\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\b5Lo.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\icon48.png
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\mmllafohibmeiahlhocihicahlodckli\1.1\manifest.json
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\background.html
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\BHKENbCzFa.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\content.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\lsdb.js
    c:\users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ogcjbnjkocolpkcoidddfgdeenghdckm\2.7\manifest.json
    c:\users\Treasure\AppData\Local\GCC\GccProfiler.exe
    c:\users\Treasure\AppData\Local\Google\Chrome\User Data\Default\Preferences
    c:\users\Treasure\AppData\Local\Google\Desktop\Install
    c:\users\Treasure\AppData\Local\Google\Desktop\Install\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\2E2F~1\28F0~1\E628~1\{c025e8d8-a883-8a0c-969a-6cebb0edbcaa}\L\00000004.@
    c:\users\Treasure\AppData\Roaming\db6a8a10
    c:\users\Treasure\Documents\~WRL3408.tmp
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\SysWow64\14_43260.dll
    c:\windows\SysWow64\28_83260.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NETHFDRV
    -------\Service_TelevisionFanaticService
    .
    .
    ((((((((((((((((((((((((( Files Created from 2015-08-28 to 2015-09-29 )))))))))))))))))))))))))))))))
    .
    .
    2015-09-29 14:31 . 2015-09-29 14:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2015-09-29 14:31 . 2015-09-29 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-09-28 15:53 . 2015-09-28 17:13 -------- d-----w- c:\users\Treasure\New folder
    2015-09-27 17:32 . 2015-09-28 20:39 -------- d-----w- C:\FRST
    2015-09-22 20:58 . 2015-09-22 21:08 -------- d-----w- c:\windows\SysWow64\vbox
    2015-09-22 20:58 . 2015-09-22 21:08 -------- d-----w- c:\windows\system32\vbox
    2015-09-22 20:56 . 2015-09-22 20:56 -------- d-----w- c:\users\Treasure\AppData\Roaming\AVAST Software
    2015-09-22 20:50 . 2015-09-22 20:50 153744 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2015-09-22 20:50 . 2015-09-22 20:50 274808 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-09-22 20:50 . 2015-09-22 20:50 65224 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-09-22 20:50 . 2015-09-22 20:50 448968 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-09-22 20:50 . 2015-09-22 20:50 90968 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2015-09-22 20:50 . 2015-09-22 20:50 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2015-09-22 20:50 . 2015-09-22 20:50 28656 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-09-22 20:50 . 2015-09-22 20:49 1049880 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2015-09-22 20:50 . 2015-09-22 20:49 132656 ----a-w- c:\windows\system32\drivers\ngvss.sys
    2015-09-22 20:50 . 2015-09-22 20:50 378880 ----a-w- c:\windows\system32\aswBoot.exe
    2015-09-22 20:49 . 2015-09-22 20:49 43112 ----a-w- c:\windows\avastSS.scr
    2015-09-22 20:46 . 2015-09-22 20:46 -------- d-----w- c:\program files\AVAST Software
    2015-09-22 20:42 . 2015-09-22 20:42 -------- d-----w- c:\programdata\AVAST Software
    2015-09-22 04:32 . 2015-09-26 03:40 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-09-22 04:25 . 2015-06-18 12:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-09-22 04:25 . 2015-06-18 12:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-09-22 04:25 . 2015-06-18 12:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-09-22 04:23 . 2015-09-22 04:25 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-09-22 03:40 . 2015-09-22 03:40 18819272 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2015-09-22 02:44 . 2015-09-22 02:44 -------- d-----w- C:\SUPERDelete
    2015-09-22 02:35 . 2015-09-22 02:35 -------- d-----w- c:\users\Treasure\AppData\Roaming\SUPERAntiSpyware.com
    2015-09-22 02:33 . 2015-09-22 02:35 -------- d-----w- c:\program files\SUPERAntiSpyware
    2015-09-22 02:33 . 2015-09-22 02:33 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2015-09-20 21:58 . 2015-09-20 21:58 -------- d-----w- c:\programdata\Avg_Update_0915wt
    2015-09-20 03:10 . 2015-09-20 03:10 -------- d-----w- c:\program files (x86)\Magical Jelly Bean
    2015-09-02 02:26 . 2015-09-02 02:26 -------- d-----w- c:\users\Treasure\AppData\Roaming\dvdcss
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-09-29 13:57 . 2015-09-29 13:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C20149-8A62-416B-997B-56217611CA84}\offreg.4668.dll
    2015-09-26 02:08 . 2015-09-26 02:08 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C20149-8A62-416B-997B-56217611CA84}\offreg.1544.dll
    2015-09-22 03:40 . 2012-05-11 21:57 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-09-22 03:40 . 2011-12-09 04:42 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-09-20 20:44 . 2012-04-24 22:49 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2015-09-20 20:44 . 2012-04-24 22:49 1707160 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2015-09-20 20:44 . 2012-04-16 03:57 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2015-09-20 20:43 . 2012-04-16 03:57 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2015-09-16 09:43 . 2015-09-25 21:42 11062400 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C20149-8A62-416B-997B-56217611CA84}\mpengine.dll
    2015-09-02 02:10 . 2012-04-16 03:57 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2015-09-02 02:08 . 2012-04-16 03:57 2877080 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2015-09-02 02:07 . 2012-04-24 22:49 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2015-08-26 22:37 . 2011-12-21 01:04 134753440 ----a-w- c:\windows\system32\MRT.exe
    2015-08-26 16:07 . 2012-04-24 22:49 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2015-07-30 18:06 . 2015-08-20 13:20 1648128 ----a-w- c:\windows\system32\DWrite.dll
    2015-07-30 18:06 . 2015-08-20 13:20 1180160 ----a-w- c:\windows\system32\FntCache.dll
    2015-07-30 18:06 . 2015-08-20 13:20 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2015-07-30 18:06 . 2015-08-20 13:20 41984 ----a-w- c:\windows\system32\lpk.dll
    2015-07-30 18:06 . 2015-08-20 13:20 100864 ----a-w- c:\windows\system32\fontsub.dll
    2015-07-30 18:06 . 2015-08-20 13:20 14336 ----a-w- c:\windows\system32\dciman32.dll
    2015-07-30 18:06 . 2015-08-20 13:20 46080 ----a-w- c:\windows\system32\atmlib.dll
    2015-07-30 17:57 . 2015-08-20 13:20 1251328 ----a-w- c:\windows\SysWow64\DWrite.dll
    2015-07-30 17:57 . 2015-08-20 13:20 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2015-07-30 17:57 . 2015-08-20 13:20 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
    2015-07-30 17:57 . 2015-08-20 13:20 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
    2015-07-30 17:57 . 2015-08-20 13:20 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2015-07-30 17:55 . 2015-08-20 13:20 25600 ----a-w- c:\windows\SysWow64\lpk.dll
    2015-07-30 16:56 . 2015-08-20 13:20 3208192 ----a-w- c:\windows\system32\win32k.sys
    2015-07-30 16:52 . 2015-08-20 13:20 372736 ----a-w- c:\windows\system32\atmfd.dll
    2015-07-30 16:49 . 2015-08-20 13:20 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
    2015-07-30 13:13 . 2015-08-20 23:04 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-07-30 13:13 . 2015-08-20 23:04 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-07-20 18:12 . 2015-08-20 13:17 3154944 ----a-w- c:\windows\system32\wucltux.dll
    2015-07-20 18:12 . 2015-08-20 13:17 98304 ----a-w- c:\windows\system32\wudriver.dll
    2015-07-20 18:12 . 2015-08-20 13:17 37888 ----a-w- c:\windows\system32\wups2.dll
    2015-07-20 18:12 . 2015-08-20 13:17 36864 ----a-w- c:\windows\system32\wups.dll
    2015-07-20 18:12 . 2015-08-20 13:17 2606080 ----a-w- c:\windows\system32\wuaueng.dll
    2015-07-20 18:12 . 2015-08-20 13:17 192000 ----a-w- c:\windows\system32\wuwebv.dll
    2015-07-20 18:12 . 2015-08-20 13:17 696320 ----a-w- c:\windows\system32\wuapi.dll
    2015-07-20 18:12 . 2015-08-20 13:17 91136 ----a-w- c:\windows\system32\WinSetupUI.dll
    2015-07-20 18:12 . 2015-08-20 13:17 12288 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
    2015-07-20 18:12 . 2015-08-20 13:17 37376 ----a-w- c:\windows\system32\wuapp.exe
    2015-07-20 18:12 . 2015-08-20 13:17 139776 ----a-w- c:\windows\system32\wuauclt.exe
    2015-07-20 17:56 . 2015-08-20 13:17 93184 ----a-w- c:\windows\SysWow64\wudriver.dll
    2015-07-20 17:56 . 2015-08-20 13:17 30208 ----a-w- c:\windows\SysWow64\wups.dll
    2015-07-20 17:56 . 2015-08-20 13:17 173056 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2015-07-20 17:56 . 2015-08-20 13:17 566784 ----a-w- c:\windows\SysWow64\wuapi.dll
    2015-07-20 17:56 . 2015-08-20 13:17 34816 ----a-w- c:\windows\SysWow64\wuapp.exe
    2015-07-15 03:19 . 2015-08-20 13:26 2004992 ----a-w- c:\windows\system32\msxml6.dll
    2015-07-15 03:19 . 2015-08-20 13:26 1887232 ----a-w- c:\windows\system32\msxml3.dll
    2015-07-15 03:14 . 2015-08-20 13:26 2048 ----a-w- c:\windows\system32\msxml6r.dll
    2015-07-15 03:13 . 2015-08-20 13:26 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-07-15 02:55 . 2015-08-20 13:26 1390592 ----a-w- c:\windows\SysWow64\msxml6.dll
    2015-07-15 02:55 . 2015-08-20 13:26 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-07-15 02:51 . 2015-08-20 13:26 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
    2015-07-15 02:51 . 2015-08-20 13:26 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2015-07-10 17:51 . 2015-08-20 13:26 44032 ----a-w- c:\windows\system32\tsgqec.dll
    2015-07-10 17:51 . 2015-08-20 13:33 14177280 ----a-w- c:\windows\system32\shell32.dll
    2015-07-10 17:51 . 2015-08-20 13:26 3722752 ----a-w- c:\windows\system32\mstscax.dll
    2015-07-10 17:51 . 2015-08-20 13:26 158720 ----a-w- c:\windows\system32\aaclient.dll
    2015-07-10 17:34 . 2015-08-20 13:26 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2015-07-10 17:34 . 2015-08-20 13:26 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
    2015-07-10 17:33 . 2015-08-20 13:26 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
    2015-07-09 17:57 . 2015-08-20 13:31 193536 ----a-w- c:\windows\system32\notepad.exe
    2015-07-09 17:57 . 2015-08-20 13:31 193536 ----a-w- c:\windows\notepad.exe
    2015-07-09 17:42 . 2015-08-20 13:31 179712 ----a-w- c:\windows\SysWow64\notepad.exe
    2015-07-04 18:07 . 2015-08-20 13:21 2087424 ----a-w- c:\windows\system32\ole32.dll
    2015-07-04 17:48 . 2015-08-20 13:21 1414656 ----a-w- c:\windows\SysWow64\ole32.dll
    2015-07-01 20:56 . 2015-08-20 13:34 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2015-07-01 20:56 . 2015-08-20 13:34 155584 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2015-07-01 20:49 . 2015-08-20 13:26 260096 ----a-w- c:\windows\system32\WebClnt.dll
    2015-07-01 20:49 . 2015-08-20 13:34 210944 ----a-w- c:\windows\system32\wdigest.dll
    2015-07-01 20:49 . 2015-08-20 13:34 86528 ----a-w- c:\windows\system32\TSpkg.dll
    2015-07-01 20:49 . 2015-08-20 13:34 29184 ----a-w- c:\windows\system32\sspisrv.dll
    2015-07-01 20:49 . 2015-08-20 13:34 136192 ----a-w- c:\windows\system32\sspicli.dll
    2015-07-01 20:49 . 2015-08-20 13:34 342016 ----a-w- c:\windows\system32\schannel.dll
    2015-07-01 20:49 . 2015-08-20 13:34 28160 ----a-w- c:\windows\system32\secur32.dll
    2015-07-01 20:49 . 2015-08-20 13:34 1216512 ----a-w- c:\windows\system32\rpcrt4.dll
    2015-07-01 20:49 . 2015-08-20 13:34 309760 ----a-w- c:\windows\system32\ncrypt.dll
    2015-07-01 20:49 . 2015-08-20 13:34 315392 ----a-w- c:\windows\system32\msv1_0.dll
    2015-07-01 20:49 . 2015-08-20 13:34 729088 ----a-w- c:\windows\system32\kerberos.dll
    2015-07-01 20:49 . 2015-08-20 13:34 1461760 ----a-w- c:\windows\system32\lsasrv.dll
    2015-07-01 20:48 . 2015-08-20 13:26 102912 ----a-w- c:\windows\system32\davclnt.dll
    2015-07-01 20:48 . 2015-08-20 13:34 44032 ----a-w- c:\windows\system32\cryptbase.dll
    2015-07-01 20:48 . 2015-08-20 13:34 22016 ----a-w- c:\windows\system32\credssp.dll
    2015-07-01 20:47 . 2015-08-20 13:34 31232 ----a-w- c:\windows\system32\lsass.exe
    2015-07-01 20:47 . 2015-08-20 13:34 64000 ----a-w- c:\windows\system32\auditpol.exe
    2015-07-01 20:43 . 2015-08-20 13:34 60416 ----a-w- c:\windows\system32\msobjs.dll
    2015-07-01 20:43 . 2015-08-20 13:34 146432 ----a-w- c:\windows\system32\msaudite.dll
    2015-07-01 20:39 . 2015-08-20 13:34 686080 ----a-w- c:\windows\system32\adtschema.dll
    2015-07-01 20:30 . 2015-08-20 13:34 172032 ----a-w- c:\windows\SysWow64\wdigest.dll
    2015-07-01 20:30 . 2015-08-20 13:26 206848 ----a-w- c:\windows\SysWow64\WebClnt.dll
    2015-07-01 20:30 . 2015-08-20 13:34 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll
    2015-07-01 20:30 . 2015-08-20 13:34 248832 ----a-w- c:\windows\SysWow64\schannel.dll
    2015-07-01 20:30 . 2015-08-20 13:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2015-07-01 20:30 . 2015-08-20 13:34 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2015-07-01 20:30 . 2015-08-20 13:34 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2015-07-01 20:30 . 2015-08-20 13:34 552960 ----a-w- c:\windows\SysWow64\kerberos.dll
    2015-07-01 20:30 . 2015-08-20 13:34 36864 ----a-w- c:\windows\SysWow64\cryptbase.dll
    2015-07-01 20:30 . 2015-08-20 13:34 17408 ----a-w- c:\windows\SysWow64\credssp.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-07-30 7930136]
    "Google Photos Backup"="c:\users\Treasure\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe" [2015-08-26 3787080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2013-01-15 2750840]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-09-22 6134544]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2014-05-03 296520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVZOVgtTlNWVkwtTzRCWlEtUUlNQ0wtUVREQ0gtNElKTUg&inst=NzctMjE3MzcwMjA4Mi1TVDEwRk9JKzEtVFJNMjkrMS1UUk0zMCsxLUNJRDI0MFUrMTAwMS1DSUQyNDBVMisyLUM0MzZPKzUwNy1DNDM2VCsxLUM0MzZUQysx&prod=90&ver=10.0.1434" [?]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "ArcSoft Connection Service"=c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
    .
    R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [x]
    R2 Kodak Cloud Software Connector;Kodak Cloud Software Connector;c:\program files (x86)\Kodak\CloudPrinting\KCPConnector.exe;c:\program files (x86)\Kodak\CloudPrinting\KCPConnector.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
    R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
    R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe;c:\program files\CyberGhost VPN\CGVPNCliService.exe [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys;c:\windows\SYSNATIVE\drivers\massfilter_hs.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
    R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 ngvss;ngvss; [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrvx64.sys;c:\windows\SYSNATIVE\drivers\rsdrvx64.sys [x]
    S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
    S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [x]
    S2 KinoniSvc;Kinoni Service;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe;c:\program files (x86)\Kinoni\EpocCam_and_Barcode_drivers\KinoniSvc.exe [x]
    S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
    S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [x]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
    S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
    S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
    S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
    S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
    S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    S3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
    S3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2015-09-27 17:37 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2015-09-20 c:\windows\Tasks\0915wtUpdateInfo.job
    - c:\programdata\Avg_Update_0915wt\0915wt_{72079223-C646-46E8-8FAA-CE8912BCCF22}.exe [2015-09-20 21:54]
    .
    2015-09-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-17 03:40]
    .
    2015-09-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job
    - c:\users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-12 23:52]
    .
    2015-09-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job
    - c:\users\Treasure\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-05-12 23:52]
    .
    2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 11:20]
    .
    2015-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f56ba7386524.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 11:20]
    .
    2015-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-29 11:20]
    .
    2015-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core.job
    - c:\users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14 21:06]
    .
    2015-09-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001Core1d0f57b6e4bac2.job
    - c:\users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14 21:06]
    .
    2015-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2628051247-848522789-837856156-1001UA.job
    - c:\users\Treasure\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-14 21:06]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: bnkofamerica.com\www
    Trusted Zone: msn.com\www
    Trusted Zone: yahoo.com\toolbar
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3C460369-B635-4B40-8879-C4CD5E685DD7}: NameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}: NameServer = 8.8.8.8
    TCP: Interfaces\{83C483E2-355F-4F2D-A5F1-CE5ED4CB22BC}\E4F4B4941402C457D6961602633303F503336383: NameServer = 8.8.8.8
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-182c7933-2f9c-4600-9674-d08fe05e1906 - c:\progra~3\INSTAL~1\{DED96~1\Setup.exe
    AddRemove-2a7f0527-98a2-43cf-93bb-425473f336fe - c:\progra~3\INSTAL~1\{2B8A1~1\Setup.exe
    AddRemove-2e96e63c-40b4-45bf-b0cc-ae2336118120 - c:\progra~3\INSTAL~1\{F0466~1\Setup.exe
    AddRemove-33b1210f-bc6f-49bc-9348-f59e4d5e2b2a - c:\progra~3\INSTAL~1\{BF123~1\Setup.exe
    AddRemove-4b9a868d-ffe8-4f43-a421-a460e2087dc2 - c:\progra~3\INSTAL~1\{50449~1\Setup.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-df11d967-a3c1-4e84-b413-e9c44aeb46c8 - c:\progra~3\INSTAL~1\{852C2~1\Setup.exe
    AddRemove-ImTOO iPod Computer Transfer - c:\program files (x86)\ImTOO\iPod Manager\Uninstall.exe
    AddRemove-KeyBar_1.13 Toolbar - c:\program files (x86)\KeyBar_1.13\uninstall.exe
    AddRemove-WT089366 - c:\program files (x86)\TOSHIBA Games\Cake Mania - Lights
    AddRemove-{5F624839-947D-46EA-BD63-FD847C1AC6F1} - c:\programdata\{6F1B3060-90C7-4F21-AFFB-07B6150C73EA}\BearShare_V10_en_Setup.exe
    AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\BlueStacks]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.19"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\774993500\0\Modules\*PUBLIC=c:\users\Public*SESSIONNAME=Console*SystemDrive=C:*SystemRoot=c:\windows*temp=c:\Users\Treasure\AppData\Local\Temp*TMP=c:\users\Treasure\AppData\Local\Temp*USERDOMAIN=Treasure-PC*USERNAME=Treasure*USERPROFILE=c:\users\Treasure*windir=C:\w]
    "JoinUserExperience"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    .
    **************************************************************************
    .
    Completion time: 2015-09-29 10:53:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2015-09-29 14:53
    .
    Pre-Run: 236,701,589,504 bytes free
    Post-Run: 236,346,544,128 bytes free
    .
    - - End Of File - - CF2D56C33142DAF4C4ED4453F79DC153
    5B5E648D12FCADC244C1EC30318E1EB9

Page 1 of 3 123 LastLast