Bitsadmin pops up for just a second and vanishes.

Page 1 of 2 12 LastLast

  1. Posts : 7
    Windows 10
       #1

    Bitsadmin pops up for just a second and vanishes.


    I manged to get a screenshot of it. http://prntscr.com/bhep02

    I have gone through and read one thread that looks as if I am having the exact problem as them, but I did not want to go off of someone else's problems even though they are very similar to mine. I have noticed that Superfly has fixed this twice so I'm hoping he will help.

    Also I'm getting this weird thing when I go onto certain sites like this one I won't be able to click on anything and when I do a new tab opens with some fishy website, but it is always different and also certain words on any site are highlighted in blue like a hyperlink and they open pop-ups. It could be a cause of this Bitsadmin downloading some stuff because no matter how many times I run Malwarebytes and remove some there are always some virus, malware, or trogans left behind.

    I will try to get a picture of the whole site thing with the hyperlinked text if needed.

    Thank you in advanced for all the help.
      My Computer


  2. Posts : 16,325
    W10Prox64
       #2

    nexust said:
    I manged to get a screenshot of it. http://prntscr.com/bhep02

    I have gone through and read one thread that looks as if I am having the exact problem as them, but I did not want to go off of someone else's problems even though they are very similar to mine. I have noticed that Superfly has fixed this twice so I'm hoping he will help.

    Also I'm getting this weird thing when I go onto certain sites like this one I won't be able to click on anything and when I do a new tab opens with some fishy website, but it is always different and also certain words on any site are highlighted in blue like a hyperlink and they open pop-ups. It could be a cause of this Bitsadmin downloading some stuff because no matter how many times I run Malwarebytes and remove some there are always some virus, malware, or trogans left behind.

    I will try to get a picture of the whole site thing with the hyperlinked text if needed.

    Thank you in advanced for all the help.
    Hi nexust and welcome to Tenforums.

    Let's do some scans first to see what's found:

    Download to your desktop and run RKILL.
    RKill Download
    Try the exe file first. If your system won't run it (because an infections is blocking it from running, try the *.com version or the one renamed as iexplore.exe

    When finished, it will open a log; please post that here.
    DO NOT reboot. Everything RKILL does is temporary and is undone by a reboot.

    Download and run ADWCleaner. Select Scan, then Clean. When it's finished, the log file can be found at C:\AdwCleaner\. Please post that log as well.
    ToolsLib - Downloads - AdwCleaner

    Download and run TSDDKiller.
    Download Free TDSSKiller - Rootkit Removal | Kaspersky Lab US
    See instructions here:
    TDSSKiller Download

    Let us know if it finds anything.

    Once you've posted your results, we can go from there. Thanks.

    EDIT: Let's also add JRT to the list of scans. Sounds like it may be needed.
    Junkware Removal Tool Download

    .
      My Computer


  3. Posts : 7
    Windows 10
    Thread Starter
       #3

    Log for ADWCleaner :

    Code:
    # AdwCleaner v5.201 - Logfile created 03/07/2016 at 18:37:24# Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-01.1 [Server]
    # Operating system : Windows 10 Home  (X64)
    # Username : McRae - NEXUST-PC
    # Running from : C:\Users\McRae\Downloads\adwcleaner_5.201.exe
    # Option : Clean
    # Support : ToolsLib - Forum: Ask for help or share your experience.
    
    
    ***** [ Services ] *****
    
    
    
    
    ***** [ Folders ] *****
    
    
    [-] Folder Deleted : C:\ProgramData\dtdata
    [#] Folder Deleted : C:\ProgramData\Application Data\dtdata
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    [-] Folder Deleted : C:\Program Files (x86)\OApps
    [-] Folder Deleted : C:\Program Files (x86)\Popcorn Time
    [-] Folder Deleted : C:\WINDOWS\cSysSecure1.0.0.5
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\QuickCleaner
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\WINTUNEPRO
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\PC Cleaners
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\QuickCleaner
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\{75623D5D-4683-402A-B610-AC4BAB767C86}
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmifmjgoddkicidifnaenlagjcofomn
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
    
    
    ***** [ Files ] *****
    
    
    [-] File Deleted : C:\ProgramData\uninstaller.exe
    [#] File Deleted : C:\ProgramData\Application Data\uninstaller.exe
    [-] File Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\staged\wecarereminder@bryan.json
    [-] File Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\searchplugins\safeguard-secure-search.xml
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pnmifmjgoddkicidifnaenlagjcofomn
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
    
    
    ***** [ DLLs ] *****
    
    
    
    
    ***** [ WMI ] *****
    
    
    
    
    ***** [ Shortcuts ] *****
    
    
    
    
    ***** [ Scheduled tasks ] *****
    
    
    
    
    ***** [ Registry ] *****
    
    
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    [-] Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
    [-] Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    [-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
    [-] Key Deleted : HKCU\Software\OutfoxTV
    [-] Key Deleted : HKCU\Software\PCCleaners
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    After running ADWCleaner I can go on sites and the hyperlinked words are gone and no fishy websites, but last time I got rid of it, it came back so here's hoping.

    Log for RKill :

    Code:
    Rkill 2.8.4 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
     RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
    
    
    Program started at: 07/03/2016 06:30:26 PM in x64 mode.
    Windows Version: Windows 10 Home 
    
    
    Checking for Windows services to stop:
    
    
     * No malware services found to stop.
    
    
    Checking for processes to terminate:
    
    
     * No malware processes found to kill.
    
    
    Checking Registry for malware related settings:
    
    
     * No issues found in the Registry.
    
    
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    
    
    Performing miscellaneous checks:
    
    
     * Windows Defender Disabled
    
    
       [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
       "DisableAntiSpyware" = dword:00000001
    Last edited by Brink; 03 Jul 2016 at 19:01. Reason: code box
      My Computer


  4. Posts : 16,325
    W10Prox64
       #4

    nexust said:
    Log for ADWCleaner :

    Code:
    # AdwCleaner v5.201 - Logfile created 03/07/2016 at 18:37:24# Updated 30/06/2016 by ToolsLib
    # Database : 2016-07-01.1 [Server]
    # Operating system : Windows 10 Home  (X64)
    # Username : McRae - NEXUST-PC
    # Running from : C:\Users\McRae\Downloads\adwcleaner_5.201.exe
    # Option : Clean
    # Support : ToolsLib - Forum: Ask for help or share your experience.
    
    
    ***** [ Services ] *****
    
    
    
    
    ***** [ Folders ] *****
    
    
    [-] Folder Deleted : C:\ProgramData\dtdata
    [#] Folder Deleted : C:\ProgramData\Application Data\dtdata
    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time
    [-] Folder Deleted : C:\Program Files (x86)\OApps
    [-] Folder Deleted : C:\Program Files (x86)\Popcorn Time
    [-] Folder Deleted : C:\WINDOWS\cSysSecure1.0.0.5
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\QuickCleaner
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\WINTUNEPRO
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\PC Cleaners
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\QuickCleaner
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [-] Folder Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\{75623D5D-4683-402A-B610-AC4BAB767C86}
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmifmjgoddkicidifnaenlagjcofomn
    [-] Folder Deleted : C:\Users\McRae\AppData\Local\VirtualStore\Program Files (x86)\Popcorn Time
    
    
    ***** [ Files ] *****
    
    
    [-] File Deleted : C:\ProgramData\uninstaller.exe
    [#] File Deleted : C:\ProgramData\Application Data\uninstaller.exe
    [-] File Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\staged\wecarereminder@bryan.json
    [-] File Deleted : C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\searchplugins\safeguard-secure-search.xml
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pnmifmjgoddkicidifnaenlagjcofomn
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_cdncache-a.akamaihd.net_0.localstorage-journal
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
    [-] File Deleted : C:\Users\McRae\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
    
    
    ***** [ DLLs ] *****
    
    
    
    
    ***** [ WMI ] *****
    
    
    
    
    ***** [ Shortcuts ] *****
    
    
    
    
    ***** [ Scheduled tasks ] *****
    
    
    
    
    ***** [ Registry ] *****
    
    
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
    [-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
    [-] Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    [-] Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO
    [-] Key Deleted : HKLM\SOFTWARE\Classes\SelectionLinksv4.SelectionLinksBHO.1
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{655847A1-FA36-46ED-923B-A5CD523696EA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    [-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
    [-] Key Deleted : HKCU\Software\OutfoxTV
    [-] Key Deleted : HKCU\Software\PCCleaners
    [-] Key Deleted : HKCU\Software\Yahoo\Companion
    After running ADWCleaner I can go on sites and the hyperlinked words are gone and no fishy websites, but last time I got rid of it, it came back so here's hoping.

    Log for RKill :

    Code:
    Rkill 2.8.4 by Lawrence Abrams (Grinler)
    BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
     RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
    
    
    Program started at: 07/03/2016 06:30:26 PM in x64 mode.
    Windows Version: Windows 10 Home 
    
    
    Checking for Windows services to stop:
    
    
     * No malware services found to stop.
    
    
    Checking for processes to terminate:
    
    
     * No malware processes found to kill.
    
    
    Checking Registry for malware related settings:
    
    
     * No issues found in the Registry.
    
    
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    
    
    Performing miscellaneous checks:
    
    
     * Windows Defender Disabled
    
    
       [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
       "DisableAntiSpyware" = dword:00000001
    That's good. It looks like a lot of junk has been removed. However, I am not seeing the full reports. The RKILL Log should reference the HOSTS file near the end, and the ADWCleaner file closing info is not there.
    • Please post the full logs, unedited, in code boxes (using the "#" sign) as it is important for me to see fully what they've done.
    • Also, did you run JRT & TDSSKiller yet?
    • What active Avti-Virus are you using?

    Thanks.
      My Computer


  5. Posts : 3,502
    Win_8.1-Pro, Win_10.1607-Pro, Mint_17.3
       #5

    Continue to follow simrick's lead - I'm just dropping in to give some additional suggestions

    When you finish the malware scans, you might want to run Cleanup, do a Clean Starttup, and rebuild the hibernation file (toggle off to delete, then toggle on if you want it back on with a new file)

    Disk Cleanup - Use Extended Disk Cleanup

    Perform a Clean Boot
    Part ONE only

    Hibernate - Enable or Disable in Windows 10
    4. To Disable Hibernate
    then
    3. To Enable Hibernate

    The above tasks clean up places malware might hide

    I also suggest running SFC /Scannow after the malware scans to replace any system files that might have been affected.
      My Computer


  6. Posts : 7
    Windows 10
    Thread Starter
       #6

    simrick said:
    That's good. It looks like a lot of junk has been removed. However, I am not seeing the full reports. The RKILL Log should reference the HOSTS file near the end, and the ADWCleaner file closing info is not there.
    • Please post the full logs, unedited, in code boxes (using the "#" sign) as it is important for me to see fully what they've done.
    • Also, did you run JRT & TDSSKiller yet?
    • What active Avti-Virus are you using?

    Thanks.
    I am using Malwarebytes Anti-Malware.

    Log for RKill sorry I had to wait for it to finish XD :

    Code:
    Rkill 2.8.4 by Lawrence Abrams (Grinler)BleepingComputer.com - News, Reviews, and Technical Support
    Copyright 2008-2016 BleepingComputer.com
    More Information about Rkill can be found at this link:
     RKill - What it does and What it Doesnt - A brief introduction to the program - Anti-Virus, Anti-Malware, and Privacy Software
    
    
    Program started at: 07/04/2016 08:07:26 AM in x64 mode.
    Windows Version: Windows 10 Home 
    
    
    Checking for Windows services to stop:
    
    
     * No malware services found to stop.
    
    
    Checking for processes to terminate:
    
    
     * C:\Users\McRae\AppData\Local\Skillbrains\lightshot\5.1.4.17\Lightshot.exe (PID: 7228) [UP-HEUR]
    
    
    1 proccess terminated!
    
    
    Checking Registry for malware related settings:
    
    
     * No issues found in the Registry.
    
    
    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
    
    
    Performing miscellaneous checks:
    
    
     * Windows Defender Disabled
    
    
       [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
       "DisableAntiSpyware" = dword:00000001
    
    
    Checking Windows Service Integrity: 
    
    
     * No issues found.
    
    
    Searching for Missing Digital Signatures: 
    
    
     * No issues found.
    
    
    Checking HOSTS File: 
    
    
     * HOSTS file entries found: 
    
    
      127.0.0.1       down.baidu2016.com
      127.0.0.1       123.sogou.com
      127.0.0.1       Welcome to nginx!
      127.0.0.1       http://www.czzsyzxl.com
      127.0.0.1       union.baidu2019.com
    
    
    Program finished at: 07/04/2016 08:09:38 AM
    Execution time: 0 hours(s), 2 minute(s), and 12 seconds(s)
    I am going to run the last two cleaners now.
      My Computer


  7. Posts : 7
    Windows 10
    Thread Starter
       #7

    simrick said:
    That's good. It looks like a lot of junk has been removed. However, I am not seeing the full reports. The RKILL Log should reference the HOSTS file near the end, and the ADWCleaner file closing info is not there.
    • Please post the full logs, unedited, in code boxes (using the "#" sign) as it is important for me to see fully what they've done.
    • Also, did you run JRT & TDSSKiller yet?
    • What active Avti-Virus are you using?

    Thanks.
    Log for TDSSKiller :

    Code:
    09:49:23.0147 0x8108  TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:1209:49:28.0576 0x8108  ============================================================
    09:49:28.0576 0x8108  Current date / time: 2016/07/04 09:49:28.0576
    09:49:28.0576 0x8108  SystemInfo:
    09:49:28.0576 0x8108  
    09:49:28.0577 0x8108  OS Version: 10.0.10586 ServicePack: 0.0
    09:49:28.0577 0x8108  Product type: Workstation
    09:49:28.0577 0x8108  ComputerName: NEXUST-PC
    09:49:28.0577 0x8108  UserName: McRae
    09:49:28.0577 0x8108  Windows directory: C:\WINDOWS
    09:49:28.0577 0x8108  System windows directory: C:\WINDOWS
    09:49:28.0577 0x8108  Running under WOW64
    09:49:28.0577 0x8108  Processor architecture: Intel x64
    09:49:28.0577 0x8108  Number of processors: 6
    09:49:28.0577 0x8108  Page size: 0x1000
    09:49:28.0577 0x8108  Boot type: Normal boot
    09:49:28.0577 0x8108  ============================================================
    09:49:29.0056 0x8108  KLMD registered as C:\WINDOWS\system32\drivers\73342274.sys
    09:49:29.0278 0x8108  System UUID: {FA6D4BC0-4F0A-D2A3-97C0-52AAAA9E9D62}
    09:49:29.0636 0x8108  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xFC59, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
    09:49:32.0392 0x8108  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    09:49:32.0397 0x8108  ============================================================
    09:49:32.0397 0x8108  \Device\Harddisk0\DR0:
    09:49:32.0397 0x8108  MBR partitions:
    09:49:32.0397 0x8108  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    09:49:32.0397 0x8108  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x38CAD800
    09:49:32.0397 0x8108  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38DC1000, BlocksNum 0x15C4800
    09:49:32.0397 0x8108  \Device\Harddisk1\DR1:
    09:49:32.0397 0x8108  MBR partitions:
    09:49:32.0397 0x8108  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
    09:49:32.0397 0x8108  ============================================================
    09:49:32.0429 0x8108  C: <-> \Device\Harddisk0\DR0\Partition2
    09:49:32.0459 0x8108  D: <-> \Device\Harddisk0\DR0\Partition3
    09:49:32.0482 0x8108  I: <-> \Device\Harddisk1\DR1\Partition1
    09:49:32.0482 0x8108  ============================================================
    09:49:32.0482 0x8108  Initialize success
    09:49:32.0482 0x8108  ============================================================
    09:49:52.0853 0x7d30  ============================================================
    09:49:52.0853 0x7d30  Scan started
    09:49:52.0853 0x7d30  Mode: Manual; 
    09:49:52.0853 0x7d30  ============================================================
    09:49:52.0853 0x7d30  KSN ping started
    09:49:52.0969 0x7d30  KSN ping finished: true
    09:50:03.0017 0x7d30  ================ Scan system memory ========================
    09:50:03.0017 0x7d30  System memory - ok
    09:50:03.0018 0x7d30  ================ Scan services =============================
    09:50:03.0135 0x7d30  1394ohci - ok
    09:50:03.0139 0x7d30  3ware - ok
    09:50:03.0149 0x7d30  ACPI - ok
    09:50:03.0149 0x7d30  acpiex - ok
    09:50:03.0149 0x7d30  acpipagr - ok
    09:50:03.0169 0x7d30  AcpiPmi - ok
    09:50:03.0172 0x7d30  acpitime - ok
    09:50:03.0249 0x7d30  [ E324D38B6CCF843ED4F6D521908AEE5B, D34DAF5AB7A3C2751C0C3BD3C21E52909E6D182DD202BD3C0B4981535320E64A ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    09:50:03.0249 0x7d30  AdobeFlashPlayerUpdateSvc - ok
    09:50:03.0473 0x7d30  [ 8A910356CAE9606D1F40F25570B284AF, 1D28A78E2666D9CC924D1604483D83EEC55920935D8720614202F62521071B9F ] AdobeUpdateService C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    09:50:03.0496 0x7d30  AdobeUpdateService - ok
    09:50:03.0527 0x7d30  ADP80XX - ok
    09:50:03.0545 0x7d30  AFD - ok
    09:50:03.0550 0x7d30  agp440 - ok
    09:50:03.0637 0x7d30  [ C17171E63E84F5711DF23B8F1E7A100E, C2AFDDA0A1A502FAE6B51BD00FF5884F46A74D9AEC76856B32E82D244D14FA97 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    09:50:03.0686 0x7d30  AGSService - ok
    09:50:03.0709 0x7d30  ahcache - ok
    09:50:03.0709 0x7d30  AJRouter - ok
    09:50:03.0732 0x7d30  ALG - ok
    09:50:03.0771 0x7d30  [ FEBA957B8BEC218D81ADBDCD2A076B98, F157056DFEB9BF2F42534626F7528462CA1888E2BFB178FEB7B720DDC792CA6F ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
    09:50:03.0776 0x7d30  AMD External Events Utility - ok
    09:50:03.0867 0x7d30  [ B965E93A34E80BDAF2A8102D13EAD649, 4AC0B5A66704A2C3D7A6DCA523D9AB990B4E20C4CB4A5650DECD848E513B2935 ] AMD FUEL Service C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
    09:50:03.0875 0x7d30  AMD FUEL Service - ok
    09:50:03.0925 0x7d30  [ 4249DA806451D394712B4D66C8652DBB, 36756510F31B3C7FD1E3D89ADA69996CE3BE307C24F0A7CACA90E6F21871A53A ] amdide64        C:\WINDOWS\system32\drivers\amdide64.sys
    09:50:03.0927 0x7d30  amdide64 - ok
    09:50:03.0931 0x7d30  AmdK8 - ok
    09:50:03.0945 0x7d30  [ B28145E732EDEBBEDABC311DBA56D52A, 43745C17A3AC2A7A6FB0DBF1A2158C6B365198581E8E3B1F7E7E9EE9763A2735 ] amdkmafd        C:\WINDOWS\system32\drivers\amdkmafd.sys
    09:50:03.0947 0x7d30  amdkmafd - ok
    09:50:03.0960 0x7d30  amdkmdag - ok
    09:50:03.0992 0x7d30  [ 195DC7236CA248AED62035BCBAA58697, 67E797ADAC1B79B6EDE06F0635078C0B6AA2CB9C77A65F2941AB8F04FD265DA9 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
    09:50:03.0999 0x7d30  amdkmdap - ok
    09:50:04.0027 0x7d30  AmdPPM - ok
    09:50:04.0031 0x7d30  amdsata - ok
    09:50:04.0034 0x7d30  amdsbs - ok
    09:50:04.0037 0x7d30  amdxata - ok
    09:50:04.0070 0x7d30  [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7, B8953CC6B833E76F1483EFDB0198F14FA43E530D1A9FEA33260FD2EDB811B230 ] amd_sata        C:\WINDOWS\system32\drivers\amd_sata.sys
    09:50:04.0073 0x7d30  amd_sata - ok
    09:50:04.0079 0x7d30  [ 23726116B4FBCC84FC45B95157C08F5F, BCF1762FFB36D3846628917DC86CF26A83BDFE7D3DE54F8D6B1B1D3AC3E73F02 ] amd_xata        C:\WINDOWS\system32\drivers\amd_xata.sys
    09:50:04.0079 0x7d30  amd_xata - ok
    09:50:04.0113 0x7d30  [ C3D487827E48CC5EC17994FEC5BDFF87, 5FCEA3EEA583755D0C9F6005ED3032E9DFECB57F504DC67701AE7D2D2631C30E ] AODDriver4.3    C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys
    09:50:04.0115 0x7d30  AODDriver4.3 - ok
    09:50:04.0154 0x7d30  AppHostSvc - ok
    09:50:04.0159 0x7d30  AppID - ok
    09:50:04.0159 0x7d30  AppIDSvc - ok
    09:50:04.0159 0x7d30  Appinfo - ok
    09:50:04.0177 0x7d30  AppReadiness - ok
    09:50:04.0196 0x7d30  AppXSvc - ok
    09:50:04.0200 0x7d30  arcsas - ok
    09:50:04.0301 0x7d30  aspnet_state - ok
    09:50:04.0304 0x7d30  AsyncMac - ok
    09:50:04.0308 0x7d30  atapi - ok
    09:50:04.0392 0x7d30  [ F06A4C6E131FD7D6E253FC0B6844298C, 431FEFB929D984C2573E186C65CE35385808FDB9795C776870AF39305E9465FA ] AtiHDAudioService C:\WINDOWS\system32\drivers\AtihdWT6.sys
    09:50:04.0399 0x7d30  AtiHDAudioService - ok
    09:50:04.0444 0x7d30  AudioEndpointBuilder - ok
    09:50:04.0475 0x7d30  Audiosrv - ok
    09:50:04.0491 0x7d30  AxInstSV - ok
    09:50:04.0501 0x7d30  b06bdrv - ok
    09:50:04.0516 0x7d30  BasicDisplay - ok
    09:50:04.0519 0x7d30  BasicRender - ok
    09:50:04.0538 0x7d30  bcmfn - ok
    09:50:04.0544 0x7d30  bcmfn2 - ok
    09:50:04.0555 0x7d30  BDESVC - ok
    09:50:04.0567 0x7d30  Beep - ok
    09:50:04.0667 0x7d30  [ B02FF978D11586A1C63A83246C1A3C83, A693C845E4B9A7302F7D30ED53E7A09F3798933E2FABA31C0CC744A579319E72 ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
    09:50:04.0718 0x7d30  BEService - ok
    09:50:04.0738 0x7d30  BFE - ok
    09:50:04.0749 0x7d30  BITS - ok
    09:50:04.0749 0x7d30  bowser - ok
    09:50:04.0767 0x7d30  BrokerInfrastructure - ok
    09:50:04.0770 0x7d30  Browser - ok
    09:50:04.0848 0x7d30  [ 656E5682F0731A078B17C49CB50396B0, D573326E3D21EC886932658749B7850AC374CCE84F9FBC048D9A142FC0DC66D0 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
    09:50:04.0849 0x7d30  BstHdAndroidSvc - ok
    09:50:04.0876 0x7d30  [ 4DD0E9D5C2E9582EB868C394884E6E23, 24CC6F12352758DC239F4FB2379BAC6837428B06E3FB52C060045CA95300AB67 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
    09:50:04.0881 0x7d30  BstHdDrv - ok
    09:50:04.0900 0x7d30  [ FE11C8141B01C047B0A24260A69C8680, C2D61A66D508262F9D8E24E896AD5B20213250427B451C7D1A3DFF83B46B1C21 ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
    09:50:04.0909 0x7d30  BstHdLogRotatorSvc - ok
    09:50:04.0944 0x7d30  [ F3891B06EBE80DFA0CA9A204B9BC7077, 8CDD28F6BE07581D43AA16CA941DA746EF84CCEEB53DEABA77085AAA2D5A84DF ] BstHdUpdaterSvc C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
    09:50:04.0962 0x7d30  BstHdUpdaterSvc - ok
    09:50:04.0987 0x7d30  BthAvrcpTg - ok
    09:50:04.0991 0x7d30  BthHFEnum - ok
    09:50:04.0994 0x7d30  bthhfhid - ok
    09:50:04.0999 0x7d30  BthHFSrv - ok
    09:50:05.0017 0x7d30  BTHMODEM - ok
    09:50:05.0019 0x7d30  bthserv - ok
    09:50:05.0019 0x7d30  buttonconverter - ok
    09:50:05.0159 0x7d30  [ C8D931D734FC0097478CE2583A75C4DF, 60C5F97D7E5A8B81A7123A5DB333577B0C7B9302C1D1C98D47BA96C0A3FB7417 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    09:50:05.0196 0x7d30  c2cautoupdatesvc - ok
    09:50:05.0242 0x7d30  [ 8E1CC0517DE17DF83CF80BFCE9F0C000, 13F7929D531914FA2ED1223977E15A7F45E3FF3DA1392ECC4B15F5619B37B754 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    09:50:05.0284 0x7d30  c2cpnrsvc - ok
    09:50:05.0307 0x7d30  CapImg - ok
    09:50:05.0309 0x7d30  cdfs - ok
    09:50:05.0309 0x7d30  CDPSvc - ok
    09:50:05.0309 0x7d30  cdrom - ok
    09:50:05.0309 0x7d30  CertPropSvc - ok
    09:50:05.0325 0x7d30  circlass - ok
    09:50:05.0328 0x7d30  CLFS - ok
    09:50:05.0502 0x7d30  [ 89772864139E48E6E1CEF832AB83E449, 6587F4CBA9143E5889060C2FF1461C9FA51373A84067209BF5B2F57E9359C9F1 ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    09:50:05.0548 0x7d30  ClickToRunSvc - ok
    09:50:05.0565 0x7d30  ClipSVC - ok
    09:50:05.0574 0x7d30  CmBatt - ok
    09:50:05.0579 0x7d30  CNG - ok
    09:50:05.0579 0x7d30  cnghwassist - ok
    09:50:05.0630 0x7d30  CompositeBus - ok
    09:50:05.0634 0x7d30  COMSysApp - ok
    09:50:05.0637 0x7d30  condrv - ok
    09:50:05.0683 0x7d30  CoreMessagingRegistrar - ok
    09:50:05.0709 0x7d30  CryptSvc - ok
    09:50:05.0734 0x7d30  cSysSecure - ok
    09:50:05.0746 0x7d30  dam - ok
    09:50:05.0842 0x7d30  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    09:50:05.0847 0x7d30  dbupdate - ok
    09:50:05.0857 0x7d30  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    09:50:05.0859 0x7d30  dbupdatem - ok
    09:50:05.0894 0x7d30  DcomLaunch - ok
    09:50:05.0903 0x7d30  DcpSvc - ok
    09:50:05.0914 0x7d30  defragsvc - ok
    09:50:05.0917 0x7d30  DeviceAssociationService - ok
    09:50:05.0936 0x7d30  DeviceInstall - ok
    09:50:05.0939 0x7d30  DevQueryBroker - ok
    09:50:05.0943 0x7d30  Dfsc - ok
    09:50:05.0948 0x7d30  Dhcp - ok
    09:50:06.0012 0x7d30  diagnosticshub.standardcollector.service - ok
    09:50:06.0027 0x7d30  DiagTrack - ok
    09:50:06.0031 0x7d30  disk - ok
    09:50:06.0043 0x7d30  DmEnrollmentSvc - ok
    09:50:06.0048 0x7d30  dmvsc - ok
    09:50:06.0059 0x7d30  dmwappushservice - ok
    09:50:06.0059 0x7d30  Dnscache - ok
    09:50:06.0059 0x7d30  dot3svc - ok
    09:50:06.0059 0x7d30  DPS - ok
    09:50:06.0105 0x7d30  drmkaud - ok
    09:50:06.0129 0x7d30  DsmSvc - ok
    09:50:06.0141 0x7d30  DsSvc - ok
    09:50:06.0158 0x7d30  DXGKrnl - ok
    09:50:06.0170 0x7d30  Eaphost - ok
    09:50:06.0175 0x7d30  EasyAntiCheat - ok
    09:50:06.0180 0x7d30  ebdrv - ok
    09:50:06.0189 0x7d30  EFS - ok
    09:50:06.0194 0x7d30  EhStorClass - ok
    09:50:06.0206 0x7d30  EhStorTcgDrv - ok
    09:50:06.0209 0x7d30  embeddedmode - ok
    09:50:06.0213 0x7d30  EntAppSvc - ok
    09:50:06.0216 0x7d30  ErrDev - ok
    09:50:06.0240 0x7d30  EventSystem - ok
    09:50:06.0284 0x7d30  [ A0539478593A00AA64E600CF7E19F195, BD835D70F3EE9BFEFFABE747AD65BC97C73AD8042F653BF93535277FB0CBD4CE ] EvolveVirtualAdapter C:\WINDOWS\System32\drivers\evolve.sys
    09:50:06.0285 0x7d30  EvolveVirtualAdapter - ok
    09:50:06.0416 0x7d30  [ A32D2F4868CD94FEB6ED4C722C850DBE, 10522D45B1784C986C4F93B55F3A95FA61FCDC37167A72205F18784F2F07EE6A ] EvoSvc          C:\Program Files\Echobit\Evolve\EvoSvc.exe
    09:50:06.0463 0x7d30  EvoSvc - ok
    09:50:06.0469 0x7d30  exfat - ok
    09:50:06.0490 0x7d30  fastfat - ok
    09:50:06.0496 0x7d30  Fax - ok
    09:50:06.0499 0x7d30  fdc - ok
    09:50:06.0511 0x7d30  fdPHost - ok
    09:50:06.0515 0x7d30  FDResPub - ok
    09:50:06.0518 0x7d30  fhsvc - ok
    09:50:06.0549 0x7d30  FileCrypt - ok
    09:50:06.0553 0x7d30  FileInfo - ok
    09:50:06.0556 0x7d30  Filetrace - ok
    09:50:06.0559 0x7d30  flpydisk - ok
    09:50:06.0559 0x7d30  FltMgr - ok
    09:50:06.0559 0x7d30  FontCache - ok
    09:50:06.0647 0x7d30  FontCache3.0.0.0 - ok
    09:50:06.0651 0x7d30  FsDepends - ok
    09:50:06.0654 0x7d30  Fs_Rec - ok
    09:50:06.0658 0x7d30  fvevol - ok
    09:50:06.0661 0x7d30  gagp30kx - ok
    09:50:06.0679 0x7d30  [ 7907E14F9BCF3A4689C9A74A1A873CB6, 17927B93B2D6AB4271C158F039CAE2D60591D6A14458F5A5690AEC86F5D54229 ] gdrv            C:\Windows\gdrv.sys
    09:50:06.0679 0x7d30  gdrv - ok
    09:50:06.0717 0x7d30  gencounter - ok
    09:50:06.0719 0x7d30  genericusbfn - ok
    09:50:06.0804 0x7d30  [ F78BC07DCED5EDDD6D477E923620F8EA, ABE28155100A38A5E1B58FFC8099EF416145278B440A67B8DAFD7715FE412624 ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    09:50:06.0837 0x7d30  GfExperienceService - ok
    09:50:06.0843 0x7d30  GPIOClx0101 - ok
    09:50:06.0869 0x7d30  gpsvc - ok
    09:50:06.0869 0x7d30  GpuEnergyDrv - ok
    09:50:06.0949 0x7d30  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    09:50:06.0989 0x7d30  gupdate - ok
    09:50:06.0997 0x7d30  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    09:50:07.0001 0x7d30  gupdatem - ok
    09:50:07.0020 0x7d30  [ 8126331FBD4ED29EB3B356F9C905064D, A58BCE904591DD762410E99960FD956FB579C2CE78FA7BF1406075D29537EF82 ] GVTDrv64        C:\Windows\GVTDrv64.sys
    09:50:07.0021 0x7d30  GVTDrv64 - ok
    09:50:07.0047 0x7d30  [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] hamachi         C:\WINDOWS\system32\DRIVERS\Hamdrv.sys
    09:50:07.0049 0x7d30  hamachi - ok
    09:50:07.0162 0x7d30  [ 486E549690E2A312D1FC93AEE90EEA64, 319B09C50E632695EE8B2ADAAD2254142E94BB70A2D1EB4C37B0438E6E740FBE ] Hamachi2Svc     C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    09:50:07.0232 0x7d30  Hamachi2Svc - ok
    09:50:07.0239 0x7d30  HdAudAddService - ok
    09:50:07.0262 0x7d30  HDAudBus - ok
    09:50:07.0266 0x7d30  HidBatt - ok
    09:50:07.0269 0x7d30  HidBth - ok
    09:50:07.0274 0x7d30  hidi2c - ok
    09:50:07.0282 0x7d30  hidinterrupt - ok
    09:50:07.0290 0x7d30  HidIr - ok
    09:50:07.0304 0x7d30  hidserv - ok
    09:50:07.0346 0x7d30  HidUsb - ok
    09:50:07.0429 0x7d30  [ 492572D5C65636F598739552EBA3D3C1, 866C4683007E0DA2AD2B219A80B6EF34EE6972F8B5A248605AB39F735F0FF6DC ] HiPatchService  I:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    09:50:07.0429 0x7d30  HiPatchService - ok
    09:50:07.0429 0x7d30  HomeGroupListener - ok
    09:50:07.0448 0x7d30  HomeGroupProvider - ok
    09:50:07.0532 0x7d30  [ BB1FC298BE53AAB1E110F6E786BD8AC5, C2DA2C3CE96D5F8B50013063B5EF7BED7478636896C709A7AF34855B2E69B9F1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    09:50:07.0536 0x7d30  HP Support Assistant Service - ok
    09:50:07.0570 0x7d30  [ 6A181452D4E240B8ECC7614B9A19BDE9, 3E458A737DA597DF007D278E9D81F2BF259AB4B97A4C188CEDAEA1F144B1074F ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    09:50:07.0581 0x7d30  HPClientSvc - ok
    09:50:07.0629 0x7d30  [ 9B7EDD3FE7C211C36E921D34D18A3A0A, 03A450F85A042F9668D1560FA2B8B89783568C87CDB1A8685CDA2AC9FE3761C3 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    09:50:07.0663 0x7d30  hpqwmiex - ok
    09:50:07.0687 0x7d30  HpSAMD - ok
    09:50:07.0718 0x7d30  [ B8B1B284362E1D8135112573395D5DA5, 97BC6A7B2DCD7CC854B912A85BB2FCF199592E8E16A7C405EAF89B02D5DE4AEE ] htcnprot        C:\WINDOWS\system32\DRIVERS\htcnprot.sys
    09:50:07.0722 0x7d30  htcnprot - ok
    09:50:07.0753 0x7d30  HTTP - ok
    09:50:07.0765 0x7d30  hwpolicy - ok
    09:50:07.0769 0x7d30  hyperkbd - ok
    09:50:07.0775 0x7d30  i8042prt - ok
    09:50:07.0780 0x7d30  iai2c - ok
    09:50:07.0790 0x7d30  iaLPSS2i_I2C - ok
    09:50:07.0795 0x7d30  iaLPSSi_GPIO - ok
    09:50:07.0799 0x7d30  iaLPSSi_I2C - ok
    09:50:07.0799 0x7d30  iaStorAV - ok
    09:50:07.0799 0x7d30  iaStorV - ok
    09:50:07.0799 0x7d30  ibbus - ok
    09:50:07.0821 0x7d30  icssvc - ok
    09:50:07.0906 0x7d30  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    09:50:07.0908 0x7d30  IDriverT - ok
    09:50:07.0909 0x7d30  IEEtwCollectorService - ok
    09:50:07.0929 0x7d30  IKEEXT - ok
    09:50:08.0098 0x7d30  [ 622868E4BAE8FBCD22CB1A5901A2C824, C1A2264C0984DD16C83B663C9CE43E049E1356E32C5771C3ACE225F285699138 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
    09:50:08.0215 0x7d30  IntcAzAudAddService - ok
    09:50:08.0226 0x7d30  intelide - ok
    09:50:08.0229 0x7d30  intelpep - ok
    09:50:08.0233 0x7d30  intelppm - ok
    09:50:08.0236 0x7d30  IoQos - ok
    09:50:08.0240 0x7d30  IpFilterDriver - ok
    09:50:08.0265 0x7d30  iphlpsvc - ok
    09:50:08.0268 0x7d30  IPMIDRV - ok
    09:50:08.0272 0x7d30  IPNAT - ok
    09:50:08.0281 0x7d30  IRENUM - ok
    09:50:08.0285 0x7d30  isapnp - ok
    09:50:08.0288 0x7d30  iScsiPrt - ok
    09:50:08.0291 0x7d30  kbdclass - ok
    09:50:08.0295 0x7d30  kbdhid - ok
    09:50:08.0299 0x7d30  kdnic - ok
    09:50:08.0299 0x7d30  KeyIso - ok
    09:50:08.0299 0x7d30  KSecDD - ok
    09:50:08.0299 0x7d30  KSecPkg - ok
    09:50:08.0299 0x7d30  ksthunk - ok
    09:50:08.0324 0x7d30  KtmRm - ok
    09:50:08.0335 0x7d30  LanmanServer - ok
    09:50:08.0346 0x7d30  LanmanWorkstation - ok
    09:50:08.0373 0x7d30  lfsvc - ok
    09:50:08.0406 0x7d30  [ 17325C9B9ADB2BB99049936D0C9812C8, 70ADDC85FD5757BC9C4B97F382B25A19851FF8275021FFC04A81E208A604F83E ] LGBusEnum       C:\WINDOWS\system32\drivers\LGBusEnum.sys
    09:50:08.0408 0x7d30  LGBusEnum - ok
    09:50:08.0520 0x7d30  [ 2D7F1C02B94D6F0F3E10107E5EA8E141, 93B266F38C3C3EAAB475D81597ABBD7CC07943035068BB6FD670DBBE15DE0131 ] LGCoreTemp      C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
    09:50:08.0521 0x7d30  LGCoreTemp - ok
    09:50:08.0536 0x7d30  [ C7AF05942E041D4B1F345ACF79993BB3, E8FAAE356C99A11F6CF17640FD9C67F87AFBFEFB70C458CB85178F2AD94DF848 ] LGJoyXlCore     C:\WINDOWS\system32\drivers\LGJoyXlCore.sys
    09:50:08.0540 0x7d30  LGJoyXlCore - ok
    09:50:08.0569 0x7d30  [ 1DDB8DE3D6EEF31EDCF4977B2D2FAACC, 24291B522A596E2D9A1CDAC192DB1C7422D5DD0E87E5C8A5F5E2CAA90296BF23 ] LGVirHid        C:\WINDOWS\system32\drivers\LGVirHid.sys
    09:50:08.0569 0x7d30  LGVirHid - ok
    09:50:08.0569 0x7d30  LicenseManager - ok
    09:50:08.0569 0x7d30  lltdio - ok
    09:50:08.0586 0x7d30  lltdsvc - ok
    09:50:08.0611 0x7d30  lmhosts - ok
    09:50:08.0659 0x7d30  [ 58FA4A9CC1F6406B6B9FA57415989123, 8DA00EA4EECC6FA9A35CBA36551D22BE1B36EE41BB000085D83ADF433781A09E ] LMIGuardianSvc  C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
    09:50:08.0669 0x7d30  LMIGuardianSvc - ok
    09:50:08.0689 0x7d30  [ 3FDD795D6AB32A0E9CF32DDB81CFF301, B1907EE082E9EFDFA6B295CEC64624B56E2AE3DE3C7A3747659694217AD54476 ] LogiRegistryService C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
    09:50:08.0695 0x7d30  LogiRegistryService - ok
    09:50:08.0719 0x7d30  LSI_SAS - ok
    09:50:08.0731 0x7d30  LSI_SAS2i - ok
    09:50:08.0735 0x7d30  LSI_SAS3i - ok
    09:50:08.0738 0x7d30  LSI_SSS - ok
    09:50:08.0743 0x7d30  LSM - ok
    09:50:08.0749 0x7d30  luafv - ok
    09:50:08.0759 0x7d30  MapsBroker - ok
    09:50:08.0764 0x7d30  megasas - ok
    09:50:08.0767 0x7d30  megasr - ok
    09:50:08.0770 0x7d30  MessagingService - ok
    09:50:08.0845 0x7d30  mlx4_bus - ok
    09:50:08.0872 0x7d30  MMCSS - ok
    09:50:08.0875 0x7d30  Modem - ok
    09:50:08.0879 0x7d30  monitor - ok
    09:50:08.0883 0x7d30  mouclass - ok
    09:50:08.0887 0x7d30  mouhid - ok
    09:50:08.0891 0x7d30  mountmgr - ok
    09:50:08.0894 0x7d30  mpsdrv - ok
    09:50:08.0907 0x7d30  MpsSvc - ok
    09:50:08.0914 0x7d30  MQAC - ok
    09:50:08.0933 0x7d30  MRxDAV - ok
    09:50:08.0960 0x7d30  mrxsmb - ok
    09:50:08.0965 0x7d30  mrxsmb10 - ok
    09:50:08.0968 0x7d30  mrxsmb20 - ok
    09:50:08.0972 0x7d30  MsBridge - ok
    09:50:08.0981 0x7d30  MSDTC - ok
    09:50:08.0987 0x7d30  Msfs - ok
    09:50:09.0001 0x7d30  msgpiowin32 - ok
    09:50:09.0004 0x7d30  mshidkmdf - ok
    09:50:09.0007 0x7d30  mshidumdf - ok
    09:50:09.0011 0x7d30  msisadrv - ok
    09:50:09.0022 0x7d30  MSiSCSI - ok
    09:50:09.0025 0x7d30  msiserver - ok
    09:50:09.0028 0x7d30  MSKSSRV - ok
    09:50:09.0032 0x7d30  MsLldp - ok
    09:50:09.0039 0x7d30  MSMQ - ok
    09:50:09.0043 0x7d30  MSPCLOCK - ok
    09:50:09.0048 0x7d30  MSPQM - ok
    09:50:09.0051 0x7d30  MsRPC - ok
    09:50:09.0056 0x7d30  mssmbios - ok
    09:50:09.0059 0x7d30  MSTEE - ok
    09:50:09.0063 0x7d30  MTConfig - ok
    09:50:09.0067 0x7d30  Mup - ok
    09:50:09.0071 0x7d30  mvumis - ok
    09:50:09.0079 0x7d30  NativeWifiP - ok
    09:50:09.0079 0x7d30  NcaSvc - ok
    09:50:09.0110 0x7d30  NcbService - ok
    09:50:09.0115 0x7d30  NcdAutoSetup - ok
    09:50:09.0118 0x7d30  ndfltr - ok
    09:50:09.0122 0x7d30  NDIS - ok
    09:50:09.0125 0x7d30  NdisCap - ok
    09:50:09.0129 0x7d30  NdisImPlatform - ok
    09:50:09.0129 0x7d30  NdisTapi - ok
    09:50:09.0129 0x7d30  Ndisuio - ok
    09:50:09.0129 0x7d30  NdisVirtualBus - ok
    09:50:09.0149 0x7d30  NdisWan - ok
    09:50:09.0152 0x7d30  ndiswanlegacy - ok
    09:50:09.0156 0x7d30  ndproxy - ok
    09:50:09.0175 0x7d30  Ndu - ok
    09:50:09.0179 0x7d30  NetBIOS - ok
    09:50:09.0221 0x7d30  NetBT - ok
    09:50:09.0224 0x7d30  Netlogon - ok
    09:50:09.0229 0x7d30  Netman - ok
    09:50:09.0280 0x7d30  NetMsmqActivator - ok
    09:50:09.0283 0x7d30  NetPipeActivator - ok
    09:50:09.0287 0x7d30  netprofm - ok
    09:50:09.0307 0x7d30  NetSetupSvc - ok
    09:50:09.0309 0x7d30  NetTcpActivator - ok
    09:50:09.0315 0x7d30  NetTcpPortSharing - ok
    09:50:09.0336 0x7d30  NgcCtnrSvc - ok
    09:50:09.0339 0x7d30  NgcSvc - ok
    09:50:09.0343 0x7d30  NlaSvc - ok
    09:50:09.0346 0x7d30  Npfs - ok
    09:50:09.0350 0x7d30  npggsvc - ok
    09:50:09.0359 0x7d30  npsvctrig - ok
    09:50:09.0376 0x7d30  nsi - ok
    09:50:09.0380 0x7d30  nsiproxy - ok
    09:50:09.0396 0x7d30  NTFS - ok
    09:50:09.0400 0x7d30  Null - ok
    09:50:09.0419 0x7d30  [ 1F99AD85DC4F9E322CDE2363378CD374, 5E80D10FF0BC46ECF6F1F2294F35A0A7FD76E6F0B4534FD45C9AA8C57AE97F68 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
    09:50:09.0436 0x7d30  NVHDA - ok
    09:50:09.0792 0x7d30  [ 113505A56DAE1354960B7FF9E30E9AEA, 8A172BA5A06BA4949847A8F349128609AB324B3582707BECB9E786222BFE58D3 ] nvlddmkm        C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
    09:50:10.0149 0x7d30  nvlddmkm - ok
    09:50:10.0315 0x7d30  [ 020F45E362D3B57CCC5735582BB1A6EC, E2D953CEF208528382153D06FED8394BEB52657C547E4D2D2954E537C9A382DC ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    09:50:10.0363 0x7d30  NvNetworkService - ok
    09:50:10.0386 0x7d30  nvraid - ok
    09:50:10.0390 0x7d30  nvstor - ok
    09:50:10.0498 0x7d30  [ F82BCEB9F57B2959F6AAE2A3DDA892A8, 5B02C74BAF0E12B84F239B1449DAA955B28BD5BA7D35D315DB57F45E042E0DB3 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    09:50:10.0499 0x7d30  NvStreamKms - ok
    09:50:10.0593 0x7d30  [ 9209D57C1AA24841EF8D5DE6A5B2AAEB, C1A53621F5361DCE9C962A9B9B586D1904901C9EC20EFCA76C40ADCD98BEDF3C ] NvStreamNetworkSvc C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    09:50:10.0685 0x7d30  NvStreamNetworkSvc - ok
    09:50:10.0759 0x7d30  [ 0EDF9504CA5174075BA5902AFC1F57C8, 8E210E71BA91813D3BB6B59E5F6AD0889711336AD12B1B1C67CCC882A6ED3E53 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    09:50:10.0826 0x7d30  NvStreamSvc - ok
    09:50:10.0879 0x7d30  [ 334AD0B00C21E84B4CE3E20682D308BF, D17BC6D1B26AA10A1A4622AB36E3CDCBF35A9B9CA07CEC6FF865951FB45C9D03 ] nvsvc           C:\WINDOWS\system32\nvvsvc.exe
    09:50:10.0917 0x7d30  nvsvc - ok
    09:50:10.0937 0x7d30  [ F37FE6B15A987AEEC08EEF531F2FAED7, CC768E7DE80C7A8CB2392F9BC528212B8A3A35A30A222ED0B0B959051E6F8065 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
    09:50:10.0939 0x7d30  nvvad_WaveExtensible - ok
    09:50:10.0943 0x7d30  nv_agp - ok
    09:50:10.0971 0x7d30  OneSyncSvc - ok
    09:50:11.0123 0x7d30  [ 7D006FC340B301A1DEAFB5878C078A12, 245A4647DEB2CD5D0C3FF07B45D50D6EE039733000C7F7FEC0A1B58162594B9D ] Origin Client Service I:\Origin\OriginClientService.exe
    09:50:11.0169 0x7d30  Origin Client Service - ok
    09:50:11.0245 0x7d30  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    09:50:11.0253 0x7d30  ose - ok
    09:50:11.0469 0x7d30  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    09:50:11.0620 0x7d30  osppsvc - ok
    09:50:11.0657 0x7d30  p2pimsvc - ok
    09:50:11.0664 0x7d30  p2psvc - ok
    09:50:11.0706 0x7d30  Parport - ok
    09:50:11.0715 0x7d30  partmgr - ok
    09:50:11.0765 0x7d30  [ 446462BBA744DA60379574926FD51EAB, 4A79E8EF28670333F4733FA0016508DC88E9BDC566B455DA5EDEDC514612180A ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    09:50:11.0769 0x7d30  PassThru Service - ok
    09:50:11.0786 0x7d30  PcaSvc - ok
    09:50:11.0790 0x7d30  pci - ok
    09:50:11.0810 0x7d30  pciide - ok
    09:50:11.0815 0x7d30  pcmcia - ok
    09:50:11.0820 0x7d30  pcw - ok
    09:50:11.0833 0x7d30  pdc - ok
    09:50:11.0858 0x7d30  pdfcDispatcher - ok
    09:50:11.0878 0x7d30  PEAUTH - ok
    09:50:11.0879 0x7d30  percsas2i - ok
    09:50:11.0879 0x7d30  percsas3i - ok
    09:50:11.0955 0x7d30  PerfHost - ok
    09:50:11.0996 0x7d30  PhoneSvc - ok
    09:50:12.0029 0x7d30  PimIndexMaintenanceSvc - ok
    09:50:12.0131 0x7d30  pla - ok
    09:50:12.0191 0x7d30  [ 542D7B8CD0487DB1C5EEA7E46BB9F1C1, E7B778D1B5083B716B2AF37858728FB9D91F816094F5F33B8BC2E922A0D3D6C3 ] PlantronicsGC   C:\WINDOWS\system32\drivers\PLTGC.sys
    09:50:12.0226 0x7d30  PlantronicsGC - ok
    09:50:12.0246 0x7d30  PlugPlay - ok
    09:50:12.0275 0x7d30  [ CD421DDB5C6E5458CE52EDC36DE7DC5B, 7B9C0A8B2B86BBF5D7E02F2620B0015A2530CBBC99724BE20313DE53EB31D62E ] PnkBstrA        C:\WINDOWS\system32\PnkBstrA.exe
    09:50:12.0284 0x7d30  PnkBstrA - ok
    09:50:12.0288 0x7d30  PNRPAutoReg - ok
    09:50:12.0292 0x7d30  PNRPsvc - ok
    09:50:12.0309 0x7d30  PolicyAgent - ok
    09:50:12.0309 0x7d30  Power - ok
    09:50:12.0335 0x7d30  PptpMiniport - ok
    09:50:12.0500 0x7d30  [ 15709A9AB1411565754CEE33AAB36387, 77CBC04346F8F247B4614CE65FBD225F0A24827EDD1FDB34900D05673B682D84 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
    09:50:12.0579 0x7d30  PrintNotify - ok
    09:50:12.0579 0x7d30  Processor - ok
    09:50:12.0620 0x7d30  ProfSvc - ok
    09:50:12.0635 0x7d30  Psched - ok
    09:50:12.0669 0x7d30  [ D8EB393983B644879DE0546122CC16DF, 4A11DDFB016B560E770660183AF1ADA4831D97DAEAF560E60259F81F2727CBFC ] ptun0901        C:\WINDOWS\system32\DRIVERS\ptun0901.sys
    09:50:12.0671 0x7d30  ptun0901 - ok
    09:50:12.0693 0x7d30  QWAVE - ok
    09:50:12.0696 0x7d30  QWAVEdrv - ok
    09:50:12.0719 0x7d30  RasAcd - ok
    09:50:12.0751 0x7d30  RasAgileVpn - ok
    09:50:12.0782 0x7d30  RasAuto - ok
    09:50:12.0811 0x7d30  Rasl2tp - ok
    09:50:12.0819 0x7d30  RasMan - ok
    09:50:12.0819 0x7d30  RasPppoe - ok
    09:50:12.0838 0x7d30  RasSstp - ok
    09:50:12.0843 0x7d30  rdbss - ok
    09:50:12.0852 0x7d30  rdpbus - ok
    09:50:12.0856 0x7d30  RDPDR - ok
    09:50:12.0866 0x7d30  RdpVideoMiniport - ok
    09:50:12.0869 0x7d30  rdyboost - ok
    09:50:12.0873 0x7d30  ReFSv1 - ok
    09:50:12.0917 0x7d30  RemoteAccess - ok
    09:50:12.0919 0x7d30  RemoteRegistry - ok
    09:50:12.0938 0x7d30  RetailDemo - ok
    09:50:12.0939 0x7d30  RpcEptMapper - ok
    09:50:12.0939 0x7d30  RpcLocator - ok
    09:50:12.0939 0x7d30  RpcSs - ok
    09:50:12.0957 0x7d30  rspndr - ok
    09:50:12.0960 0x7d30  rt640x64 - ok
    09:50:12.0997 0x7d30  [ 78091471949AD265547B33E7A24C3981, 15B3845B38779FD09AFAADE5145FA6FCA774D2A35EB405B18E09B5D6775EB39B ] rzpnk           C:\Windows\system32\drivers\rzpnk.sys
    09:50:12.0999 0x7d30  rzpnk - ok
    09:50:12.0999 0x7d30  s3cap - ok
    09:50:13.0050 0x7d30  [ A7CEE5D110C7F07B20490398E673E4EA, A75155E740FEB9A2DF8E685FC66E9C0ED84F3D40C8214942538354CD4F6BD4BA ] SaiMini         C:\WINDOWS\System32\drivers\SaiMini.sys
    09:50:13.0056 0x7d30  SaiMini - ok
    09:50:13.0104 0x7d30  [ 86BDC00D124A611F1ECA5681D5123E26, 69C4370E169A176FDA416576AF29629122E76BCCBBDD44CFDD4F86E2EFC694D0 ] SaiNtBus        C:\WINDOWS\system32\drivers\SaiBus.sys
    09:50:13.0116 0x7d30  SaiNtBus - ok
    09:50:13.0141 0x7d30  SamSs - ok
    09:50:13.0151 0x7d30  sbp2port - ok
    09:50:13.0154 0x7d30  SCardSvr - ok
    09:50:13.0200 0x7d30  [ B41DECEAD362C198F3EA5169658A884E, 801BA4CD256D4CB70D0BE6C8D0235F01FF626A6C38331C8D9AC5ADF96D1C926E ] SCDEmu          C:\WINDOWS\system32\drivers\SCDEmu.sys
    09:50:13.0204 0x7d30  SCDEmu - ok
    09:50:13.0208 0x7d30  ScDeviceEnum - ok
    09:50:13.0212 0x7d30  scfilter - ok
    09:50:13.0237 0x7d30  Schedule - ok
    09:50:13.0247 0x7d30  SCPolicySvc - ok
    09:50:13.0279 0x7d30  [ 8B56BDCE6A303DDE63D63440D1CF9AD1, 66A4356C29D00A1B8A95975C073AE4E6D2A90CBF3B143FE9B83B96BEC0805D46 ] ScreamBAudioSvc C:\WINDOWS\system32\drivers\ScreamingBAudio64.sys
    09:50:13.0279 0x7d30  ScreamBAudioSvc - ok
    09:50:13.0316 0x7d30  sdbus - ok
    09:50:13.0320 0x7d30  SDRSVC - ok
    09:50:13.0329 0x7d30  sdstor - ok
    09:50:13.0379 0x7d30  seclogon - ok
    09:50:13.0409 0x7d30  SENS - ok
    09:50:13.0429 0x7d30  SensorDataService - ok
    09:50:13.0503 0x7d30  SensorService - ok
    09:50:13.0513 0x7d30  SensrSvc - ok
    09:50:13.0551 0x7d30  SerCx - ok
    09:50:13.0593 0x7d30  SerCx2 - ok
    09:50:13.0611 0x7d30  Serenum - ok
    09:50:13.0651 0x7d30  Serial - ok
    09:50:13.0656 0x7d30  sermouse - ok
    09:50:13.0669 0x7d30  SessionEnv - ok
    09:50:13.0678 0x7d30  sfloppy - ok
    09:50:13.0699 0x7d30  SharedAccess - ok
    09:50:13.0732 0x7d30  ShellHWDetection - ok
    09:50:13.0735 0x7d30  SiSRaid2 - ok
    09:50:13.0739 0x7d30  SiSRaid4 - ok
    09:50:13.0885 0x7d30  [ 9A66A87BBC0EC4463042959B7C0D4AC1, 2E61DC50AD4A4D4782F3271BAD010137DA9A6AFC46C7568C709F68C7621DCD40 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
    09:50:13.0892 0x7d30  SkypeUpdate - ok
    09:50:13.0909 0x7d30  smphost - ok
    09:50:13.0960 0x7d30  SmsRouter - ok
    09:50:13.0979 0x7d30  SNMPTRAP - ok
    09:50:13.0979 0x7d30  spaceport - ok
    09:50:13.0979 0x7d30  SpbCx - ok
    09:50:14.0005 0x7d30  Spooler - ok
    09:50:14.0008 0x7d30  sppsvc - ok
    09:50:14.0024 0x7d30  srv - ok
    09:50:14.0027 0x7d30  srv2 - ok
    09:50:14.0038 0x7d30  srvnet - ok
    09:50:14.0073 0x7d30  [ AFC159BDB8CD5A804D015D8A3624ECC6, 863150170D7F84D793C7CECD40439A5B46D337A8B904183ED8C53FDA9FB71091 ] ssdevfactory    C:\WINDOWS\System32\drivers\ssdevfactory.sys
    09:50:14.0078 0x7d30  ssdevfactory - ok
    09:50:14.0108 0x7d30  SSDPSRV - ok
    09:50:14.0149 0x7d30  [ DA79CC83A65E951E3091B1CD6323D853, E69936F48F366707A438E73EB9FBBC53148653D8498F91729542FB750C535103 ] sshid           C:\WINDOWS\System32\drivers\sshid.sys
    09:50:14.0149 0x7d30  sshid - ok
    09:50:14.0182 0x7d30  SstpSvc - ok
    09:50:14.0195 0x7d30  StateRepository - ok
    09:50:14.0327 0x7d30  [ A4FC868F6FC03876E29E4D87731B8E31, C774DA022879A69CBC2178CA1BB779438CD69D1582B4ECF22C90E4F0C4E9D9E4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    09:50:14.0372 0x7d30  Steam Client Service - ok
    09:50:14.0644 0x7d30  [ 3252926E49BFD4F602535B4C0387ECC7, 7A3F3606D2C48834D461BC5146AA079CA483A76D74C0FC01DAA87D6CE98A4606 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
    09:50:14.0665 0x7d30  Stereo Service - ok
    09:50:14.0689 0x7d30  stexstor - ok
    09:50:14.0748 0x7d30  stisvc - ok
    09:50:14.0749 0x7d30  storahci - ok
    09:50:14.0749 0x7d30  storflt - ok
    09:50:14.0765 0x7d30  stornvme - ok
    09:50:14.0770 0x7d30  storqosflt - ok
    09:50:14.0789 0x7d30  StorSvc - ok
    09:50:14.0789 0x7d30  storufs - ok
    09:50:14.0809 0x7d30  storvsc - ok
    09:50:14.0835 0x7d30  svsvc - ok
    09:50:14.0840 0x7d30  swenum - ok
    09:50:14.0971 0x7d30  [ F577910A133A592234EBAAD3F3AFA258, 36F514740EE2D2B2F7ABFFFA13D575233EC4CE774EB58BF889C09930FEF1F443 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    09:50:14.0985 0x7d30  SwitchBoard - ok
    09:50:14.0991 0x7d30  swprv - ok
    09:50:15.0024 0x7d30  Synth3dVsc - ok
    09:50:15.0029 0x7d30  SysMain - ok
    09:50:15.0053 0x7d30  SystemEventsBroker - ok
    09:50:15.0059 0x7d30  TabletInputService - ok
    09:50:15.0059 0x7d30  TapiSrv - ok
    09:50:15.0077 0x7d30  Tcpip - ok
    09:50:15.0081 0x7d30  Tcpip6 - ok
    09:50:15.0086 0x7d30  tcpipreg - ok
    09:50:15.0100 0x7d30  tdx - ok
    09:50:15.0103 0x7d30  terminpt - ok
    09:50:15.0107 0x7d30  TermService - ok
    09:50:15.0110 0x7d30  Themes - ok
    09:50:15.0126 0x7d30  TieringEngineService - ok
    09:50:15.0129 0x7d30  tiledatamodelsvc - ok
    09:50:15.0167 0x7d30  TimeBroker - ok
    09:50:15.0189 0x7d30  TPM - ok
    09:50:15.0193 0x7d30  TrkWks - ok
    09:50:15.0243 0x7d30  TrustedInstaller - ok
    09:50:15.0248 0x7d30  tsusbflt - ok
    09:50:15.0249 0x7d30  TsUsbGD - ok
    09:50:15.0249 0x7d30  tunnel - ok
    09:50:15.0289 0x7d30  tzautoupdate - ok
    09:50:15.0289 0x7d30  uagp35 - ok
    09:50:15.0289 0x7d30  UASPStor - ok
    09:50:15.0314 0x7d30  UcmCx0101 - ok
    09:50:15.0317 0x7d30  UcmUcsi - ok
    09:50:15.0319 0x7d30  Ucx01000 - ok
    09:50:15.0319 0x7d30  UdeCx - ok
    09:50:15.0319 0x7d30  udfs - ok
    09:50:15.0319 0x7d30  UEFI - ok
    09:50:15.0344 0x7d30  Ufx01000 - ok
    09:50:15.0355 0x7d30  UfxChipidea - ok
    09:50:15.0359 0x7d30  ufxsynopsys - ok
    09:50:15.0366 0x7d30  UI0Detect - ok
    09:50:15.0369 0x7d30  uliagpkx - ok
    09:50:15.0373 0x7d30  umbus - ok
    09:50:15.0376 0x7d30  UmPass - ok
    09:50:15.0380 0x7d30  UmRdpService - ok
    09:50:15.0413 0x7d30  UnistoreSvc - ok
    09:50:15.0467 0x7d30  Update service - ok
    09:50:15.0488 0x7d30  upnphost - ok
    09:50:15.0508 0x7d30  UrsChipidea - ok
    09:50:15.0511 0x7d30  UrsCx01000 - ok
    09:50:15.0515 0x7d30  UrsSynopsys - ok
    09:50:15.0519 0x7d30  usbaudio - ok
    09:50:15.0522 0x7d30  usbccgp - ok
    09:50:15.0526 0x7d30  usbcir - ok
    09:50:15.0529 0x7d30  usbehci - ok
    09:50:15.0533 0x7d30  usbhub - ok
    09:50:15.0537 0x7d30  USBHUB3 - ok
    09:50:15.0540 0x7d30  usbohci - ok
    09:50:15.0544 0x7d30  usbprint - ok
    09:50:15.0554 0x7d30  usbser - ok
    09:50:15.0560 0x7d30  USBSTOR - ok
    09:50:15.0564 0x7d30  usbuhci - ok
    09:50:15.0575 0x7d30  USBXHCI - ok
    09:50:15.0590 0x7d30  UserDataSvc - ok
    09:50:15.0660 0x7d30  UserManager - ok
    09:50:15.0681 0x7d30  UsoSvc - ok
    09:50:15.0685 0x7d30  VaultSvc - ok
    09:50:15.0717 0x7d30  [ E7204D7FD7362F0EFAA502A4CB91CA1E, C7F3BE383C81AB9AA642479F95872E40E19A4CFD72D4C8D7DE80ABC11B713E21 ] VBAudioVACMME   C:\WINDOWS\system32\DRIVERS\vbaudio_cable64_win7.sys
    09:50:15.0719 0x7d30  VBAudioVACMME - ok
    09:50:15.0723 0x7d30  vdrvroot - ok
    09:50:15.0743 0x7d30  vds - ok
    09:50:15.0747 0x7d30  VerifierExt - ok
    09:50:15.0759 0x7d30  vhdmp - ok
    09:50:15.0759 0x7d30  vhf - ok
    09:50:15.0759 0x7d30  vmbus - ok
    09:50:15.0778 0x7d30  VMBusHID - ok
    09:50:15.0822 0x7d30  vmicguestinterface - ok
    09:50:15.0825 0x7d30  vmicheartbeat - ok
    09:50:15.0829 0x7d30  vmickvpexchange - ok
    09:50:15.0829 0x7d30  vmicrdv - ok
    09:50:15.0829 0x7d30  vmicshutdown - ok
    09:50:15.0829 0x7d30  vmictimesync - ok
    09:50:15.0829 0x7d30  vmicvmsession - ok
    09:50:15.0849 0x7d30  vmicvss - ok
    09:50:15.0854 0x7d30  volmgr - ok
    09:50:15.0857 0x7d30  volmgrx - ok
    09:50:15.0860 0x7d30  volsnap - ok
    09:50:15.0865 0x7d30  vpci - ok
    09:50:15.0869 0x7d30  vsmraid - ok
    09:50:15.0873 0x7d30  VSS - ok
    09:50:15.0876 0x7d30  VSTXRAID - ok
    09:50:15.0881 0x7d30  vwifibus - ok
    09:50:15.0884 0x7d30  vwififlt - ok
    09:50:15.0888 0x7d30  W32Time - ok
    09:50:15.0929 0x7d30  w3logsvc - ok
    09:50:15.0938 0x7d30  W3SVC - ok
    09:50:15.0944 0x7d30  WacomPen - ok
    09:50:15.0952 0x7d30  WalletService - ok
    09:50:15.0957 0x7d30  wanarp - ok
    09:50:15.0963 0x7d30  wanarpv6 - ok
    09:50:15.0967 0x7d30  WAS - ok
    09:50:15.0974 0x7d30  wbengine - ok
    09:50:15.0997 0x7d30  WbioSrvc - ok
    09:50:16.0026 0x7d30  Wcmsvc - ok
    09:50:16.0033 0x7d30  wcncsvc - ok
    09:50:16.0037 0x7d30  WcsPlugInService - ok
    09:50:16.0044 0x7d30  WdBoot - ok
    09:50:16.0050 0x7d30  Wdf01000 - ok
    09:50:16.0053 0x7d30  WdFilter - ok
    09:50:16.0057 0x7d30  WdiServiceHost - ok
    09:50:16.0061 0x7d30  WdiSystemHost - ok
    09:50:16.0096 0x7d30  wdiwifi - ok
    09:50:16.0100 0x7d30  WdNisDrv - ok
    09:50:16.0139 0x7d30  WdNisSvc - ok
    09:50:16.0139 0x7d30  WebClient - ok
    09:50:16.0139 0x7d30  Wecsvc - ok
    09:50:16.0139 0x7d30  WEPHOSTSVC - ok
    09:50:16.0139 0x7d30  wercplsupport - ok
    09:50:16.0158 0x7d30  WerSvc - ok
    09:50:16.0181 0x7d30  WFPLWFS - ok
    09:50:16.0205 0x7d30  WiaRpc - ok
    09:50:16.0227 0x7d30  WIMMount - ok
    09:50:16.0229 0x7d30  WinDefend - ok
    09:50:16.0229 0x7d30  WindowsTrustedRT - ok
    09:50:16.0266 0x7d30  WindowsTrustedRTProxy - ok
    09:50:16.0275 0x7d30  WinHttpAutoProxySvc - ok
    09:50:16.0281 0x7d30  WinMad - ok
    09:50:16.0406 0x7d30  Winmgmt - ok
    09:50:16.0418 0x7d30  WinRing0_1_2_0 - ok
    09:50:16.0445 0x7d30  WinRM - ok
    09:50:16.0499 0x7d30  WINUSB - ok
    09:50:16.0504 0x7d30  WinVerbs - ok
    09:50:16.0550 0x7d30  WlanSvc - ok
    09:50:16.0609 0x7d30  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    09:50:16.0610 0x7d30  wlcrasvc - ok
    09:50:16.0622 0x7d30  wlidsvc - ok
    09:50:16.0625 0x7d30  WmiAcpi - ok
    09:50:16.0651 0x7d30  wmiApSrv - ok
    09:50:16.0688 0x7d30  WMPNetworkSvc - ok
    09:50:16.0750 0x7d30  [ 2A9650FCC696DB28E45EA8B33B99B8E6, FBEBC6C05D50F578C6EEE0A7285EBE1DEADB08DD21FA3232630FD8D5A68FC3FB ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
    09:50:16.0764 0x7d30  Wof - ok
    09:50:16.0775 0x7d30  workfolderssvc - ok
    09:50:16.0783 0x7d30  wpcfltr - ok
    09:50:16.0822 0x7d30  WPDBusEnum - ok
    09:50:16.0826 0x7d30  WpdUpFltr - ok
    09:50:16.0832 0x7d30  WpnService - ok
    09:50:16.0836 0x7d30  ws2ifsl - ok
    09:50:16.0855 0x7d30  wscsvc - ok
    09:50:16.0859 0x7d30  WSearch - ok
    09:50:16.0881 0x7d30  WSService - ok
    09:50:16.0885 0x7d30  wuauserv - ok
    09:50:16.0890 0x7d30  WudfPf - ok
    09:50:16.0893 0x7d30  WUDFRd - ok
    09:50:16.0898 0x7d30  wudfsvc - ok
    09:50:16.0902 0x7d30  WUDFWpdFs - ok
    09:50:16.0907 0x7d30  WwanSvc - ok
    09:50:16.0921 0x7d30  XblAuthManager - ok
    09:50:16.0957 0x7d30  XblGameSave - ok
    09:50:16.0976 0x7d30  xboxgip - ok
    09:50:16.0991 0x7d30  XboxNetApiSvc - ok
    09:50:17.0032 0x7d30  [ 0D85D274C6E267457FF1E3ABB0D57683, A83097A9C0BEDCFBF9138CEB3AF304E4067651C43A8CDBA5CA37022BCF52587F ] xhunter1        C:\WINDOWS\xhunter1.sys
    09:50:17.0033 0x7d30  xhunter1 - ok
    09:50:17.0056 0x7d30  xinputhid - ok
    09:50:17.0059 0x7d30  xusb22 - ok
    09:50:17.0059 0x7d30  ================ Scan global ===============================
    09:50:17.0262 0x7d30  [ Global ] - ok
    09:50:17.0262 0x7d30  ================ Scan MBR ==================================
    09:50:17.0269 0x7d30  [ 5E077BE4F70FF9786C98072B89B563CC ] \Device\Harddisk0\DR0
    09:50:17.0627 0x7d30  \Device\Harddisk0\DR0 - ok
    09:50:17.0650 0x7d30  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
    09:50:17.0660 0x7d30  \Device\Harddisk1\DR1 - ok
    09:50:17.0661 0x7d30  ================ Scan VBR ==================================
    09:50:17.0664 0x7d30  [ 1E3ACE7B8A9056076B7E46B6BE16984E ] \Device\Harddisk0\DR0\Partition1
    09:50:17.0684 0x7d30  \Device\Harddisk0\DR0\Partition1 - ok
    09:50:17.0687 0x7d30  [ 1195F7BB4072E65E55521718DC412FBA ] \Device\Harddisk0\DR0\Partition2
    09:50:17.0689 0x7d30  \Device\Harddisk0\DR0\Partition2 - ok
    09:50:17.0693 0x7d30  [ 2A9D02D645090AE9D595BAB5C1DC88B1 ] \Device\Harddisk0\DR0\Partition3
    09:50:17.0694 0x7d30  \Device\Harddisk0\DR0\Partition3 - ok
    09:50:17.0698 0x7d30  [ 3EE8F9FBFFDB0E58C1695D5163B78B29 ] \Device\Harddisk1\DR1\Partition1
    09:50:17.0760 0x7d30  \Device\Harddisk1\DR1\Partition1 - ok
    09:50:17.0761 0x7d30  ================ Scan generic autorun ======================
    09:50:17.0785 0x7d30  [ 554A50B5310E702029D3A675459108FF, 4757D5FFFAC7E73D4A3D931DB1399DDFDBD5811639BDA4517F886C21CC7F2574 ] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    09:50:17.0787 0x7d30  hpsysdrv - ok
    09:50:17.0906 0x7d30  [ 8705CAD0913FF70B438C4C9E3F193ED6, 3ED289E75A50D9939CC3E199EB604F732F3F6404C6036F4BDA6005BA35A821DB ] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    09:50:17.0974 0x7d30  CanonMyPrinter - ok
    09:50:18.0039 0x7d30  [ E5A22701F5AA0FEA791E19007F93E9BD, DD65B9F420F38A19D0661B859D45CC957E4DC12248A7868F3DE8ED6B13C059A2 ] C:\Program Files\Plantronics\GameCom 780 & 788\GameCom780.exe
    09:50:18.0064 0x7d30  GamecomSound - ok
    09:50:18.0184 0x7d30  [ 053C93D5967E08748DBA0E132EAEC0B3, B48A00B00DFDFCF6911911B34788CD359BF90AB66F4A2A3FE177B75EB775C2C2 ] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
    09:50:18.0187 0x7d30  NUSB3MON - ok
    09:50:18.0296 0x7d30  [ 94A8196066774252DF015EEDF02CCA44, AD2DFDA427E3CCB5C8404F0AFAFE71C64B862D2E26A67E1BFC2B40738FD0B873 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    09:50:18.0334 0x7d30  NvBackend - ok
    09:50:18.0356 0x7d30  ShadowPlay - ok
    09:50:18.0831 0x7d30  [ BA1C34DAB2C27DAE0C830F1DB70B13A6, 71D52880BE4F67493DBA1B89847209B0AEE6FCA1D432608772ED10621DAD5309 ] C:\Program Files\Logitech Gaming Software\LCore.exe
    09:50:19.0187 0x7d30  Launch LCore - ok
    09:50:19.0491 0x7d30  [ 22EBD5AE3B3220D713E544D1D3AB3FEE, 9EF058B096DAA5C6242FBEB3DF509108180B1EB1EA252E63C437CF6C1B743BE0 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    09:50:19.0620 0x7d30  RTHDVCPL - ok
    09:50:19.0713 0x7d30  [ A0E32171EFB9432D0746F5EF728BB0FB, B468233DD9C68EBA86A3970587177CD86402212F456956D70B926875519833FA ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
    09:50:19.0721 0x7d30  AdobeAAMUpdater-1.0 - ok
    09:50:19.0758 0x7d30  [ 5516C26A6AF8EB4E2CAB48EC98A74398, 2BF161DE944090B3B3792AE8F5985FCB09744B3EE626E8253A3861D86284652D ] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    09:50:19.0760 0x7d30  HP Software Update - ok
    09:50:19.0814 0x7d30  OneDriveSetup - ok
    09:50:19.0816 0x7d30  OneDriveSetup - ok
    09:50:20.0081 0x7d30  [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] C:\Users\McRae\AppData\Local\Google\Update\GoogleUpdate.exe
    09:50:20.0083 0x7d30  Google Update - ok
    09:50:20.0281 0x7d30  [ F2AD1B265908797F8A5E21E0312F2F25, 2A6A612F7D52D297385C43E77AD0CD37B28F33ED2AF89098F5E66B812B838A52 ] C:\Users\McRae\AppData\Local\Akamai\netsession_win.exe
    09:50:20.0413 0x7d30  Akamai NetSession Interface - ok
    09:50:20.0547 0x7d30  [ ADB8D21FC136BC4092A7F87DD4426F50, 8F63147EED8CCD5CE076491C78559ECB1A3953769F56B3191167E6C549CE8129 ] I:\Steam\steam.exe
    09:50:20.0589 0x7d30  Steam - ok
    09:50:20.0699 0x7d30  [ 0DEEC48955C21BE596C5D9907A0707E7, 5F6E321B00DE7A56048B7E9389D314B59AB11DF47691F5C9734B084213E8BC20 ] C:\Program Files (x86)\Gyazo\GyStation.exe
    09:50:20.0745 0x7d30  Gyazo - ok
    09:50:20.0837 0x7d30  [ 53C6C41356D532FEFD8056AB2906D129, C5E54C571FA44AF7FD1974464CC5D5DD30BA0D31ED20CF6B3DBB5A49FC5F0AC7 ] C:\Users\McRae\AppData\Local\Skillbrains\lightshot\Lightshot.exe
    09:50:20.0839 0x7d30  LightShot - ok
    09:50:20.0983 0x7d30  [ E11775E9CC132A91A0918E3C8A536343, 85FAB7BF6B69DA7992E216B230D62520F5F5F87EB003AC4B98394CD60AE369FC ] C:\Users\McRae\AppData\Roaming\Spotify\SpotifyWebHelper.exe
    09:50:21.0011 0x7d30  Spotify Web Helper - ok
    09:50:21.0088 0x7d30  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\McRae\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    09:50:21.0096 0x7d30  OneDrive - ok
    09:50:21.0120 0x7d30  Discord - ok
    09:50:21.0209 0x7d30  [ AFF13D3C14FA408C3BA77960248DA07D, 90086DCFC98D0782539E8762319838B4E4790429179116D9C61798D08A9E8C2E ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
    09:50:21.0235 0x7d30  BlueStacks Agent - ok
    09:50:21.0237 0x7d30  YouTubeManager - ok
    09:50:21.0239 0x7d30  MSCUpdate - ok
    09:50:21.0359 0x7d30  DiscordPTB - ok
    09:50:21.0539 0x7d30  [ E262E7DFCB6CBA006837E00E9DECEA94, 88F330051621CAB5CA1C9E88E88AB25FFBF093D8C33B178A300D3E044BB541C2 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    09:50:21.0566 0x7d30  GoogleChromeAutoLaunch_2B66EBD12A88ED238A2C0922F131D0DB - ok
    09:50:21.0636 0x7d30  Uninstall C:\Users\McRae\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 - ok
    09:50:21.0699 0x7d30  OneDriveSetup - ok
    09:50:21.0747 0x7d30  WAB Migrate - ok
    09:50:21.0748 0x7d30  Waiting for KSN requests completion. In queue: 63
    09:50:22.0789 0x7d30  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.9.10586.0 ), 0x60100 ( disabled : updated )
    09:50:22.0809 0x7d30  Win FW state via NFP2: enabled ( trusted )
    09:50:23.0060 0x7d30  ============================================================
    09:50:23.0060 0x7d30  Scan finished
    09:50:23.0060 0x7d30  ============================================================
    09:50:23.0073 0x7d28  Detected object count: 0
    09:50:23.0073 0x7d28  Actual detected object count: 0
    Log for JRT :

    Code:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.6 (04.25.2016)
    Operating System: Windows 10 Home x64 
    Ran by McRae (Administrator) on Mon 07/04/2016 at  8:51:29.11
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    
    
    
    
    
    
    File System: 17 
    
    
    Successfully deleted: C:\ProgramData\pc1data (Folder) 
    Successfully deleted: C:\Users\McRae\AppData\Local\{1689FEBD-3E6A-4463-B7CE-FC7FF583B21B} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{26375B98-F567-47AE-9167-6B68EDC862F4} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{4DEFAE6B-5AF8-4F1D-B0BF-53AEE70E8B21} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{5DB9F533-5AEE-4888-BE62-21BB5857801E} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{670489D3-47B5-4577-AE83-EE440C9BAC45} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{7E828473-EC5C-4273-9FFC-EF84389D3A83} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{BD544546-F659-4D63-B2EC-A8FEA15ADAAF} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\{EE59C8E3-0E5B-4358-B3D3-8B6428920C0C} (Empty Folder)
    Successfully deleted: C:\Users\McRae\AppData\Local\crashrpt (Folder) 
    Successfully deleted: C:\Users\McRae\AppData\Roaming\Mozilla\Firefox\Profiles\l5vjkvqy.default\extensions\staged (Folder) 
    Successfully deleted: C:\Users\McRae\AppData\Roaming\pcpro (Folder) 
    Successfully deleted: C:\Users\McRae\AppData\Roaming\speedrunnerslog.txt (File) 
    Successfully deleted: C:\WINDOWS\system32\Tasks\update-S-1-5-21-3881755435-2585289647-3747457102-1000 (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\update-sys (Task)
    Successfully deleted: C:\WINDOWS\Tasks\update-S-1-5-21-3881755435-2585289647-3747457102-1000.job (Task) 
    Successfully deleted: C:\WINDOWS\Tasks\update-sys.job (Task) 
    
    
    
    
    
    
    Registry: 6 
    
    
    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B66EBD12A88ED238A2C0922F131D0DB (Registry Value) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7A9C8D53-2D64-4A78-B24B-8D1AEC9F001E} (Registry Value) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCE665DD-F6DD-4808-968E-EAEC971F70EF} (Registry Value) 
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{991484AD-0DA8-4676-AB26-D30E1AE75389} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3} (Registry Key)
    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC} (Registry Key)
    
    
    
    
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 07/04/2016 at  8:56:35.01
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      My Computer


  8. Posts : 16,325
    W10Prox64
       #8

    Reset HOSTS file
    https://support.microsoft.com/en-us/kb/972034
    The instructions for W8/8.1 are the same as W10; see the link above for screenshots.
    You want to delete the following entries (if they remain):

    Code:
      127.0.0.1       down.baidu2016.com
      127.0.0.1       123.sogou.com
      127.0.0.1       Welcome to nginx!
      127.0.0.1       http://www.czzsyzxl.com
      127.0.0.1       union.baidu2019.com
    Here's how to do it:
    Navigate to your HOSTS file:
    In the search bar, enter
    Code:
    %WinDir%\System32\Drivers\Etc
    Open the folder.
    Copy the hosts file to your desktop.
    Rename the file in the original folder to hosts.old
    On your desktop, open the hosts file with Notepad.
    Remove the entries if they still exist. Save as hosts with no file extension and change the file type to "all files".
    Copy the new hosts file back into the original folder. Once all is verified working well, you can delete the hosts.old file.

    Flush DNS
    Open Command Prompt and type the following command
    Code:
    ipconfig /flushdns
    Press enter.

    Remove all Restore Points and create a new one.
    Type Create Restore Point in the search bar.
    In the box that opens (System Properties) Select Configure. Verify System Restore is turned on for your OS drive. If not, turn it on in the next step: select the radio button to Turn on system protection.
    Select Delete all restore points for this drive. Click OK. Make sure Local Disk C: System Protection id ON. Click Create and set a new restore point - call it Clean.

    The instructions from @Slartybart are also a good idea to perform.

    After these, please report how the system is running.
      My Computer


  9. Posts : 16,325
    W10Prox64
       #9

    One more thing:
    Malwarebytes is an anti-malware program, not an anti-virus.
    Please verify Windows Defender is running and up-to-date. :)
      My Computer


  10. Posts : 16,325
    W10Prox64
       #10

    Lastly, please download and install SuperAntiSpyware Free version.
    SUPERAntiSpyware - Downloads
    Update the definitions.
    Select Scan This Computer
    Select High Boost in Scanner Options
    Select Complete Scan
    Please provide the log, if it finds anything besides Tracking Cookies.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:35.
Find Us




Windows 10 Forums