Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win7 64-bit Pro, recent erratic behaviour at boot and shutdown


  • This topic is locked This topic is locked
107 replies to this topic

#1 whizzcodebang

whizzcodebang

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 26 October 2013 - 07:43 AM

I have used Malwarebytes and OuptostPro Security suite and MS malicious removal tool to check my machine but nothing has been found. However when running Combofix the problems I experience are temporarily pacified then a day or two later the problems start to manifest themselves.

The unusual behavior first began (that I noticed) after an unattended Windows update that forced a re-boot. From that point onwards I experienced the following misbehaviour of the PC;
1.On shut down or request to enter sleep mode where as before my PC would wind down within less than a minute, now the process can take three or four or longer. More often than not Windows will announce that some service  continues to run in the background and presenting me with a choice to kill it but I can't because the (wireless) mouse cannot move. So the OS just hangs there at the same time fading out the desktop.

2. When coming out of sleep the initial process is prompt. However once I've entered my password the action response of Windows can be; the screen contents comes up fast but there is a long delay - several minutes sometimes - before mouse activity is possible. BTW I notice that when this happens the mouse comes active shortly after the audio manager announces, on the task bar,  that speakers have been connected. It's as if device drivers are being held back. The other route the system may take (when coming out of sleep) is that all open applications appear as empty frames, black in the middle. Again this situation can last for several minutes.

3. When I go to try and install an application in admin mode (right click),  Win7 darkens the screen, as is normal, then brings up the standard option box (Yes/No), but at this point the OS freezes, not allowing mouse movement to choose YES. The OS can remain in this state for 4-5 minutes, where upon the screen reverts to normal and the option box disappears - not having been allowed to make a choice nothing happens. If I go through the process again then I'm successful most of the time.

4. Rarely, but it has happened, web access is denied but I must stress that is rare. Also the lack of access is not due to temporary ISP disruption, another PC of mine is able to access the Internet without problem. What I have noticed is, after running Combofix, where things revert to something close to normality, when I happen to be  browsing (FIreFox) there is a sudden, almost imperceptible stutter on my mouse and from that point onwards things begin to deteriorate such that the sleep process starts to take much longer, getting gradually worse by the day.

I've considered the possibility that there may be driver issues, because of a screwed up Win update process  - I can't discount some of the things happening are down to this but the fact this PC goes through a cycle of pepping up a bit after using Combofix then within a few days, no more than two or three, everything is back to its sluggish self indicates to me something else is going on.
 
I would add that despite these problmes in all other ways my applications seem to run witout issue.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.15.2
Run by ziggy-d at 20:17:00 on 2013-10-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16350.13255 [GMT 1:00]
.
AV: Outpost Security Suite Pro *Disabled/Updated* {CA353927-A29E-272A-EC5E-4FB545C2A8D0}
SP: Outpost Security Suite Pro *Disabled/Updated* {7154D8C3-84A4-28A4-D6EE-74C73E45E26D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Security Suite Pro *Disabled* {F20EB802-E8F1-2672-C701-E680BB11EFAB}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\vVX6000.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\WinZip\WZQKPICK.EXE
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
C:\Program Files\zabkat\xplorer2_ult\xplorer2_64.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\SplashData\SplashID Standalone\SplashID Desktop.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [TurboV EVO] "C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" -b
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
StartupFolder: C:\Users\ziggy-d\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
StartupFolder: C:\Users\ziggy-d\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CINEFO~1.LNK - C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MONACO~1.LNK - C:\Program Files (x86)\X-Rite\Tools\MonacoGamma\MonacoGamma.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK.EXE
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{0822B39B-E81D-45B2-B638-F7FB0B46499C} : DHCPNameServer = 192.168.1.254 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [VX6000] C:\Windows\vVX6000.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2013-9-12 116000]
R0 mv61xx;mv61xx;C:\Windows\System32\drivers\mv61xx.sys [2009-8-6 179752]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\System32\drivers\mv91cons.sys [2012-6-25 28008]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2009-12-25 297512]
R0 tib;Acronis TIB Manager;C:\Windows\System32\drivers\tib.sys [2013-9-22 1120032]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2013-9-22 183224]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2013-9-22 161568]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2013-9-22 117024]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-2-22 70296]
R1 afw;Agnitum Firewall Driver;C:\Windows\System32\drivers\afw.sys [2013-8-25 40544]
R1 SandBox;SandBox;C:\Windows\System32\drivers\SandBox64.sys [2013-8-25 1311608]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [2013-8-25 3355784]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-9-22 3873784]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [2012-3-20 109056]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-6-27 173192]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DevoloNetworkService;devolo Network Service;C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [2010-11-16 3305280]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-20 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-10-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-10-21 701512]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2011-11-15 2139536]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-10-13 145448]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2013-8-21 9735136]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-7-2 93072]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-20 2320920]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-11-1 13234176]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-9-22 367200]
R3 afwcore;afwcore;C:\Windows\System32\drivers\afwcore.sys [2013-8-25 469256]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-3-20 56344]
R3 jlink;J-Link driver;C:\Windows\System32\drivers\jlinkx64.sys [2012-10-13 24448]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-2 76056]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-2 15128]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-21 25928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-1-22 77824]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-1-22 180224]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664]
R3 StnPport;PCIe to Multi Mode Parallel Port;C:\Windows\System32\drivers\StnPport.sys [2010-10-26 97280]
R3 StnSport;PCIe to High Speed Serial Port;C:\Windows\System32\drivers\StnSport.sys [2010-8-20 128000]
R3 VBEngNT;VBEngNT;C:\Windows\System32\drivers\VBEngNT.sys [2013-8-25 318040]
R3 VBFilt;VBFilt;C:\Windows\System32\Filt\VBFilt64.dll [2013-8-25 86432]
R3 X-Rite;X-Rite USB Service;C:\Windows\System32\drivers\XrUsb64.sys [2012-7-14 33600]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 ASWFilt;ASWFilt;C:\Windows\System32\Filt\ASWFilt64.dll [2013-8-25 66224]
S3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;C:\Windows\System32\drivers\ax88178.sys [2012-10-22 62976]
S3 PcaMp60;Rawether NDIS 6.X MPR Protocol Driver;C:\Windows\System32\drivers\PcaMp60.sys [2013-4-11 39424]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-4-11 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-13 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 T32USB;TRACE32 USB Driver (64bit);C:\Windows\System32\drivers\t32usbamd64.sys [2012-4-29 34296]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-13 57856]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\System32\drivers\VX6000Xp.sys [2010-5-20 2143600]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-20 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== Created Last 30 ================
.
2013-10-23 18:05:17 -------- d-sh--w- C:\$RECYCLE.BIN
2013-10-22 09:28:38 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD25F8FD-36CA-4CFA-9485-C8BD810023AC}\offreg.dll
2013-10-22 09:07:49 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AD25F8FD-36CA-4CFA-9485-C8BD810023AC}\mpengine.dll
2013-10-21 18:47:22 -------- d-----w- C:\Users\ziggy-d\AppData\Roaming\Malwarebytes
2013-10-21 18:46:51 -------- d-----w- C:\ProgramData\Malwarebytes
2013-10-21 18:46:50 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-10-21 18:46:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-17 00:54:09 -------- d-----w- C:\ComboFix_v13_10_16_2
2013-10-11 16:21:10 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-11 16:21:10 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-11 16:21:10 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-11 16:21:10 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-11 16:21:10 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-11 16:21:10 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-11 16:21:10 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-10 14:44:52 633856 ----a-w- C:\Windows\System32\comctl32.dll
2013-10-09 09:58:02 4879744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-10-09 09:58:02 4879744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-10-02 20:03:42 -------- d-----w- C:\ComboFix_v13_10_1_3
2013-10-02 20:00:53 -------- d-----w- C:\Users\ziggy-d\AppData\Local\CrashDumps
2013-09-30 19:00:57 -------- d-----w- C:\Users\ziggy-d\AppData\Roaming\.TotalPhase
2013-09-30 17:13:14 -------- d-----w- C:\ComboFix_v13_9_30_2
2013-09-25 17:24:21 -------- d-----w- C:\Users\ziggy-d\AppData\Roaming\EDrawings
2013-09-24 21:45:55 98816 ----a-w- C:\Windows\sed.exe
2013-09-24 21:45:55 256000 ----a-w- C:\Windows\PEV.exe
2013-09-24 21:45:55 208896 ----a-w- C:\Windows\MBR.exe
2013-09-24 21:41:44 -------- d-----w- C:\ComboFix_v13_9_13
.
==================== Find3M ====================
.
2013-10-08 20:08:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 20:08:14 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-22 14:21:47 367200 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2013-09-22 14:21:46 183224 ----a-w- C:\Windows\System32\drivers\tib_mounter.sys
2013-09-22 14:21:46 1464096 ----a-w- C:\Windows\System32\drivers\tdrpman.sys
2013-09-22 14:21:46 1120032 ----a-w- C:\Windows\System32\drivers\tib.sys
2013-09-22 14:21:45 161568 ----a-w- C:\Windows\System32\drivers\vididr.sys
2013-09-22 14:21:42 117024 ----a-w- C:\Windows\System32\drivers\vidsflt.sys
2013-09-22 14:21:41 269600 ----a-w- C:\Windows\System32\drivers\snapman.sys
2013-09-22 14:21:41 116000 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-20 10:56:00 85016 ---ha-w- C:\Windows\System32\drivers\PROCMON23.SYS
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 13:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2013-08-02 01:50:42 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17 338432 ----a-w- C:\Windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\Windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 20:17:13.66 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 19/03/2012 22:03:18
System Uptime: 23/10/2013 19:20:39 (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P7H57D-V EVO
Processor: Intel® Core™ i7 CPU 860 @ 2.80GHz | LGA1156 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 238 GiB total, 108.594 GiB free.
D: is CDROM ()
F: is FIXED (NTFS) - 932 GiB total, 826.62 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
M: is Removable
N: is FIXED (NTFS) - 1024 GiB total, 569.179 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: IOCBIOS
Device ID: ROOT\LEGACY_IOCBIOS\0000
Manufacturer:
Name: IOCBIOS
PNP Device ID: ROOT\LEGACY_IOCBIOS\0000
Service: IOCBIOS
.
==== System Restore Points ===================
.
RP229: 11/10/2013 11:32:00 - Windows Update
RP230: 11/10/2013 14:11:44 - Windows Update
RP231: 11/10/2013 15:12:38 - Windows Update
RP232: 11/10/2013 17:21:53 - Windows Update
RP233: 15/10/2013 18:04:46 - Windows Update
RP234: 17/10/2013 01:54:16 - ComboFix created restore point
RP235: 22/10/2013 10:07:39 - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acronis True Image 2014
Acronis Disk Director 11 Home
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Photoshop Lightroom 4.1 64-bit
Adobe Reader 9.5.2
AI Suite
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Media Foundation Decoders
ASUSUpdate
Belarc Advisor 8.3
Beyond Compare 3.3.8
Bing Desktop
Browser Configuration Utility
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CDex - Open Source Digital Audio CD Extractor
Crystal Reports for Visual Studio
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
devolo dLAN Cockpit
Diagram Designer
dLAN Cockpit
Dotfuscator Software Services - Community Edition
EPSON Scan
EPU-6 Engine
eReg
Ethertest
EZcolor 2.6.5
FastStone Capture 6.7
FastStone Image Viewer 4.6
FileZilla Client 3.7.3
Foxit PhantomPDF
Frontline Ethertest 12.2.22.2
Frontline NetDecoder 12.2.24.3
GoPro CineForm Studio 1.3.2
GPU Boost Driver
GSmartControl
H3Viewer by http://www.Helpware.net
Hex Workshop v6.7
HiJackThis
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2813041)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2813041)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
IAR Embedded Workbench for ARM
IAR Embedded Workbench for ARM - Library Source
IAR Embedded Workbench for ARM_2 (C:\Program Files (x86)\IAR Systems\Embedded Workbench 6.5_2)
Imagix 4D Release 7.4.7
ImgBurn
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® SMBus
J-Link ARM V4.74
Java 7 Update 15
Java Auto Updater
Keil µVision4
Logitech SetPoint 6.32
Logitech Unifying Software 2.00
Malwarebytes Anti-Malware version 1.75.0.1300
marvell 61xx
marvell 91xx driver
MicrelSwitchPhyTools version 1.17
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Corporation
Microsoft Help Viewer 1.1
Microsoft IntelliPoint 8.2
Microsoft LifeCam
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Student 2010 - English
Microsoft Office Office 64-bit Components 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Visio 2010
Microsoft Office Visio MUI (English) 2010
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visio Premium 2010
Microsoft Visual C++ Compilers 2010 Standard - enu - x64
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Moneysoft Money Manager
Moneysoft Money Manager 6 Business Edition
Mozilla Firefox 24.0 (x86 en-GB)
Mozilla Maintenance Service
Multi-Edit 2008 (v11.04.00)
NEC Electronics USB 3.0 Host Controller Driver
NetDecoder
Notepad++
Outpost Security Suite Pro 8.1
PC Probe II
PDF Settings CS5
PowerGREP 4 DEMO 4.4.0
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realterm 2.0.0.70
Samsung Magician
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2644980)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Sentinel System Driver Installer 7.5.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Skype Click to Call
Skype™ 6.7
Smart PDF Converter 6.3.0.487
Software Update Wizard (Redistributable) 4.5
SplashID Standalone 5.3.2
Sql Server Customer Experience Improvement Program
TomTom HOME
TomTom HOME Visual Studio Merge Modules
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TRACE32
TurboV EVO
Tyre
Unison RTOS v5-2-1 for ST CortexM3 IAR
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.0.8
VMware Workstation
WCF RIA Services V1.0 SP1
Web Deployment Tool
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Driver Package - IAR Systems (IJET) IARUSB (05/23/2012 2.05)
Windows Driver Package - KEIL - Tools By ARM (WinUSB) USB (12/19/2009 1.0.0.2)
Windows Driver Package - Lauterbach (T32USB) Trace32 (06/24/2010 5.5.0.0)
WinPcap 4.1.3
Wireshark 1.8.6 (64-bit)
wxDownload Fast 0.6.0
xplorer² professional 64 bit
xplorer² Ultimate 64 bit
.
==== Event Viewer Messages From Past Week ========
.
3 is not a valid Win32 application.
23/10/2013 19:20:59, Error: Service Control Manager [7000] - The TAPccWdm service failed to start due to the following error: This driver has been blocked from loading
23/10/2013 19:20:59, Error: Service Control Manager [7000] - The PCASp50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
23/10/2013 19:20:59, Error: Application Popup [1060] - \??\C:\WINDOWS\SysWow64\drivers\TAPccWdm.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
23/10/2013 19:20:58, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.
23/10/2013 19:20:58, Error: Service Control Manager [7000] - The IOCBIOS service failed to start due to the following error: The system cannot find the path specified.
23/10/2013 19:05:23, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 19:03:49, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
23/10/2013 19:00:04, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
23/10/2013 18:58:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
23/10/2013 18:58:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
23/10/2013 18:58:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
23/10/2013 18:58:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
23/10/2013 18:58:33, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/10/2013 18:58:28, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
23/10/2013 18:58:21, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD afw AsIO AsUpIO CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SandBox snapman spldr tdx Wanarpv6 WfpLwf ws2ifsl
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The VMware Workstation Server service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
23/10/2013 18:58:21, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
23/10/2013 17:36:00, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
23/10/2013 16:02:10, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.
23/10/2013 16:01:30, Error: Service Control Manager [7034] - The ASUS System Control Service service terminated unexpectedly. It has done this 1 time(s).
23/10/2013 16:01:30, Error: Service Control Manager [7031] - The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
23/10/2013 16:00:25, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
22/10/2013 21:51:10, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{A431BA22-58DB-4E7F-A0E6-8D2F60343AF4} because another computer on the network has the same name. The server could not start.
22/10/2013 18:32:13, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
22/10/2013 17:23:52, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{67157ca0-720d-11e1-902b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{A9DD3642-D63D-473A-8F98-0A47AB3B3419}' was corrupted and it has been recovered. Some data might have been lost.
21/10/2013 20:02:47, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000080, 0x0000000000000002, 0x0000000000000001, 0xfffff80003a87f1f). A dump was saved in: C:\Windows\Minidump\102113-16848-01.dmp. Report Id: 102113-16848-01.
20/10/2013 18:02:56, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{BD5BF8E2-4336-4A77-988F-2A9E72B71C9B} because another computer on the network has the same name. The server could not start.
20/10/2013 01:05:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
18/10/2013 21:15:00, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
17/10/2013 15:35:14, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{67157ca0-720d-11e1-902b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{DFFBFF1B-FFAD-4A6E-A49C-DD34B8064598}' was corrupted and it has been recovered. Some data might have been lost.
17/10/2013 02:02:24, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Run the configured recovery program) after the unexpected termination of the VMware Workstation Server service, but this action failed with the following error:
17/10/2013 02:01:24, Error: Service Control Manager [7031] - The VMware Workstation Server service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Run the configured recovery program.
17/10/2013 02:00:13, Error: Service Control Manager [7031] - The VMware Workstation Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/10/2013 17:27:59, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\Volume{67157ca0-720d-11e1-902b-806e6f6e6963}\System Volume Information\SPP\SppCbsHiveStore\{cd42efe1-f6f1-427c-b004-033192c625a4}{8493FD72-BD1A-4611-A06F-DC1F0ED4D0BA}' was corrupted and it has been recovered. Some data might have been lost.
16/10/2013 14:14:25, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DevoloNetworkService service.
.
==== End Of File ===========================


ComboFix 13-10-23.01 - ziggy-d 23/10/2013 19:00:35.11.8 - x64 MINIMAL
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16350.15110 [GMT 1:00]
Running from: c:\users\ziggy-d\Desktop\ComboFix_v13_10_23_1.exe
AV: Outpost Security Suite Pro *Enabled/Updated* {CA353927-A29E-272A-EC5E-4FB545C2A8D0}
FW: Outpost Security Suite Pro *Enabled* {F20EB802-E8F1-2672-C701-E680BB11EFAB}
SP: Outpost Security Suite Pro *Enabled/Updated* {7154D8C3-84A4-28A4-D6EE-74C73E45E26D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-09-23 to 2013-10-23 )))))))))))))))))))))))))))))))
.
.
2013-10-23 18:03 . 2013-10-23 18:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-23 18:03 . 2013-10-23 18:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-23 14:50 . 2013-10-23 14:50 345761 ----a-w- c:\windows\SysWow64\TPUSBUninstaller.exe
2013-10-22 09:28 . 2013-10-22 09:28 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD25F8FD-36CA-4CFA-9485-C8BD810023AC}\offreg.dll
2013-10-22 09:07 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AD25F8FD-36CA-4CFA-9485-C8BD810023AC}\mpengine.dll
2013-10-21 18:47 . 2013-10-21 18:47 -------- d-----w- c:\users\ziggy-d\AppData\Roaming\Malwarebytes
2013-10-21 18:46 . 2013-10-21 18:46 -------- d-----w- c:\programdata\Malwarebytes
2013-10-21 18:46 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-21 18:46 . 2013-10-21 18:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-10-17 00:54 . 2013-10-17 01:03 -------- d-----w- C:\ComboFix_v13_10_16_2
2013-10-11 16:21 . 2013-09-04 12:12 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-11 16:21 . 2013-09-04 12:11 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-11 16:21 . 2013-09-04 12:11 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-11 16:21 . 2013-09-04 12:11 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-11 16:21 . 2013-09-04 12:11 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-10-11 16:21 . 2013-09-04 12:11 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-10-11 16:21 . 2013-09-04 12:11 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-10 14:44 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2013-10-02 20:03 . 2013-10-02 20:13 -------- d-----w- C:\ComboFix_v13_10_1_3
2013-10-02 20:00 . 2013-10-22 13:30 -------- d-----w- c:\users\ziggy-d\AppData\Local\CrashDumps
2013-09-30 19:00 . 2013-09-30 19:00 -------- d-----w- c:\users\ziggy-d\AppData\Roaming\.TotalPhase
2013-09-30 17:13 . 2013-09-30 17:22 -------- d-----w- C:\ComboFix_v13_9_30_2
2013-09-25 17:24 . 2013-09-25 17:24 -------- d-----w- c:\users\ziggy-d\AppData\Roaming\EDrawings
2013-09-24 21:41 . 2013-09-24 21:42 -------- d-----w- C:\ComboFix_v13_9_13
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 10:36 . 2012-03-20 01:55 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-08 20:08 . 2012-08-12 00:17 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-08 20:08 . 2012-08-12 00:17 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 14:21 . 2013-09-22 14:21 367200 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-09-22 14:21 . 2013-09-22 14:21 183224 ----a-w- c:\windows\system32\drivers\tib_mounter.sys
2013-09-22 14:21 . 2013-09-22 14:21 1464096 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2013-09-22 14:21 . 2013-09-22 14:21 1120032 ----a-w- c:\windows\system32\drivers\tib.sys
2013-09-22 14:21 . 2013-09-22 14:21 161568 ----a-w- c:\windows\system32\drivers\vididr.sys
2013-09-22 14:21 . 2013-09-22 14:21 117024 ----a-w- c:\windows\system32\drivers\vidsflt.sys
2013-09-22 14:21 . 2013-09-12 15:05 269600 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-09-22 14:21 . 2013-09-12 15:05 116000 ----a-w- c:\windows\system32\drivers\fltsrv.sys
2013-09-21 10:45 . 2013-09-21 10:45 388096 ----a-r- c:\users\ziggy-d\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-20 10:56 . 2013-09-20 10:56 85016 ---ha-w- c:\windows\system32\drivers\PROCMON23.SYS
2013-09-03 13:35 . 2012-03-20 01:48 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-08-29 01:48 . 2013-10-10 14:44 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-05 02:25 . 2013-09-11 08:43 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-08-02 02:14 . 2013-09-11 08:42 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-08-02 02:13 . 2013-09-11 08:42 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-08-02 02:13 . 2013-09-11 08:42 1161216 ----a-w- c:\windows\system32\kernel32.dll
2013-08-02 02:12 . 2013-09-11 08:42 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-08-02 02:12 . 2013-09-11 08:42 6656 ----a-w- c:\windows\system32\apisetschema.dll
2013-08-02 02:12 . 2013-09-11 08:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 02:12 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:50 . 2013-09-11 08:42 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2013-08-02 01:48 . 2013-09-11 08:42 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-08-02 01:48 . 2013-09-11 08:42 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-02 01:48 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-08-02 01:09 . 2013-09-11 08:42 338432 ----a-w- c:\windows\system32\conhost.exe
2013-08-02 00:59 . 2013-09-11 08:42 112640 ----a-w- c:\windows\system32\smss.exe
2013-08-02 00:43 . 2013-09-11 08:42 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 08:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 08:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43 . 2013-09-11 08:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-26 02:24 . 2013-09-11 08:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-07-26 02:24 . 2013-09-11 08:43 197120 ----a-w- c:\windows\system32\shdocvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2013-07-02 248208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696]
"TurboV EVO"="c:\program files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe" [2010-07-07 9936000]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-26 375000]
"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-08-19 603136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-27 2249352]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-11-01 104088]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2013-08-22 7780904]
"AcronisTibMounterMonitor"="c:\program files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe" [2013-01-10 1103440]
.
c:\users\ziggy-d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe /remind /language=ENG /_WFM="." [2009-11-16 517384]
Samsung Magician.lnk - c:\program files (x86)\Samsung\Samsung Magician\Samsung Magician.exe /AUTOHIDE [2013-8-28 4351392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CineForm Status.lnk - c:\program files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe [2012-10-28 152064]
MonacoGamma.lnk - c:\program files (x86)\X-Rite\Tools\MonacoGamma\MonacoGamma.exe -StartUp -All [2012-7-14 102400]
WinZip Quick Pick.lnk - c:\program files (x86)\WinZip\WZQKPICK.EXE [2013-9-2 118784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook.dll
.
R1 afw;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x]
R1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox64.sys;c:\windows\SYSNATIVE\drivers\SandBox64.sys [x]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [x]
R2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [x]
R2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
R2 DevoloNetworkService;devolo Network Service;c:\program files (x86)\devolo\dlan\devolonetsvc.exe;c:\program files (x86)\devolo\dlan\devolonetsvc.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [x]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
R2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys;c:\windows\sysWOW64\drivers\npf_devolo.sys [x]
R2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [x]
R2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
R2 TAPccWdm;TAPccWdm;c:\windows\system32\drivers\TAPccWdm.sys;c:\windows\SYSNATIVE\drivers\TAPccWdm.sys [x]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys;c:\windows\SYSNATIVE\drivers\afwcore.sys [x]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt64.dll;c:\windows\SYSNATIVE\Filt\ASWFilt64.dll [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 AX88178;ASIX AX88178 USB2.0 to Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\ax88178.sys;c:\windows\SYSNATIVE\DRIVERS\ax88178.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 PcaMp60;Rawether NDIS 6.X MPR Protocol Driver;c:\windows\system32\DRIVERS\PcaMp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaMp60.sys [x]
R3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;c:\windows\system32\DRIVERS\PcaSp60.sys;c:\windows\SYSNATIVE\DRIVERS\PcaSp60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
R3 StnPport;PCIe to Multi Mode Parallel Port;c:\windows\system32\DRIVERS\StnPport.sys;c:\windows\SYSNATIVE\DRIVERS\StnPport.sys [x]
R3 StnSport;PCIe to High Speed Serial Port;c:\windows\system32\DRIVERS\StnSport.sys;c:\windows\SYSNATIVE\DRIVERS\StnSport.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 T32USB;TRACE32 USB Driver (64bit);c:\windows\system32\DRIVERS\t32usbamd64.sys;c:\windows\SYSNATIVE\DRIVERS\t32usbamd64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys;c:\windows\SYSNATIVE\drivers\VBEngNT.sys [x]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt64.dll;c:\windows\SYSNATIVE\Filt\VBFilt64.dll [x]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys;c:\windows\SYSNATIVE\DRIVERS\VX6000Xp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv61xx.sys [x]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys;c:\windows\SYSNATIVE\DRIVERS\mv91cons.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
S0 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S0 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt;Acronis Disk Storage Filter;c:\windows\system32\DRIVERS\vidsflt.sys;c:\windows\SYSNATIVE\DRIVERS\vidsflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 jlink;J-Link driver;c:\windows\system32\Drivers\jlinkx64.sys;c:\windows\SYSNATIVE\Drivers\jlinkx64.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;c:\windows\system32\DRIVERS\SNTUSB64.SYS;c:\windows\SYSNATIVE\DRIVERS\SNTUSB64.SYS [x]
S3 X-Rite;X-Rite USB Service;c:\windows\system32\DRIVERS\XrUsb64.sys;c:\windows\SYSNATIVE\DRIVERS\XrUsb64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-12 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2013-08-07 16:07 2820136 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2013-08-07 16:07 2820136 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2013-08-07 16:07 2820136 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2013-06-13 10:40 293088 ----a-w- c:\program files\Agnitum\Outpost Security Suite Pro\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8317472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"VX6000"="c:\windows\vVX6000.exe" [2010-05-20 764784]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2013-07-18 518464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~1\Agnitum\OUTPOS~1\wl_hook64.dll c:\progra~1\Agnitum\OUTPOS~1\wl_hook64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
FF - ProfilePath - c:\users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
AddRemove-TotalPhase - c:\windows\system32\TPUSBUninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Completion time: 2013-10-23 19:05:12
ComboFix-quarantined-files.txt 2013-10-23 18:05
ComboFix-quarantined-files_131017.txt 2013-10-17 01:03
ComboFix2.txt 2013-10-17 01:03
ComboFix3.txt 2013-10-11 15:11
ComboFix4.txt 2013-10-11 12:44
ComboFix5.txt 2013-10-23 15:00
.
Pre-Run: 116,603,932,672 bytes free
Post-Run: 116,229,070,848 bytes free
.
- - End Of File - - D4861903771AAB7F53DB857A29431238
A36C5E4F47E84449FF07ED3517B43A31

Attached Files


Edited by Oh My, 01 November 2013 - 11:54 AM.
Logs posted


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:45 AM

Posted 31 October 2013 - 07:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/511921 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 01 November 2013 - 11:52 AM

Greetings whizzcodebang and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. While I review the information you have already posted please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 02 November 2013 - 09:53 AM

Hi Gary,
 
First let me thank you for even taking the trouble to look at my problem - which may not be what I imainge it to be. Worth mentioning that I do have a proper Win7 64-bit Pro DVD as my machine was a custom construction and the vendor supplied a full commerical copy. In an earlier post I mentioned that I ran Combofix. not I hasten under anyone's direction, but because I stumbled across it on this forum (before I joined) looking for answers & decided it could help - which it does for a few days at  a time. It so happens I've not had an opportunity to run that tool these last three days and my PC is behaving more erratically especially when in the FireFox browser - the mouse will jump or be jerky. Certainly in the recent past a run of ComboFix limits the strange actions I see on the screen so my hope is it force the PC to behave itself for a few days and let me get on with my (embedded) software work.
 
Between the time I sent in my request until now I have performed several scans using commerical tools yet nothing of signficance is shown. The tools include; MalwareBytes, AVG Anti-Virus & their Root Kit, Agnitum Outpost Security Suite and the occasional run of SpyBot. All come back with nothing of significance.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by ziggy-d (administrator) on ZIGGY-D-PC on 02-11-2013 05:07:05
Running from C:\Users\ziggy-d\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Agnitum Ltd.) C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Microsoft Corporation
) C:\Windows\vVX6000.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Agnitum Ltd.) C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(GoPro) C:\Program Files (x86)\CineForm\Tools\GoProCineFormStatusViewer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(WinZip Computing, Inc.) C:\Program Files (x86)\WinZip\WZQKPICK.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(FastStone Soft) C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcfgex.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8317472 2009-11-03] (Realtek Semiconductor)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [VX6000] - C:\Windows\vVX6000.exe [764784 2010-05-20] (Microsoft Corporation
)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518464 2013-07-18] (Acronis)
HKLM\...\Run: [OutpostMonitor] - C:\Program Files\Agnitum\Outpost Security Suite Pro\op_mon.exe [4645880 2013-06-13] (Agnitum Ltd.)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-07-02] (TomTom)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [TurboV EVO] - C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe [9936000 2010-07-07] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM-x32\...\Run: [BCU] - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-26] (DeviceVM, Inc.)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [603136 2009-08-19] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [vmware-tray.exe] - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104088 2012-11-01] (VMware, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7806200 2013-10-24] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] - C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102208 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4908592 2013-10-07] (AVG Technologies CZ, s.r.o.)
AppInit_DLLs: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook64.dll c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook64.dll [1105776 2013-06-13] (Agnitum Ltd.)
AppInit_DLLs-x32: c:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll [824080 2013-06-13] (Agnitum Ltd.)
Startup: C:\Users\ziggy-d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
Startup: C:\Users\ziggy-d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe (Samsung Electronics.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD660648DC017CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch64.dll (DeviceVM, Inc.)
URLSearchHook: HKCU - SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {6F0FFC26-49DE-4288-9467-71965BAE2DEE} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
SearchScopes: HKCU - {6F0FFC26-49DE-4288-9467-71965BAE2DEE} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default
FF SearchEngineOrder.1: Web Search
FF SearchEngineOrder.2: Google
FF Homepage: hxxp://www.google.co.uk
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: British English Dictionary - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\en-GB@dictionaries.addons.mozilla.org
FF Extension: Sidebar Bookmarks Search Plus - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\sidebarBookmarksSearch@alice
FF Extension: Update Service - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\updater@foxstart.com
FF Extension: goParentFolder - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\goParentFolder@alice.xpi
FF Extension: showParentFolder - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\showParentFolder@alice.xpi
FF Extension: aios - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
FF Extension: flashgot - C:\Users\ziggy-d\AppData\Roaming\Mozilla\Firefox\Profiles\4w1wfu7t.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

==================== Services (Whitelisted) =================

R2 acssrv; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [3355784 2013-06-13] (Agnitum Ltd.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe [109056 2010-06-24] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3538480 2013-10-03] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [301152 2013-09-25] (AVG Technologies CZ, s.r.o.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3305280 2010-11-16] (devolo AG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
R2 OS Selector; C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2139536 2011-11-15] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [13234176 2012-11-01] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)

==================== Drivers (Whitelisted) ====================

R1 afw; C:\Windows\System32\DRIVERS\afw.sys [40544 2012-10-16] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [469256 2013-05-21] (Agnitum Ltd.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-04-22] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
S3 ASWFilt; C:\Windows\system32\Filt\ASWFilt64.dll [66224 2012-10-09] (Agnitum Ltd.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [148792 2013-09-25] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [241464 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192824 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-09-02] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 AX88178; C:\Windows\System32\DRIVERS\ax88178.sys [62976 2012-10-22] (ASIX Electronics Corp.)
S3 jlink; C:\Windows\System32\Drivers\jlinkx64.sys [24448 2012-07-24] (SEGGER Microcontroller Systeme GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 mv61xx; C:\Windows\System32\DRIVERS\mv61xx.sys [179752 2009-08-06] (Marvell Semiconductor, Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2009-01-29] (CACE Technologies)
S3 PcaMp60; C:\Windows\System32\DRIVERS\PcaMp60.sys [39424 2010-08-04] (Printing Communications Assoc., Inc. (PCAUSA))
U3 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.SYS [85016 2013-09-20] (Sysinternals - www.sysinternals.com)
R1 SandBox; C:\Windows\system32\drivers\SandBox64.sys [1311608 2013-06-03] (Agnitum Ltd.)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)
R3 StnPport; C:\Windows\System32\DRIVERS\StnPport.sys [97280 2010-10-26] ()
R3 StnSport; C:\Windows\System32\DRIVERS\StnSport.sys [128000 2010-08-20] ()
S3 T32USB; C:\Windows\System32\DRIVERS\t32usbamd64.sys [34296 2010-06-24] (Lauterbach GmbH)
S2 TAPccWdm; C:\WINDOWS\SysWow64\drivers\TAPccWdm.sys [31628 2003-09-25] (Rockwell Automation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2013-09-22] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2013-10-26] (Acronis International GmbH)
R3 VBEngNT; C:\Windows\system32\drivers\VBEngNT.sys [318040 2012-11-20] (VirusBuster Kft.)
R3 VBFilt; C:\Windows\system32\Filt\VBFilt64.dll [86432 2013-06-03] (Agnitum Ltd.)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2013-09-22] (Acronis International GmbH)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31384 2012-11-01] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
S3 VX6000; C:\Windows\System32\DRIVERS\VX6000Xp.sys [2143600 2010-05-20] (Microsoft Corporation
)
R3 X-Rite; C:\Windows\System32\DRIVERS\XrUsb64.sys [33600 2007-01-29] (X-Rite, Inc.)
S3 catchme; \??\C:\ComboFix_v13_9_24_2\catchme.sys [x]
S2 IOCBIOS; \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.SYS [x]
S2 PCASp50; System32\Drivers\PCASp50.Sys [x]
U3 VBCoreNT.0; \SystemRoot\System32\Filt\tmp\2uidoswm.vbt [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-02 05:06 - 2013-11-02 05:06 - 00000000 ____D C:\FRST
2013-11-02 01:30 - 2013-11-02 01:30 - 01957098 _____ (Farbar) C:\Users\ziggy-d\Desktop\FRST64.exe
2013-11-01 00:42 - 2013-11-01 00:42 - 00001018 _____ C:\Users\Public\Desktop\GoLogic.lnk
2013-11-01 00:42 - 2013-11-01 00:42 - 00000000 ____D C:\Program Files (x86)\NCI
2013-10-31 22:17 - 2013-10-31 22:17 - 00436736 _____ C:\Windows\SysWOW64\GoLogic2.dll
2013-10-31 01:03 - 2013-11-01 00:42 - 00000000 ____D C:\Users\ziggy-d\Documents\My GoLogic
2013-10-31 00:05 - 2013-10-31 00:05 - 00000000 ____D C:\Program Files (x86)\GoLogicUSBDriver
2013-10-30 23:55 - 2013-10-30 23:55 - 00037349 _____ C:\ComboFix.txt
2013-10-30 23:44 - 2013-10-30 23:42 - 05137879 ____R (Swearware) C:\Users\ziggy-d\Desktop\ComboFix_v13_10_30_1.exe
2013-10-30 00:50 - 2013-11-01 00:42 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\GoLogic
2013-10-30 00:47 - 2013-10-31 01:03 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\NCI
2013-10-26 22:39 - 2013-10-26 22:39 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\AVG2014
2013-10-26 22:38 - 2013-10-26 22:38 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-26 22:38 - 2013-10-26 22:38 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\TuneUp Software
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\$AVG
2013-10-26 22:32 - 2013-11-02 04:25 - 00000000 ____D C:\ProgramData\MFAData
2013-10-26 22:32 - 2013-10-26 22:43 - 00000000 ____D C:\Users\ziggy-d\AppData\Local\Avg2014
2013-10-26 22:32 - 2013-10-26 22:32 - 00000000 ____D C:\Users\ziggy-d\AppData\Local\MFAData
2013-10-26 21:56 - 2013-10-26 21:56 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2013-10-26 21:55 - 2013-10-26 21:55 - 00198432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2013-10-26 21:55 - 2013-10-26 21:55 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\BF081F6B-CB0A-454E-96E6-341A0A798A62
2013-10-26 12:38 - 2013-10-23 18:05 - 00033934 _____ C:\Users\ziggy-d\Desktop\ComboFix2.txt
2013-10-25 21:48 - 2013-10-25 21:48 - 00001850 _____ C:\Users\Public\Desktop\MicroXplorer.lnk
2013-10-25 21:48 - 2013-10-25 21:48 - 00000000 ____D C:\Program Files (x86)\STMicroelectronics
2013-10-24 21:22 - 2013-10-24 21:32 - 00000000 ____D C:\ComboFix_v13_10_24_1
2013-10-23 21:38 - 2013-10-23 21:38 - 00345761 _____ C:\Windows\SysWOW64\TPUSBUninstaller.exe
2013-10-23 19:17 - 2013-10-23 19:17 - 00027301 _____ C:\Users\ziggy-d\Desktop\dds.txt
2013-10-23 19:17 - 2013-10-23 19:17 - 00024767 _____ C:\Users\ziggy-d\Desktop\attach.txt
2013-10-23 19:15 - 2013-10-23 19:14 - 00688992 ____R (Swearware) C:\Users\ziggy-d\Desktop\dds.com
2013-10-21 18:47 - 2013-10-21 18:47 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\Malwarebytes
2013-10-21 18:46 - 2013-10-21 18:46 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-21 18:46 - 2013-10-21 18:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 18:46 - 2013-10-21 18:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 18:46 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-17 00:54 - 2013-10-17 01:03 - 00000000 ____D C:\ComboFix_v13_10_16_2
2013-10-11 16:21 - 2013-09-04 12:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-11 16:21 - 2013-09-04 12:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-11 16:21 - 2013-09-04 12:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-11 16:21 - 2013-09-04 12:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-11 16:21 - 2013-09-04 12:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-11 16:21 - 2013-09-04 12:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-11 16:21 - 2013-09-04 12:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-11 10:43 - 2013-09-22 23:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 10:43 - 2013-09-22 23:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 10:43 - 2013-09-22 23:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 10:43 - 2013-09-22 22:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 10:43 - 2013-09-22 22:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 10:43 - 2013-09-22 22:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 10:43 - 2013-09-22 22:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 10:43 - 2013-09-22 22:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-11 10:43 - 2013-09-21 03:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 10:43 - 2013-09-21 03:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 10:43 - 2013-09-21 02:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-11 10:43 - 2013-09-21 02:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-10 14:44 - 2013-09-14 01:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-10 14:44 - 2013-09-08 02:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-10 14:44 - 2013-09-08 02:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-10 14:44 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-10 14:44 - 2013-08-29 02:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-10 14:44 - 2013-08-29 02:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-10 14:44 - 2013-08-29 02:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-10 14:44 - 2013-08-29 02:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-10 14:44 - 2013-08-29 02:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-10 14:44 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-10 14:44 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-10 14:44 - 2013-08-29 01:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-10 14:44 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-10 14:44 - 2013-08-29 01:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-10 14:44 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-10 14:44 - 2013-08-29 00:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-10 14:44 - 2013-08-29 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-10 14:44 - 2013-08-29 00:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-10 14:44 - 2013-08-29 00:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-10 14:44 - 2013-08-28 01:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:44 - 2013-08-28 01:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-10 14:44 - 2013-08-01 12:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-10 14:44 - 2013-07-20 10:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:44 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:44 - 2013-07-12 10:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:44 - 2013-07-12 10:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-10 14:44 - 2013-07-04 12:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-10 14:44 - 2013-07-04 12:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-10 14:44 - 2013-07-04 12:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-10 14:44 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-10 14:44 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-10 14:44 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-10 14:44 - 2013-07-04 10:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-10 14:44 - 2013-07-03 04:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-10 14:44 - 2013-07-03 04:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:44 - 2013-07-03 04:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:44 - 2013-06-25 22:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:44 - 2013-06-06 05:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-10 14:44 - 2013-06-06 05:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-10 14:44 - 2013-06-06 05:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-10 14:44 - 2013-06-06 05:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:44 - 2013-06-06 04:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-10 14:44 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-10 14:44 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-10 14:44 - 2013-06-06 03:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:44 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-10 14:44 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-04 13:45 - 2013-10-04 13:45 - 00002067 _____ C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk

==================== One Month Modified Files and Folders =======

2013-11-02 05:06 - 2013-11-02 05:06 - 00000000 ____D C:\FRST
2013-11-02 05:05 - 2013-08-25 08:32 - 00000135 _____ C:\Windows\system32\config\rules.rdb
2013-11-02 04:25 - 2013-10-26 22:32 - 00000000 ____D C:\ProgramData\MFAData
2013-11-02 04:08 - 2012-08-12 00:17 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-02 03:00 - 2012-03-19 21:52 - 01558924 _____ C:\Windows\WindowsUpdate.log
2013-11-02 01:30 - 2013-11-02 01:30 - 01957098 _____ (Farbar) C:\Users\ziggy-d\Desktop\FRST64.exe
2013-11-02 01:07 - 2013-08-25 08:30 - 00000000 ____D C:\Windows\system32\Filt
2013-11-01 21:02 - 2009-07-14 04:51 - 00073432 _____ C:\Windows\setupact.log
2013-11-01 16:50 - 2009-07-14 05:13 - 00886376 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-01 00:42 - 2013-11-01 00:42 - 00001018 _____ C:\Users\Public\Desktop\GoLogic.lnk
2013-11-01 00:42 - 2013-11-01 00:42 - 00000000 ____D C:\Program Files (x86)\NCI
2013-11-01 00:42 - 2013-10-31 01:03 - 00000000 ____D C:\Users\ziggy-d\Documents\My GoLogic
2013-11-01 00:42 - 2013-10-30 00:50 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\GoLogic
2013-10-31 22:17 - 2013-10-31 22:17 - 00436736 _____ C:\Windows\SysWOW64\GoLogic2.dll
2013-10-31 12:35 - 2013-10-02 20:00 - 00000000 ____D C:\Users\ziggy-d\AppData\Local\CrashDumps
2013-10-31 10:44 - 2009-07-14 04:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-31 10:44 - 2009-07-14 04:45 - 00026032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-31 01:03 - 2013-10-30 00:47 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\NCI
2013-10-31 00:06 - 2012-03-20 22:47 - 00070530 _____ C:\Windows\DPINST.LOG
2013-10-31 00:05 - 2013-10-31 00:05 - 00000000 ____D C:\Program Files (x86)\GoLogicUSBDriver
2013-10-30 23:57 - 2013-09-22 14:23 - 00027134 _____ C:\Windows\PFRO.log
2013-10-30 23:57 - 2013-02-22 01:22 - 00000000 ____D C:\ProgramData\VMware
2013-10-30 23:57 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-30 23:56 - 2013-08-25 08:45 - 00006198 _____ C:\Windows\system32\config\afw_db.conf
2013-10-30 23:56 - 2013-08-25 08:45 - 00000752 _____ C:\Windows\system32\config\afw_hm.conf
2013-10-30 23:55 - 2013-10-30 23:55 - 00037349 _____ C:\ComboFix.txt
2013-10-30 23:55 - 2013-09-21 09:58 - 00000000 ____D C:\Qoobox
2013-10-30 23:53 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2013-10-30 23:42 - 2013-10-30 23:44 - 05137879 ____R (Swearware) C:\Users\ziggy-d\Desktop\ComboFix_v13_10_30_1.exe
2013-10-29 00:59 - 2012-04-29 00:48 - 98822144 _____ C:\Windows\system32\config\sscan.xas
2013-10-26 22:43 - 2013-10-26 22:32 - 00000000 ____D C:\Users\ziggy-d\AppData\Local\Avg2014
2013-10-26 22:39 - 2013-10-26 22:39 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\AVG2014
2013-10-26 22:38 - 2013-10-26 22:38 - 00003230 _____ C:\Windows\System32\Tasks\SidebarExecute
2013-10-26 22:38 - 2013-10-26 22:38 - 00000965 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\TuneUp Software
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\ProgramData\AVG2014
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\Program Files (x86)\AVG
2013-10-26 22:38 - 2013-10-26 22:38 - 00000000 ____D C:\$AVG
2013-10-26 22:32 - 2013-10-26 22:32 - 00000000 ____D C:\Users\ziggy-d\AppData\Local\MFAData
2013-10-26 21:57 - 2013-09-12 15:19 - 00000000 ____D C:\ProgramData\Acronis
2013-10-26 21:56 - 2013-10-26 21:56 - 00367200 _____ (Acronis) C:\Windows\system32\Drivers\afcdp.sys
2013-10-26 21:55 - 2013-10-26 21:55 - 00198432 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tib_mounter.sys
2013-10-26 21:55 - 2013-10-26 21:55 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\BF081F6B-CB0A-454E-96E6-341A0A798A62
2013-10-26 21:55 - 2013-09-22 14:21 - 01464096 _____ (Acronis International GmbH) C:\Windows\system32\Drivers\tdrpman.sys
2013-10-26 21:55 - 2013-09-22 14:21 - 00001205 _____ C:\Users\Public\Desktop\Acronis True Image 2014.lnk
2013-10-25 21:48 - 2013-10-25 21:48 - 00001850 _____ C:\Users\Public\Desktop\MicroXplorer.lnk
2013-10-25 21:48 - 2013-10-25 21:48 - 00000000 ____D C:\Program Files (x86)\STMicroelectronics
2013-10-25 21:48 - 2012-03-20 22:29 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-24 21:32 - 2013-10-24 21:22 - 00000000 ____D C:\ComboFix_v13_10_24_1
2013-10-23 21:38 - 2013-10-23 21:38 - 00345761 _____ C:\Windows\SysWOW64\TPUSBUninstaller.exe
2013-10-23 19:17 - 2013-10-23 19:17 - 00027301 _____ C:\Users\ziggy-d\Desktop\dds.txt
2013-10-23 19:17 - 2013-10-23 19:17 - 00024767 _____ C:\Users\ziggy-d\Desktop\attach.txt
2013-10-23 19:14 - 2013-10-23 19:15 - 00688992 ____R (Swearware) C:\Users\ziggy-d\Desktop\dds.com
2013-10-23 18:05 - 2013-10-26 12:38 - 00033934 _____ C:\Users\ziggy-d\Desktop\ComboFix2.txt
2013-10-23 17:53 - 2012-09-29 22:28 - 00007604 _____ C:\Users\ziggy-d\AppData\Local\resmon.resmoncfg
2013-10-21 19:57 - 2012-04-29 00:48 - 100059136 _____ C:\Windows\system32\config\sscan.0
2013-10-21 19:13 - 2012-12-17 15:47 - 00000000 ____D C:\Users\ziggy-d\Documents\Visual Studio 2010
2013-10-21 19:02 - 2013-06-20 08:57 - 00288560 ____N C:\Windows\Minidump\102113-16848-01.dmp
2013-10-21 19:02 - 2012-07-03 00:04 - 00000000 ____D C:\Windows\Minidump
2013-10-21 18:47 - 2013-10-21 18:47 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\Malwarebytes
2013-10-21 18:46 - 2013-10-21 18:46 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-10-21 18:46 - 2013-10-21 18:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 18:46 - 2013-10-21 18:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-17 08:28 - 2012-03-19 22:03 - 00000000 ___RD C:\Users\ziggy-d\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 01:03 - 2013-10-17 00:54 - 00000000 ____D C:\ComboFix_v13_10_16_2
2013-10-14 22:26 - 2013-08-28 10:57 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-12 19:40 - 2012-07-10 01:14 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\FileZilla
2013-10-11 19:41 - 2012-07-10 01:14 - 00002004 _____ C:\Users\Public\Desktop\FileZilla Client.lnk
2013-10-11 19:41 - 2012-07-10 01:14 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-10-11 16:24 - 2009-07-14 04:45 - 05113168 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 13:37 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-11 13:00 - 2013-03-13 02:42 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-11 13:00 - 2013-03-13 02:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-11 12:58 - 2012-04-23 20:46 - 00000000 ____D C:\Users\ziggy-d\AppData\Roaming\SoftGrid Client
2013-10-11 10:44 - 2012-05-06 01:22 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 10:40 - 2012-04-23 20:45 - 00871844 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-11 10:37 - 2013-07-24 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 10:36 - 2012-03-20 01:55 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 20:08 - 2012-08-12 00:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-08 20:08 - 2012-08-12 00:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-08 20:08 - 2012-08-12 00:17 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-04 13:45 - 2013-10-04 13:45 - 00002067 _____ C:\Users\Public\Desktop\Lightroom 4.1 64-bit.lnk
2013-10-04 13:45 - 2012-07-14 13:39 - 00000000 ____D C:\Program Files\Adobe
2013-10-03 00:45 - 2012-12-23 23:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-31 13:23

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by ziggy-d at 2013-11-02 05:07:32
Running from C:\Users\ziggy-d\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Outpost Security Suite Pro (Disabled - Up to date) {CA353927-A29E-272A-EC5E-4FB545C2A8D0}
AS: Outpost Security Suite Pro (Disabled - Up to date) {7154D8C3-84A4-28A4-D6EE-74C73E45E26D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: Outpost Security Suite Pro (Disabled) {F20EB802-E8F1-2672-C701-E680BB11EFAB}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Acronis True Image 2014 (x32 Version: 17.0.6614)
Acronis Disk Director 11 Home (x32 Version: 11.0.2343)
Adobe AIR (x32 Version: 3.8.0.1280)
Adobe Flash Player 10 ActiveX (x32 Version: 10.0.42.34)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Photoshop CS5.1 (x32 Version: 12.1)
Adobe Photoshop Lightroom 4.1 64-bit (Version: 4.1.2)
Adobe Reader 9.5.2 (x32 Version: 9.5.2)
AI Suite (x32 Version: 1.05.39)
AMD Accelerated Video Transcoding (Version: 12.5.100.21219)
AMD APP SDK Runtime (Version: 10.0.1084.4)
AMD Catalyst Install Manager (Version: 8.0.903.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.71219.1540)
ASUSUpdate (x32 Version: 7.18.03)
AVG 2014 (Version: 14.0.3615)
AVG 2014 (Version: 14.0.4158)
AVG 2014 (Version: 2014.0.4158)
Belarc Advisor 8.3 (x32 Version: 8.3.0.0)
Beyond Compare 3.3.8 (x32 Version: 3.3.8.16340)
Bing Desktop (x32 Version: 1.3.174.0)
Browser Configuration Utility (x32 Version: 1.0.10.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485)
Catalyst Control Center Localization All (x32 Version: 2012.1219.1521.27485)
CCC Help Chinese Standard (x32 Version: 2012.1219.1520.27485)
CCC Help Chinese Traditional (x32 Version: 2012.1219.1520.27485)
CCC Help Czech (x32 Version: 2012.1219.1520.27485)
CCC Help Danish (x32 Version: 2012.1219.1520.27485)
CCC Help Dutch (x32 Version: 2012.1219.1520.27485)
CCC Help English (x32 Version: 2012.1219.1520.27485)
CCC Help Finnish (x32 Version: 2012.1219.1520.27485)
CCC Help French (x32 Version: 2012.1219.1520.27485)
CCC Help German (x32 Version: 2012.1219.1520.27485)
CCC Help Greek (x32 Version: 2012.1219.1520.27485)
CCC Help Hungarian (x32 Version: 2012.1219.1520.27485)
CCC Help Italian (x32 Version: 2012.1219.1520.27485)
CCC Help Japanese (x32 Version: 2012.1219.1520.27485)
CCC Help Korean (x32 Version: 2012.1219.1520.27485)
CCC Help Norwegian (x32 Version: 2012.1219.1520.27485)
CCC Help Polish (x32 Version: 2012.1219.1520.27485)
CCC Help Portuguese (x32 Version: 2012.1219.1520.27485)
CCC Help Russian (x32 Version: 2012.1219.1520.27485)
CCC Help Spanish (x32 Version: 2012.1219.1520.27485)
CCC Help Swedish (x32 Version: 2012.1219.1520.27485)
CCC Help Thai (x32 Version: 2012.1219.1520.27485)
CCC Help Turkish (x32 Version: 2012.1219.1520.27485)
ccc-utility64 (Version: 2012.1219.1521.27485)
CDex - Open Source Digital Audio CD Extractor (x32 Version: 1.70.4.2009)
Crystal Reports for Visual Studio (x32 Version: 12.51.0.240)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
devolo dLAN Cockpit (x32 Version: 2.0.0.0)
Diagram Designer (x32 Version: 1.25)
dLAN Cockpit (x32 Version: 2.16.11)
Dotfuscator Software Services - Community Edition (x32 Version: 5.0.2500.0)
EPSON Scan (x32)
EPU-6 Engine (x32 Version: 1.03.03)
eReg (x32 Version: 1.20.138.34)
Ethertest (x32 Version: 1.00.0000)
EZcolor 2.6.5 (x32 Version: 2.6.5)
FastStone Capture 6.7 (x32 Version: 6.7)
FastStone Image Viewer 4.6 (x32 Version: 4.6)
FileZilla Client 3.7.3 (x32 Version: 3.7.3)
Foxit PhantomPDF (x32 Version: 5.5.6.218)
Frontline Ethertest 12.2.22.2 (x32 Version: 12.2.22.2)
Frontline NetDecoder 12.2.24.3 (x32 Version: 12.2.24.3)
GoLogic (x32 Version: 5.41.0000)
GoLogic 3.0 USB driver installer (x32 Version: 3.0.0000)
GoLogic by NCI (x32 Version: 5.41.0000)
GoPro CineForm Studio 1.3.2 (x32 Version: 1.3.2)
GPU Boost Driver (x32 Version: 1.00.00)
GSmartControl (x32 Version: 0.8.7)
H3Viewer by http://www.Helpware.net (x32 Version: 1.20.0.115)
Hex Workshop v6.7 (Version: 6.7.3.5308)
HiJackThis (x32 Version: 1.0.0)
IAR Embedded Workbench for ARM - Library Source (x32 Version: 6.50.3)
IAR Embedded Workbench for ARM (x32 Version: 6.50.3)
IAR Embedded Workbench for ARM_2 (C:\Program Files (x86)\IAR Systems\Embedded Workbench 6.5_2) (x32 Version: 6.60.1)
Imagix 4D Release 7.4.7 (x32 Version: 7.4.7)
ImgBurn (x32 Version: 2.5.7.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014)
Intel® SMBus
Java 7 Update 15 (x32 Version: 7.0.150)
Java Auto Updater (x32 Version: 2.1.9.0)
J-Link ARM V4.74 (x32 Version: V4.74)
Keil µVision4 (x32)
Logitech SetPoint 6.32 (Version: 6.32.20)
Logitech Unifying Software 2.00 (Version: 2.00.43)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
marvell 61xx (x32 Version: 1.2.0.7100)
marvell 91xx driver (x32 Version: 1.2.0.1027)
MicrelSwitchPhyTools version 1.17 (x32 Version: 1.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (x32 Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft IntelliPoint 8.2 (Version: 8.20.468.0)
Microsoft LifeCam (Version: 3.22.270.0)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Home and Student 2010 - English (x32 Version: 14.0.6117.5005)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Visio 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Visio MUI (English) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (x32 Version: 4.0.50826.0)
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0)
Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (x64) (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (x32 Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9)
Microsoft SQL Server System CLR Types (x64) (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.3.5500.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (x32 Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x64) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visio Premium 2010 (x32 Version: 14.0.7015.1000)
Microsoft Visual C++ Compilers 2010 Standard - enu - x64 (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x64) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Professional - ENU (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (x32 Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31007)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.31010)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft Visual Studio Macro Tools (x32 Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
MicroXplorer (x32 Version: 3.2)
Moneysoft Money Manager (x32)
Moneysoft Money Manager 6 Business Edition (x32)
Mozilla Firefox 24.0 (x86 en-GB) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
Multi-Edit 2008 (v11.04.00) (x32 Version: 11.04.00)
NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0)
NetDecoder (x32 Version: 1.00.0000)
Notepad++ (x32)
Outpost Security Suite Pro 8.1 (Version: 8.1)
PC Probe II (x32 Version: 1.04.83)
PDF Settings CS5 (x32 Version: 10.0)
PowerGREP 4 DEMO 4.4.0 (Version: DEMO 4.4.0)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0005)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.5973)
Realterm 2.0.0.70 (x32 Version: 2.0.0.70)
Samsung Magician (x32 Version: 4.2.1)
Sentinel System Driver Installer 7.5.0 (x32 Version: 7.5.0)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0)
Skype Click to Call (x32 Version: 6.13.13771)
Skype™ 6.7 (x32 Version: 6.7.102)
Smart PDF Converter 6.3.0.487 (Version: 6.3.0.487)
Software Update Wizard (Redistributable) 4.5 (x32 Version: 4.5)
SplashID Standalone 5.3.2 (x32 Version: 5.3.2)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0)
TomTom HOME (x32 Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
tools-freebsd (x32 Version: 9.2.2.894247)
tools-linux (x32 Version: 9.2.2.894247)
tools-netware (x32 Version: 9.2.2.894247)
tools-solaris (x32 Version: 9.2.2.894247)
tools-windows (x32 Version: 9.2.2.894247)
tools-winPre2k (x32 Version: 9.2.2.894247)
Total Phase USB Driver v2.11 (x32)
TRACE32 (x32 Version: 2.0)
TurboV EVO (x32 Version: 1.02.31)
Tyre (Version: 6.3.1.3)
Tyre (x32 Version: 6.3.1.1)
Unison RTOS v5-2-1 for ST CortexM3 IAR (x32 Version: 5.2.1.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Visual Studio 2010 Prerequisites - English (Version: 10.0.40219)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
VLC media player 2.0.8 (x32 Version: 2.0.8)
VMware Workstation (Version: 9.0.1)
VMware Workstation (x32 Version: 9.0.1)
WCF RIA Services V1.0 SP1 (x32 Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (Version: 03/07/2012 )
Windows Driver Package - IAR Systems (IJET) IARUSB (05/23/2012 2.05) (Version: 05/23/2012 2.05)
Windows Driver Package - KEIL - Tools By ARM (WinUSB) USB (12/19/2009 1.0.0.2) (Version: 12/19/2009 1.0.0.2)
Windows Driver Package - Lauterbach (T32USB) Trace32 (06/24/2010 5.5.0.0) (Version: 06/24/2010 5.5.0.0)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980)
Wireshark 1.8.6 (64-bit) (x32 Version: 1.8.6)
wxDownload Fast 0.6.0 (x32)
xplorer² professional 64 bit (Version: 1.8.1.4)
xplorer² Ultimate 64 bit (Version: 2.4.0.0)

==================== Restore Points =========================

29-10-2013 00:54:07 ComboFix created restore point
30-10-2013 00:50:35 Installed GoLogic
30-10-2013 00:58:00 Installed GoLogicHelp
30-10-2013 01:14:26 Installed GoLogic 3.0 USB driver installer.
30-10-2013 01:14:58 Device Driver Package Install: NCI
30-10-2013 22:07:02 Removed GoLogicHelp
30-10-2013 22:07:26 Removed GoLogic
30-10-2013 22:12:01 Installed GoLogic
30-10-2013 22:24:56 Removed GoLogic
30-10-2013 22:45:02 Removed GoLogic 3.0 USB driver installer.
31-10-2013 00:05:41 Installed GoLogic 3.0 USB driver installer.
31-10-2013 00:08:16 Installed GoLogic
31-10-2013 01:02:36 Removed GoLogic
31-10-2013 01:03:16 Installed GoLogic
31-10-2013 17:05:09 Removed GoLogic
31-10-2013 17:06:36 Installed GoLogic
01-11-2013 00:37:34 Removed GoLogic
01-11-2013 00:40:56 Installed GoLogic

==================== Hosts content: ==========================

2009-07-14 02:34 - 2013-09-24 21:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0EE20110-CA00-40CF-91D1-32C0A4FFF875} - System32\Tasks\{8BC49BB6-48CE-404B-BB96-39D3A5233D2D} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {2332EE79-D26B-41BB-8A6B-06FC5CABBA04} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {3E718A1C-D368-4C02-BEA7-C2184F69D57E} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-08-01] (Microsoft Corporation)
Task: {4CBF09FA-26BF-4E06-A5D7-857849AE68C6} - System32\Tasks\{A3FD2F31-048D-442E-9E78-FF78BA822EF4} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {4E2773A8-023A-433E-96D8-EC6B93094A29} - System32\Tasks\{3845E961-8156-4177-97E8-6A8004350065} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {503FB5A4-954F-4868-9D77-6F5E9D0C30B8} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-12-01] (ASUSTeK Computer Inc.)
Task: {50D8FB8A-73DE-4627-A204-51F58B6A2F12} - System32\Tasks\{4537072B-68BF-459C-848F-C758ABBF6AA4} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {568979FD-4792-4779-91B4-C0CE985B3F7D} - System32\Tasks\AdobeAAMUpdater-1.0-ziggy-d-PC-ziggy-d => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {5E60A7F4-E25E-4D27-A0AB-81B8394862BE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {5F27C876-D803-4A8F-AE3B-879B4927D0CD} - System32\Tasks\{71F6F481-A43F-4807-9D3C-BA26390C3601} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {83E1F125-99EA-4E6C-88DD-EE04AA84D234} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {9DCFA62B-B1FB-4E5C-B7B5-35EEB592A306} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-08-20] (ASUSTeK Computer Inc.)
Task: {B1F2CEA5-4C0C-4129-8D8D-9A9F356499E9} - System32\Tasks\{8DC9363A-68CD-4B07-B2DF-F4B1933DFE70} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {BA74902B-4107-43B1-B6DE-7082292AE57F} - System32\Tasks\{123F60FB-53F0-4135-A583-5563052C0440} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {D323A9E8-9C55-499E-90FB-0DDD3E50634C} - System32\Tasks\{0AACFACA-826D-4984-B481-FEA094528E5B} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {D564187A-CE98-482B-A2F1-23461478B0E7} - System32\Tasks\{F31B8D68-10E0-454B-B943-51DED4DADF15} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {DF06F181-531F-4EB8-B6EA-D67D41BDDC23} - System32\Tasks\ASUS\TurboVHelp => C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHelp.exe [2010-07-07] (ASUSTeK Computer Inc.)
Task: {E126D4D1-D46E-40D6-9F52-D68348885A3F} - System32\Tasks\{502BE9DE-4B55-4F6E-A5F6-415070A2F1A2} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {E220976F-1EFA-4813-BFB7-AAA69F70AE17} - System32\Tasks\{41F8B9DF-4408-4DA9-8ABE-A50CCA9D773F} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: {E6E9A6D9-B235-4A3F-A161-17037449C7B8} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E7FFD63B-7674-4FEB-A098-1C03D70AC16F} - System32\Tasks\{A9449738-1028-43F6-9644-79DC471960C4} => C:\MONEY\winmoney.EXE [2005-12-19] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-10-01 10:00 - 2013-10-01 10:00 - 02811008 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2010-01-02 14:42 - 2010-01-02 14:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-09-02 11:37 - 2012-05-03 11:37 - 00351440 _____ () C:\Program Files\Smart PDF Converter\ExplorerExt_x64.dll
2011-10-07 09:39 - 2011-10-07 09:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-11-01 02:34 - 2012-11-01 02:34 - 01260184 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2012-03-20 22:43 - 2010-06-01 10:38 - 00253952 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\pngio.dll
2009-06-27 10:11 - 2009-06-27 10:11 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
2012-03-20 22:44 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL
2012-03-20 22:44 - 2009-08-27 19:41 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll
2012-03-20 22:44 - 2009-08-27 19:41 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll
2012-03-20 22:43 - 2010-02-08 17:19 - 00053248 _____ () C:\Program Files (x86)\ASUS\TurboV EVO\HookKey32.dll
2013-10-24 16:06 - 2013-10-24 16:06 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2013-10-24 16:06 - 2013-10-24 16:06 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2013-10-10 11:02 - 2013-10-10 11:02 - 00013120 _____ () C:\Program Files (x86)\Common Files\Acronis\TibMounter\icudt38.dll
2013-08-28 01:30 - 2013-05-16 13:42 - 00013824 _____ () C:\Program Files (x86)\Samsung\Samsung Magician\SAMSUNG_SSD.dll
2013-08-15 02:29 - 2013-08-15 02:29 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfc3c75fd7a61d270cf33c2978b59cb6\IsdiInterop.ni.dll
2012-03-20 22:30 - 2010-03-03 20:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-10-24 16:09 - 2013-10-24 16:09 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-01 10:00 - 2013-10-01 10:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: IOCBIOS
Description: IOCBIOS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: IOCBIOS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2013 00:35:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogitechUpdate.exe, version: 2.17.17.0, time stamp: 0x4cc0a7bc
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x176c
Faulting application start time: 0xLogitechUpdate.exe0
Faulting application path: LogitechUpdate.exe1
Faulting module path: LogitechUpdate.exe2
Report Id: LogitechUpdate.exe3

Error: (10/31/2013 03:52:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: GoLogic2.exe, version: 1.0.0.1, time stamp: 0x525c1bcb
Faulting module name: SerialDisplay.dll, version: 0.0.0.0, time stamp: 0x525c1bc2
Exception code: 0xc0000005
Fault offset: 0x0001299f
Faulting process id: 0x2054
Faulting application start time: 0xGoLogic2.exe0
Faulting application path: GoLogic2.exe1
Faulting module path: GoLogic2.exe2
Report Id: GoLogic2.exe3

Error: (10/30/2013 11:52:47 PM) (Source: Application Error) (User: )
Description: Faulting application name: LogitechUpdate.exe, version: 2.17.17.0, time stamp: 0x4cc0a7bc
Faulting module name: USER32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7ba59
Exception code: 0xc00000fd
Fault offset: 0x00016e6f
Faulting process id: 0x1994
Faulting application start time: 0xLogitechUpdate.exe0
Faulting application path: LogitechUpdate.exe1
Faulting module path: LogitechUpdate.exe2
Report Id: LogitechUpdate.exe3

Error: (10/30/2013 10:06:16 PM) (Source: Application Hang) (User: )
Description: The program GoLogic2.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 4ec

Start Time: 01ced5bbdd7d76ff

Termination Time: 30

Application Path: C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exe

Report Id: 7dcb50be-41af-11e3-be0b-005056c00008

Error: (10/30/2013 10:00:28 PM) (Source: Application Hang) (User: )
Description: The program GoLogic2.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ec0

Start Time: 01ced5ba580f31cc

Termination Time: 31

Application Path: C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exe

Report Id: ae0f3dc0-41ae-11e3-be0b-005056c00008

Error: (10/30/2013 09:41:42 PM) (Source: Application Hang) (User: )
Description: The program GoLogic2.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2838

Start Time: 01ced5b892dfccdf

Termination Time: 26

Application Path: C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exe

Report Id: 0ec8b633-41ac-11e3-be0b-005056c00008

Error: (10/30/2013 09:39:49 PM) (Source: Application Hang) (User: )
Description: The program GoLogic2.exe version 1.0.0.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 205c

Start Time: 01ced5b1d71bb5ce

Termination Time: 27

Application Path: C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exe

Report Id: cb20b0b7-41ab-11e3-be0b-005056c00008

Error: (10/26/2013 10:20:39 PM) (Source: CVHSVC) (User: )
Description: Information only.
(Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (10/25/2013 11:32:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: IarIdePm.exe, version: 6.6.0.2752, time stamp: 0x51c85f59
Faulting module name: JLinkARM.dll, version: 4.74.0.0, time stamp: 0x51e66815
Exception code: 0xc0000005
Fault offset: 0x03fea8ab
Faulting process id: 0xfc8
Faulting application start time: 0xIarIdePm.exe0
Faulting application path: IarIdePm.exe1
Faulting module path: IarIdePm.exe2
Report Id: IarIdePm.exe3

Error: (10/24/2013 09:20:49 PM) (Source: Application Error) (User: )
Description: Faulting application name: firefox.exe, version: 24.0.0.5001, time stamp: 0x522fd29f
Faulting module name: xul.dll, version: 24.0.0.5001, time stamp: 0x522fd1a4
Exception code: 0xc0000005
Fault offset: 0x001b72a8
Faulting process id: 0x2f4c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3


System errors:
=============
Error: (11/01/2013 03:03:37 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (11/01/2013 00:04:55 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 11:17:03 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 11:16:58 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 11:16:53 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 11:16:48 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 11:16:43 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 05:06:59 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 05:06:54 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (10/31/2013 05:06:49 PM) (Source: ACPI) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.


Microsoft Office Sessions:
=========================
Error: (10/31/2013 00:35:55 PM) (Source: Application Error)(User: )
Description: LogitechUpdate.exe2.17.17.04cc0a7bcole32.dll6.1.7601.175144ce7b96fc000000500039342176c01ced5cbf0a7ea6dC:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exeC:\Windows\syswow64\ole32.dllfbcb96e4-4228-11e3-8607-c6d4c4d0af65

Error: (10/31/2013 03:52:08 AM) (Source: Application Error)(User: )
Description: GoLogic2.exe1.0.0.1525c1bcbSerialDisplay.dll0.0.0.0525c1bc2c00000050001299f205401ced5d504a9778fC:\Program Files (x86)\NCI\GoLogic\GoLogic2.exeC:\Program Files (x86)\NCI\GoLogic\PlugIns\SerialDisplay.dllcff7d366-41df-11e3-8607-005056c00008

Error: (10/30/2013 11:52:47 PM) (Source: Application Error)(User: )
Description: LogitechUpdate.exe2.17.17.04cc0a7bcUSER32.dll6.1.7601.175144ce7ba59c00000fd00016e6f199401ced4c4fa90e3d6C:\Program Files\Common Files\LogiShrd\sp6\LU\LogitechUpdate.exeC:\Windows\syswow64\USER32.dll6002e79e-41be-11e3-be0b-005056c00008

Error: (10/30/2013 10:06:16 PM) (Source: Application Hang)(User: )
Description: GoLogic2.exe1.0.0.14ec01ced5bbdd7d76ff30C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exe7dcb50be-41af-11e3-be0b-005056c00008

Error: (10/30/2013 10:00:28 PM) (Source: Application Hang)(User: )
Description: GoLogic2.exe1.0.0.1ec001ced5ba580f31cc31C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exeae0f3dc0-41ae-11e3-be0b-005056c00008

Error: (10/30/2013 09:41:42 PM) (Source: Application Hang)(User: )
Description: GoLogic2.exe1.0.0.1283801ced5b892dfccdf26C:\Program Files (x86)\NCI\GoLogic\GoLogic2.exe0ec8b633-41ac-11e3-be0b-005056c00008

Error: (10/30/2013 09:39:49 PM) (Source: Application Hang)(User: )
Description: GoLogic2.exe1.0.0.1205c01ced5b1d71bb5ce27C:\Program Files (x86)\NCI\GoLogic\GoLogic2.execb20b0b7-41ab-11e3-be0b-005056c00008

Error: (10/26/2013 10:20:39 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0409-0000-0000000FF1CE}): DownloadLatest Failed:

Error: (10/25/2013 11:32:35 PM) (Source: Application Error)(User: )
Description: IarIdePm.exe6.6.0.275251c85f59JLinkARM.dll4.74.0.051e66815c000000503fea8abfc801ced10ef440151cC:\Program Files (x86)\IAR Systems\Embedded Workbench 6.5_2\common\bin\IarIdePm.exeC:\Program Files (x86)\IAR Systems\Embedded Workbench 6.5_2\arm\bin\JLinkARM.dllb9bceba5-3dcd-11e3-b61a-005056c00008

Error: (10/24/2013 09:20:49 PM) (Source: Application Error)(User: )
Description: firefox.exe24.0.0.5001522fd29fxul.dll24.0.0.5001522fd1a4c0000005001b72a82f4c01ced0fe98004fceC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll26dbabf3-3cf2-11e3-aa5a-005056c00008


CodeIntegrity Errors:
===================================
Date: 2013-09-24 22:52:47.027
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix_v13_9_24_2\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-24 22:52:46.933
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix_v13_9_24_2\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-21 11:10:25.348
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix_v13_9_13\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-21 11:10:25.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix_v13_9_13\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 16350.04 MB
Available physical RAM: 11822.86 MB
Total Pagefile: 16548.22 MB
Available Pagefile: 11504.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:108.11 GB) NTFS
Drive f: (Technical) (Fixed) (Total:931.51 GB) (Free:825.78 GB) NTFS
Drive n: () (Fixed) (Total:1024 GB) (Free:569.17 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F0226E1E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 238 GB) (Disk ID: 7F928FAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 2795 GB) (Disk ID: 459F2A93)
Partition 2: (Not Active) - (Size=1024 GB) - (Type=OF Extended)

==================== End Of Log ============================

Attached Files


Edited by Oh My, 02 November 2013 - 10:11 AM.
Logs Posted


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 02 November 2013 - 06:42 PM

Sorry for the delay.  I am in the process of checking with my colleagues regarding one of the entries in the FRST log.  Hopefully I will post soon.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 02 November 2013 - 08:07 PM

Gary,

 

Thanks for taking the time. Prior to running ComboFix late yesterday my PC was becoming reluctant to run programs - when it came out of sleep mode and after refreshing the screen. I had full control of the mouse but when an app was selected the chosen program would not launch, instead everything stacked up for a few minutes leaving me worried I was facing a total lockout then suddenly the apps loaded and burst in to life, there after things behaved themselves. After that I decided to hit the system with the latest release of ComboFix and now things have gone back to some normality.

 

Regards,



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 02 November 2013 - 08:40 PM

Greetings,

It is my pleasure to assist you in trying to address your current issues. A couple of things please. First, now that we are working together on this please limit any steps to those I post on the site. Secondly, please copy and paste log information on the post rather than attach the files unless an attachment is requested. It makes it easier to address and review our steps if all the information is immediately accessible.

OK, now I would like you to do these things for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
U3 VBCoreNT.0; \SystemRoot\System32\Filt\tmp\2uidoswm.vbt [x]
\SystemRoot\System32\Filt\tmp\2uidoswm.vbt
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Windows\system32\config /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

StreamArmor

--------------------
  • Download StreamArmour and save it to your desktop
  • Unzip it to your desktop
  • Double click on the StreamArmour folder twice
  • Double click Setup_StreamArmour and follow the steps to install the program
  • Click Start Scan
  • When finished click Export then save the file to the desktop
  • Attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • SystemLook log
  • Attached StreamArmor file
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 03 November 2013 - 07:40 PM

Hi,

 

My computer is behaving about the same as it has been for the last few weeks; intermittent behaviour going in to and coming out of sleep, degrades more by the day. However today something happened which I've not witnessed before - a sudden loss of USB port activity. One moment my in-circuit emulator was happily doing its stuff, the next the debugger complained it has lost comms with the emulator. I did a quick check and both the forward and rear USB port groups were out but not all since my mouse and keyboard continued to function and these rely on a BlueTooth mini-dongle attached to the end of a USB cable to obtain the necessary control of the PC. 

 

I tried attaching the StreamArmor file but had a hiccup - I'd forgotten how to do that in this post - Oops! 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by ziggy-d at 2013-11-03 23:41:22 Run:1
Running from C:\Users\ziggy-d\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File
U3 VBCoreNT.0; \SystemRoot\System32\Filt\tmp\2uidoswm.vbt [x]
\SystemRoot\System32\Filt\tmp\2uidoswm.vbt
*****************

HKCR\PROTOCOLS\Handler\belarc => Key deleted successfully.
HKCR\CLSID\{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} => Key not found.
VBCoreNT.0 => Service not found.

==== End of Fixlog ====

 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:44 on 03/11/2013 by ziggy-d
Administrator - Elevation successful

========== dir ==========

C:\Windows\system32\config - Parameters: "/s"

---Files---
afw_db.conf    --a---- 407732 bytes    [08:45 25/08/2013]    [22:57 03/11/2013]
afw_hm.conf    --a---- 840 bytes    [08:45 25/08/2013]    [22:57 03/11/2013]
BCD-Template    --a---- 28672 bytes    [05:32 14/07/2009]    [05:48 20/03/2012]
BCD-Template.LOG    --ahs-- 25600 bytes    [05:38 14/07/2009]    [05:48 20/03/2012]
COMPONENTS    --a---- 46399488 bytes    [02:34 14/07/2009]    [22:58 03/11/2013]
COMPONENTS.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:52 14/07/2009]
COMPONENTS.LOG1    --ah--- 262144 bytes    [02:34 14/07/2009]    [22:55 03/11/2013]
COMPONENTS.LOG2    --ah--- 0 bytes    [02:34 14/07/2009]    [02:34 14/07/2009]
COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf    --ahs-- 65536 bytes    [04:54 14/07/2009]    [02:07 20/03/2012]
COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [04:54 14/07/2009]    [02:04 20/03/2012]
COMPONENTS{016888b9-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [04:54 14/07/2009]    [02:07 20/03/2012]
COMPONENTS{4c4283a2-8c13-11e1-8a15-20cf305ac2b0}.TM.blf    --ahs-- 65536 bytes    [00:44 22/04/2012]    [02:54 29/04/2012]
COMPONENTS{4c4283a2-8c13-11e1-8a15-20cf305ac2b0}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [00:44 22/04/2012]    [02:54 29/04/2012]
COMPONENTS{4c4283a2-8c13-11e1-8a15-20cf305ac2b0}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [00:44 22/04/2012]    [00:55 22/04/2012]
COMPONENTS{acd70b8e-72db-11e1-ad82-20cf305ac2b0}.TM.blf    --ahs-- 65536 bytes    [22:29 20/03/2012]    [22:59 18/04/2012]
COMPONENTS{acd70b8e-72db-11e1-ad82-20cf305ac2b0}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [22:29 20/03/2012]    [22:59 18/04/2012]
COMPONENTS{acd70b8e-72db-11e1-ad82-20cf305ac2b0}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [22:29 20/03/2012]    [22:50 20/03/2012]
COMPONENTS{beb5453f-a552-11e2-a944-000ec68708d5}.TM.blf    --ahs-- 65536 bytes    [22:43 14/04/2013]    [00:26 25/08/2013]
COMPONENTS{beb5453f-a552-11e2-a944-000ec68708d5}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [22:43 14/04/2013]    [10:13 04/07/2013]
COMPONENTS{beb5453f-a552-11e2-a944-000ec68708d5}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [22:43 14/04/2013]    [00:26 25/08/2013]
COMPONENTS{dc28d92f-9318-11e1-8584-20cf305ac2b0}.TM.blf    --ahs-- 65536 bytes    [23:07 30/04/2012]    [19:29 14/04/2013]
COMPONENTS{dc28d92f-9318-11e1-8584-20cf305ac2b0}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [23:07 30/04/2012]    [19:29 14/04/2013]
COMPONENTS{dc28d92f-9318-11e1-8584-20cf305ac2b0}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [23:07 30/04/2012]    [18:19 22/03/2013]
COMPONENTS{fe2f8aeb-0dde-11e3-a96e-005056c00008}.TM.blf    --ahs-- 65536 bytes    [23:38 25/08/2013]    [09:43 03/11/2013]
COMPONENTS{fe2f8aeb-0dde-11e3-a96e-005056c00008}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [23:38 25/08/2013]    [13:08 11/10/2013]
COMPONENTS{fe2f8aeb-0dde-11e3-a96e-005056c00008}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [23:38 25/08/2013]    [09:43 03/11/2013]
DEFAULT    --a---- 4456448 bytes    [02:34 14/07/2009]    [23:37 03/11/2013]
DEFAULT.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:52 14/07/2009]
DEFAULT.LOG1    --ah--- 262144 bytes    [02:34 14/07/2009]    [23:37 03/11/2013]
DEFAULT.LOG2    --ah--- 0 bytes    [02:34 14/07/2009]    [02:34 14/07/2009]
rules.rdb    --a---- 117738 bytes    [08:32 25/08/2013]    [23:44 03/11/2013]
SAM    --a---- 262144 bytes    [02:34 14/07/2009]    [23:33 03/11/2013]
SAM.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:52 14/07/2009]
SAM.LOG1    --ah--- 25600 bytes    [02:34 14/07/2009]    [23:33 03/11/2013]
SAM.LOG2    --ah--- 0 bytes    [02:34 14/07/2009]    [02:34 14/07/2009]
SECURITY    --a---- 262144 bytes    [02:34 14/07/2009]    [23:10 03/11/2013]
SECURITY.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:52 14/07/2009]
SECURITY.LOG1    --ah--- 21504 bytes    [02:34 14/07/2009]    [23:10 03/11/2013]
SECURITY.LOG2    --ah--- 0 bytes    [02:34 14/07/2009]    [02:34 14/07/2009]
SOFTWARE    --a---- 94633984 bytes    [02:34 14/07/2009]    [23:44 03/11/2013]
SOFTWARE.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:52 14/07/2009]
SOFTWARE.LOG1    --ah--- 262144 bytes    [02:34 14/07/2009]    [23:44 03/11/2013]
SOFTWARE.LOG2    --ah--- 0 bytes    [02:34 14/07/2009]    [02:34 14/07/2009]
sscan.0    --a---- 98822144 bytes    [00:48 29/04/2012]    [00:59 29/10/2013]
sscan.xas    --a---- 23768064 bytes    [00:48 29/04/2012]    [15:01 02/11/2013]
SYSTEM    --a---- 29622272 bytes    [02:34 14/07/2009]    [23:43 03/11/2013]
SYSTEM.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:51 14/07/2009]
SYSTEM.LOG1    --ah--- 262144 bytes    [02:34 14/07/2009]    [23:43 03/11/2013]
SYSTEM.LOG2    --ah--- 0 bytes    [02:34 14/07/2009]    [02:34 14/07/2009]

C:\Windows\system32\config\Journal    d------    [03:20 14/07/2009]

C:\Windows\system32\config\RegBack    d------    [03:20 14/07/2009]
DEFAULT    --a---- 4321280 bytes    [21:49 19/03/2012]    [13:23 31/10/2013]
DEFAULT.LOG1    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
DEFAULT.LOG2    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SAM    --a---- 36864 bytes    [21:49 19/03/2012]    [13:23 31/10/2013]
SAM.LOG1    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SAM.LOG2    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SECURITY    --a---- 24576 bytes    [21:49 19/03/2012]    [13:23 31/10/2013]
SECURITY.LOG1    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SECURITY.LOG2    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SOFTWARE    --a---- 94105600 bytes    [21:49 19/03/2012]    [13:23 31/10/2013]
SOFTWARE.LOG1    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SOFTWARE.LOG2    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SYSTEM    --a---- 29491200 bytes    [21:49 19/03/2012]    [13:23 31/10/2013]
SYSTEM.LOG1    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]
SYSTEM.LOG2    --ahs-- 0 bytes    [21:09 23/04/2012]    [21:09 23/04/2012]

C:\Windows\system32\config\systemprofile    d------    [03:20 14/07/2009]
ntuser.dat    --a---- 262144 bytes    [05:38 14/07/2009]    [21:49 19/03/2012]
ntuser.dat.LOG    --ah--- 1024 bytes    [07:12 14/07/2009]    [07:12 14/07/2009]
ntuser.dat.LOG1    --ahs-- 9216 bytes    [05:38 14/07/2009]    [21:49 19/03/2012]
ntuser.dat.LOG2    --ahs-- 0 bytes    [05:38 14/07/2009]    [05:38 14/07/2009]
ntuser.dat{67157cb7-720d-11e1-902b-806e6f6e6963}.TM.blf    --ahs-- 65536 bytes    [21:49 19/03/2012]    [21:49 19/03/2012]
ntuser.dat{67157cb7-720d-11e1-902b-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [21:49 19/03/2012]    [21:49 19/03/2012]
ntuser.dat{67157cb7-720d-11e1-902b-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [21:49 19/03/2012]    [21:49 19/03/2012]

C:\Windows\system32\config\systemprofile\AppData    d---s--    [03:20 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Local    d------    [03:20 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014    d------    [22:38 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\fet    d------    [22:38 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\log    d------    [22:38 26/10/2013]
avgcfg.log    --a---- 22554 bytes    [22:38 26/10/2013]    [15:16 02/11/2013]
avgcfg.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgchjw.log    --a---- 69294 bytes    [15:59 27/10/2013]    [22:58 03/11/2013]
avgchjw.log.1    --a--c- 131105 bytes    [22:38 26/10/2013]    [20:24 03/11/2013]
avgchjw.log.2    --a--c- 131104 bytes    [22:38 26/10/2013]    [20:24 03/11/2013]
avgchjw.log.3    --a--c- 131104 bytes    [22:38 26/10/2013]    [20:24 03/11/2013]
avgchjw.log.4    --a--c- 131105 bytes    [22:38 26/10/2013]    [20:24 03/11/2013]
avgchjw.log.5    --a--c- 131104 bytes    [22:38 26/10/2013]    [20:24 03/11/2013]
avgchjw.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgcore.log    --a---- 0 bytes    [02:34 02/11/2013]    [23:33 03/11/2013]
avgcore.log.1    --a--c- 131234 bytes    [22:38 26/10/2013]    [23:33 03/11/2013]
avgcore.log.2    --a--c- 131234 bytes    [22:38 26/10/2013]    [23:33 03/11/2013]
avgcore.log.3    --a--c- 131234 bytes    [22:38 26/10/2013]    [23:07 03/11/2013]
avgcore.log.4    --a--c- 131143 bytes    [22:38 26/10/2013]    [23:01 03/11/2013]
avgcore.log.5    --a--c- 131234 bytes    [22:38 26/10/2013]    [22:05 03/11/2013]
avgcore.log.6    --a--c- 131234 bytes    [22:38 26/10/2013]    [22:03 03/11/2013]
avgcore.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgdiskdrv.log    --a---- 2203 bytes    [22:38 26/10/2013]    [15:18 02/11/2013]
avgdiskdrv.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgemc.log    --a---- 27191 bytes    [22:38 26/10/2013]    [16:25 03/11/2013]
avgemc.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgexc.log    --a---- 644 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgexc.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgidpagent.log    --a---- 37900 bytes    [22:49 03/11/2013]    [22:55 03/11/2013]
avgidpagent.log.1    --a--c- 66358 bytes    [11:44 27/10/2013]    [11:18 03/11/2013]
avgidpdrv.log    --a---- 20022 bytes    [15:17 27/10/2013]    [22:55 03/11/2013]
avgidpdrv.log.1    --a---- 131126 bytes    [22:38 26/10/2013]    [22:49 03/11/2013]
avgidpdrv.log.2    --a---- 131460 bytes    [22:38 26/10/2013]    [20:49 03/11/2013]
avgidpdrv.log.3    --a---- 131150 bytes    [22:38 26/10/2013]    [18:35 03/11/2013]
avgidpdrv.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgidpeh.log    --a---- 0 bytes    [22:38 26/10/2013]    [23:00 03/11/2013]
avgidpeh.log.1    --a---- 131279 bytes    [22:38 26/10/2013]    [23:00 03/11/2013]
avgidpeh.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgldr.log    --a---- 25829 bytes    [22:38 26/10/2013]    [20:24 03/11/2013]
avgldr.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgmf.log    --a---- 0 bytes    [22:38 26/10/2013]    [23:05 03/11/2013]
avgmf.log.1    --a---- 131117 bytes    [22:38 26/10/2013]    [23:05 03/11/2013]
avgmf.log.2    --a---- 131156 bytes    [22:38 26/10/2013]    [10:14 03/11/2013]
avgmf.log.3    --a---- 131240 bytes    [22:38 26/10/2013]    [05:07 02/11/2013]
avgmf.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgns.log    --a---- 62031 bytes    [10:49 01/11/2013]    [22:51 03/11/2013]
avgns.log.1    --a--c- 131285 bytes    [22:38 26/10/2013]    [01:46 02/11/2013]
avgns.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgrs.log    --a---- 1268 bytes    [22:38 26/10/2013]    [23:00 03/11/2013]
avgrs.log.1    --a--c- 132147 bytes    [22:38 26/10/2013]    [23:00 03/11/2013]
avgrs.log.2    --a--c- 131326 bytes    [22:38 26/10/2013]    [05:06 02/11/2013]
avgrs.log.3    --a--c- 131342 bytes    [22:38 26/10/2013]    [00:53 29/10/2013]
avgrs.log.4    --a--c- 131188 bytes    [22:38 26/10/2013]    [22:39 26/10/2013]
avgrs.log.5    --a--c- 131418 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgrs.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
avgss.log    --a---- 42018 bytes    [00:21 27/10/2013]    [16:48 03/11/2013]
avgss.log.lock    --a---- 0 bytes    [00:21 27/10/2013]    [00:21 27/10/2013]
avgtdi.log    --a---- 43688 bytes    [22:38 26/10/2013]    [22:03 03/11/2013]
avgtdi.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]
lng.log    --a---- 10960 bytes    [22:38 26/10/2013]    [15:05 02/11/2013]
lng.log.lock    --a---- 0 bytes    [22:38 26/10/2013]    [22:38 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp    d------    [22:38 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\update    d------    [22:39 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\update\backup    d------    [22:39 26/10/2013]
incavi.avm    --a---- 131826824 bytes    [22:39 26/10/2013]    [23:39 02/11/2013]
sb.dat    --a---- 90176 bytes    [22:39 26/10/2013]    [20:25 01/11/2013]
sc.dat    --a---- 104904 bytes    [22:39 26/10/2013]    [14:14 02/11/2013]
sc.dat.xcd    --a---- 103880 bytes    [22:39 26/10/2013]    [18:59 07/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\update\download    d------    [22:39 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\update\prepare    d------    [22:39 26/10/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft    d------    [04:49 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Portable Devices    d------    [21:50 19/03/2012]
wpdlog00.sqm    --a---- 284 bytes    [21:50 19/03/2012]    [12:12 15/07/2013]
wpdlog01.sqm    --a---- 284 bytes    [21:50 19/03/2012]    [13:03 20/07/2013]
wpdlog02.sqm    --a---- 284 bytes    [21:50 19/03/2012]    [22:31 26/09/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows    d------    [04:49 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Caches    d------    [04:49 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History    d--hs--    [04:54 14/07/2009]
desktop.ini    --ahs-- 145 bytes    [04:54 14/07/2009]    [04:54 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5    d--hs--    [04:54 14/07/2009]
desktop.ini    --ahs-- 145 bytes    [04:54 14/07/2009]    [04:54 14/07/2009]
index.dat    --ahs-- 16384 bytes    [04:54 14/07/2009]    [01:39 08/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files    d--hs--    [04:54 14/07/2009]
counters.dat    --a---- 128 bytes    [16:19 08/05/2013]    [16:19 08/05/2013]
desktop.ini    ---hs-- 67 bytes    [21:54 19/03/2012]    [21:54 19/03/2012]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5    d--hs--    [21:54 19/03/2012]
desktop.ini    ---hs-- 67 bytes    [21:54 19/03/2012]    [21:54 19/03/2012]
index.dat    --ahs-- 32768 bytes    [21:54 19/03/2012]    [01:39 08/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FN2NJNYE    d--hs--    [21:54 19/03/2012]
desktop.ini    ---hs-- 67 bytes    [21:54 19/03/2012]    [21:54 19/03/2012]
SetupPolicy[1].cab    --a---- 27377 bytes    [01:39 08/05/2013]    [01:39 08/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HDECP3ZD    d--hs--    [21:54 19/03/2012]
desktop.ini    ---hs-- 67 bytes    [21:54 19/03/2012]    [21:54 19/03/2012]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OH992NF9    d--hs--    [21:54 19/03/2012]
desktop.ini    ---hs-- 67 bytes    [21:54 19/03/2012]    [21:54 19/03/2012]
fwlink[1].htm    --a---- 214 bytes    [01:39 08/05/2013]    [01:39 08/05/2013]
IE10-Windows6.1-KB2718695-x64[1].cab    --a---- 42209162 bytes    [01:39 08/05/2013]    [01:40 08/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RC0BV640    d--hs--    [21:54 19/03/2012]
desktop.ini    ---hs-- 67 bytes    [21:54 19/03/2012]    [21:54 19/03/2012]
fwlink[1].htm    --a---- 232 bytes    [01:39 08/05/2013]    [01:39 08/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Local\SoftGrid Client    d------    [20:46 23/04/2012]

C:\Windows\system32\config\systemprofile\AppData\Local\SoftGrid Client\140061.ENU-90140011-61-409    d------    [20:46 23/04/2012]
UsrVol_sftfs_v1.tmp    --a---- 57344 bytes    [20:46 23/04/2012]    [08:58 22/05/2013]

C:\Windows\system32\config\systemprofile\AppData\LocalLow    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft    d---s--    [04:55 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache    d---s--    [04:55 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content    d---s--    [04:57 14/07/2009]
0797C381B2F87EB5A1D5573BD15BA4F4    --a-s-- 37213 bytes    [00:11 13/12/2012]    [14:14 02/11/2013]
1F39B5CFACECFDE48DB25BCA2231FAC6_659E8B339CB5D4A3440EE573BB1175E7    --a-s-- 1473 bytes    [23:45 27/06/2013]    [16:46 27/10/2013]
1F39B5CFACECFDE48DB25BCA2231FAC6_DE53AAF790C37319AFDBDE06538F2A72    --a-s-- 1473 bytes    [17:16 14/06/2013]    [01:04 03/11/2013]
207B9FD92391B9B2A60A89B4C965D5DF    --a-s-- 618 bytes    [02:46 29/04/2012]    [08:08 17/09/2013]
23B523C9E7746F715D33C6527C18EB9D    --a-s-- 1714 bytes    [00:00 29/08/2013]    [01:00 03/11/2013]
2D496E51FC2430309B734C35E62F4CEE    --a-s-- 1122 bytes    [00:18 29/09/2012]    [00:18 29/09/2012]
3B6E683A7A45CC59BF035C9BA8C7AB9D    --a-s-- 494 bytes    [15:02 05/10/2013]    [22:26 21/10/2013]
3C3948BE6E525B8A8CEE9FAC91C9E392_160E0412218347BAE993A626CE33F635    --a-s-- 1953 bytes    [00:57 28/08/2013]    [14:14 02/11/2013]
3C3948BE6E525B8A8CEE9FAC91C9E392_752708131C25F4BEFB4DBDF7A5C73862    --a-s-- 1977 bytes    [11:32 13/12/2012]    [09:06 25/08/2013]
3C3948BE6E525B8A8CEE9FAC91C9E392_AD2905D734307F784BBEC99C49201928    --a-s-- 1953 bytes    [19:03 21/10/2013]    [14:14 02/11/2013]
3C83474D61E624A4F9844DF935AFE217    --a-s-- 569 bytes    [11:09 28/01/2013]    [11:09 28/01/2013]
4DD39726D4B55AC3B4119B35A893323C_109D983612043F6131CC62F7E16F02E2    --a-s-- 1975 bytes    [09:11 25/08/2013]    [01:13 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_2315754A54B6F5841B2DB2F7D0583486    --a-s-- 1975 bytes    [00:02 23/10/2013]    [01:13 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_23FF3A4B9D1FD5682AD143ACCA355742    --a-s-- 1975 bytes    [15:04 12/09/2013]    [01:12 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_323E09F43340EE683D03085AB63D50A7    --a-s-- 1975 bytes    [00:00 23/10/2013]    [01:11 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_326CA95402CB60B6A60C4129D07E3080    --a-s-- 1975 bytes    [00:02 23/10/2013]    [01:13 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_362E86912B806EFE482057E289F91399    --a-s-- 1975 bytes    [01:04 30/10/2013]    [01:04 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_43C7947F7945DCEA82CAC9AA3EE26537    --a-s-- 1975 bytes    [00:04 23/10/2013]    [14:14 02/11/2013]
4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9    --a-s-- 1975 bytes    [14:37 27/08/2013]    [01:03 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_519751C668626633CE3FCE5B411E0890    --a-s-- 1975 bytes    [21:38 24/05/2013]    [01:12 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_9AA8F42C926870973C475A313BA4165B    --a-s-- 1975 bytes    [01:02 30/10/2013]    [01:02 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_A1421B2F62B3BEF032D9F93F6B30B41D    --a-s-- 1975 bytes    [21:47 25/10/2013]    [21:47 25/10/2013]
4DD39726D4B55AC3B4119B35A893323C_B04136819FEA175B21BABDC9316AF160    --a-s-- 1975 bytes    [00:02 23/10/2013]    [01:13 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A    --a-s-- 1975 bytes    [00:03 23/10/2013]    [01:15 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_DF7139DD72A4FD7006E7247A8DBEB19A    --a-s-- 1975 bytes    [00:57 28/08/2013]    [01:13 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_E4DE1C9135DBF3C738A798B7F75D6BFE    --a-s-- 1975 bytes    [00:05 23/10/2013]    [00:05 23/10/2013]
4DD39726D4B55AC3B4119B35A893323C_EF8CA2E234A0E8C81A5EEC3A76DE5266    --a-s-- 1975 bytes    [00:03 23/10/2013]    [01:15 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_FADA27F19166BDF2E97AA7EF8CB63683    --a-s-- 1975 bytes    [01:02 30/10/2013]    [01:02 30/10/2013]
4F4970A584703DA27ECC71A04C0A8133    --a-s-- 778 bytes    [00:20 29/09/2012]    [00:20 29/09/2012]
5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0    --a-s-- 471 bytes    [16:54 27/10/2013]    [14:21 02/11/2013]
570FB14ABC805C46708F32F92F10C3B4    --a-s-- 573 bytes    [00:22 01/05/2012]    [00:22 01/05/2012]
57C8EDB95DF3F0AD4EE2DC2B8CFD4157    --a-s-- 6342 bytes    [21:21 14/06/2012]    [20:59 30/10/2013]
5C8DDA36D60247082B142836039F4636    --a-s-- 16373 bytes    [00:54 29/04/2012]    [16:38 29/10/2013]
60E31627FDA0A46932B0E5948949F2A5    --a-s-- 898 bytes    [02:46 29/04/2012]    [00:00 01/10/2013]
62B5AF9BE9ADC1085C3C56EC07A82BF6    --a-s-- 112000 bytes    [01:00 27/03/2013]    [00:02 29/10/2013]
64D93295DA4D0800723C885BB4F0F064    --a-s-- 5803 bytes    [15:02 05/10/2013]    [22:26 21/10/2013]
696F3DE637E6DE85B458996D49D759AD    --a-s-- 813 bytes    [00:52 29/04/2012]    [10:13 09/10/2013]
6B7AED56F69397028F35E77E6DD681FC    --a-s-- 512 bytes    [00:00 06/07/2013]    [00:43 01/11/2013]
6D262CA680BA072DEB1E06AAC0635661    --a-s-- 747 bytes    [00:02 28/05/2013]    [00:01 20/09/2013]
7396C420A8E1BC1DA97F1AF0D10BAD21    --a-s-- 554 bytes    [01:01 29/04/2012]    [16:38 29/10/2013]
74BFD122C0875EC75DBE5C6DB4C59019    --a-s-- 26136 bytes    [19:15 15/08/2013]    [14:15 02/11/2013]
77EC63BDA74BD0D0E0426DC8F8008506    --a-s-- 54009 bytes    [21:21 14/06/2012]    [13:56 22/10/2013]
7B2238AACCEDC3F1FFE8E7EB5F575EC9    --a-s-- 506 bytes    [04:57 14/07/2009]    [20:03 01/08/2012]
7B8944BA8AD0EFDF0E01A43EF62BECD0_4069BD6CA0A97DCB6D4110B1A16AB213    --a-s-- 1871 bytes    [18:54 13/10/2012]    [21:32 12/08/2013]
7B8944BA8AD0EFDF0E01A43EF62BECD0_90B245F3393B277BCC265AEEA916F6BE    --a-s-- 1847 bytes    [22:26 14/10/2013]    [22:26 14/10/2013]
7B8944BA8AD0EFDF0E01A43EF62BECD0_E96F61DDAC6BCE50303E5DCD8AF072CA    --a-s-- 1847 bytes    [00:00 12/09/2013]    [00:01 12/10/2013]
8A9510437CB4EEB09F4B3AC2BC980E19    --a-s-- 3023 bytes    [23:04 21/01/2013]    [14:21 02/11/2013]
8DFDF057024880D7A081AFBF6D26B92F    --a-s-- 533 bytes    [15:50 18/12/2012]    [00:01 01/10/2013]
904590238400AD963F77FAAAADC9BAB5    --a-s-- 571 bytes    [00:01 14/10/2012]    [00:01 14/10/2012]
94308059B57B3142E455B38A6EB92015    --a-s-- 48483 bytes    [04:57 14/07/2009]    [22:58 23/04/2012]
955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9    --a-s-- 1582 bytes    [00:23 31/03/2013]    [16:46 27/10/2013]
9F70FA6EEBF1E23BF714F0160EAD949B_6AAAA8D074A6325E8E123CBE9142955C    --a-s-- 1785 bytes    [01:01 30/10/2013]    [01:01 30/10/2013]
A1377F7115F1F126A15360369B165211    --a-s-- 597 bytes    [23:22 30/04/2012]    [16:38 29/10/2013]
A44F4E7CB3133FF765C39A53AD8FCFDD    --a-s-- 558 bytes    [00:01 11/05/2012]    [00:01 11/05/2012]
A8FABA189DB7D25FBA7CAC806625FD30    --a-s-- 96159 bytes    [18:15 30/11/2012]    [14:14 02/11/2013]
AB132ADD47222782522938B9D92E0324    --a-s-- 4901 bytes    [19:34 15/08/2013]    [14:21 02/11/2013]
ACD298706363C10E8E9C9A68F63EC66C_88E06BC8299FDE107EF9356895A52E97    --a-s-- 5 bytes    [19:34 15/08/2013]    [14:21 02/11/2013]
B681B8816EE79EAEAA5CA7DA9EC0DC58    --a-s-- 429 bytes    [20:36 04/07/2012]    [00:00 18/05/2013]
B69D763EB21649DA26F20618312DEE70    --a-s-- 75433 bytes    [10:21 23/07/2013]    [14:14 02/11/2013]
B8CC409ACDBF2A2FE04C56F2875B1FD6    --a-s-- 561 bytes    [00:52 29/04/2012]    [11:09 01/10/2013]
B90B117906B8A74C79D1BC450C2B94B1_4E03CBB428EF91E974A5A548113DAABF    --a-s-- 471 bytes    [19:05 21/10/2013]    [14:14 02/11/2013]
B90B117906B8A74C79D1BC450C2B94B1_71E52C2647358A15D7C911081EA63F59    --a-s-- 471 bytes    [19:28 15/08/2013]    [19:14 21/10/2013]
B90B117906B8A74C79D1BC450C2B94B1_C2688E7E72687DD043BCBD8B517F78DA    --a-s-- 471 bytes    [11:36 27/08/2013]    [22:26 21/10/2013]
BE432C2EE45E016635C9B13C029DA7E7    --a-s-- 391 bytes    [00:12 01/05/2012]    [00:12 28/05/2013]
C8E7EC0C85688F4738F3BE49B104BA67    --a-s-- 469 bytes    [09:38 28/01/2013]    [09:12 18/07/2013]
D41693DAFE5DEF0C36959FF1FCEF5C96    --a-s-- 603 bytes    [02:46 29/04/2012]    [00:01 10/09/2013]
DC2135CED98D8A4D7C0CEE202BB0B810    --a-s-- 469 bytes    [00:54 29/04/2012]    [00:04 21/07/2013]
E04822AD18D472EA5B582E6E6F8C6B9A    --a-s-- 528 bytes    [00:24 01/05/2012]    [00:24 01/05/2012]
E48DDEA3BF68DF580551FA0F27950B54    --a-s-- 573 bytes    [08:28 05/12/2012]    [08:09 17/09/2013]
E6024EAC88E6B6165D49FE3C95ADD735    --a-s-- 558 bytes    [01:14 15/12/2012]    [01:19 15/12/2012]
E7B158B31D45761A93C56C441E33DD68_043F73DDEA5CEF7323B457AFEE911BD1    --a-s-- 1382 bytes    [01:03 30/10/2013]    [01:03 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_55CFFD4594CC6CA7C3E5DCE6567C5488    --a-s-- 1382 bytes    [01:03 30/10/2013]    [01:03 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_9E3AFDCFE21438953829BFF5CDB7E144    --a-s-- 1382 bytes    [01:03 30/10/2013]    [01:03 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_A312CC7B4ADCD629E0C43F096D162B81    --a-s-- 1382 bytes    [01:03 30/10/2013]    [01:03 30/10/2013]
F4D9C889B7AEBCF4E1A2DAABC5C3628A_1958274530ECD2C94C273968227CBAC7    --a-s-- 471 bytes    [11:35 02/09/2013]    [01:05 03/11/2013]
F4D9C889B7AEBCF4E1A2DAABC5C3628A_2A74551A3473E79CF8502ED67383BEA9    --a-s-- 472 bytes    [00:03 29/08/2013]    [01:04 03/11/2013]
F4D9C889B7AEBCF4E1A2DAABC5C3628A_61089B988A2D43DB86CD228935EC97FD    --a-s-- 471 bytes    [23:46 22/04/2013]    [14:21 02/11/2013]
F5A17C00E427F919C4A49EEF5AD0EE53    --a-s-- 460 bytes    [00:54 29/04/2012]    [00:04 21/07/2013]
F64202D7CEB5DA9D6F0F0D20562C7C92_09D0B0D29462C102634F003F13C281DD    --a-s-- 471 bytes    [19:35 15/08/2013]    [14:21 02/11/2013]
F90F18257CBB4D84216AC1E1F3BB2C76    --a-s-- 550 bytes    [23:26 23/06/2012]    [08:34 20/09/2013]

C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData    d---s--    [04:55 14/07/2009]
0797C381B2F87EB5A1D5573BD15BA4F4    --a-s-- 312 bytes    [00:11 13/12/2012]    [14:21 02/11/2013]
1F39B5CFACECFDE48DB25BCA2231FAC6_659E8B339CB5D4A3440EE573BB1175E7    --a-s-- 404 bytes    [23:45 27/06/2013]    [16:50 27/10/2013]
1F39B5CFACECFDE48DB25BCA2231FAC6_DE53AAF790C37319AFDBDE06538F2A72    --a-s-- 408 bytes    [17:16 14/06/2013]    [09:02 03/11/2013]
207B9FD92391B9B2A60A89B4C965D5DF    --a-s-- 302 bytes    [02:46 29/04/2012]    [23:01 03/11/2013]
23B523C9E7746F715D33C6527C18EB9D    --a-s-- 292 bytes    [00:00 29/08/2013]    [09:02 03/11/2013]
2D496E51FC2430309B734C35E62F4CEE    --a-s-- 328 bytes    [00:18 29/09/2012]    [00:00 14/10/2012]
3B6E683A7A45CC59BF035C9BA8C7AB9D    --a-s-- 220 bytes    [15:02 05/10/2013]    [22:26 21/10/2013]
3C3948BE6E525B8A8CEE9FAC91C9E392_160E0412218347BAE993A626CE33F635    --a-s-- 416 bytes    [00:57 28/08/2013]    [14:14 02/11/2013]
3C3948BE6E525B8A8CEE9FAC91C9E392_752708131C25F4BEFB4DBDF7A5C73862    --a-s-- 412 bytes    [11:32 13/12/2012]    [21:36 22/10/2013]
3C3948BE6E525B8A8CEE9FAC91C9E392_AD2905D734307F784BBEC99C49201928    --a-s-- 412 bytes    [19:03 21/10/2013]    [14:21 02/11/2013]
3C83474D61E624A4F9844DF935AFE217    --a-s-- 268 bytes    [11:09 28/01/2013]    [23:01 03/11/2013]
4DD39726D4B55AC3B4119B35A893323C_109D983612043F6131CC62F7E16F02E2    --a-s-- 400 bytes    [09:11 25/08/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_2315754A54B6F5841B2DB2F7D0583486    --a-s-- 404 bytes    [00:02 23/10/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_23FF3A4B9D1FD5682AD143ACCA355742    --a-s-- 400 bytes    [15:04 12/09/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_323E09F43340EE683D03085AB63D50A7    --a-s-- 400 bytes    [00:00 23/10/2013]    [01:11 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_326CA95402CB60B6A60C4129D07E3080    --a-s-- 400 bytes    [00:02 23/10/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_362E86912B806EFE482057E289F91399    --a-s-- 404 bytes    [01:04 30/10/2013]    [01:11 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_43C7947F7945DCEA82CAC9AA3EE26537    --a-s-- 408 bytes    [00:04 23/10/2013]    [14:14 02/11/2013]
4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9    --a-s-- 404 bytes    [14:37 27/08/2013]    [01:11 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_519751C668626633CE3FCE5B411E0890    --a-s-- 400 bytes    [21:38 24/05/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_9AA8F42C926870973C475A313BA4165B    --a-s-- 404 bytes    [01:02 30/10/2013]    [01:11 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_A1421B2F62B3BEF032D9F93F6B30B41D    --a-s-- 400 bytes    [21:47 25/10/2013]    [21:48 25/10/2013]
4DD39726D4B55AC3B4119B35A893323C_B04136819FEA175B21BABDC9316AF160    --a-s-- 400 bytes    [00:02 23/10/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A    --a-s-- 400 bytes    [00:03 23/10/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_DF7139DD72A4FD7006E7247A8DBEB19A    --a-s-- 400 bytes    [00:57 28/08/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_E4DE1C9135DBF3C738A798B7F75D6BFE    --a-s-- 400 bytes    [00:05 23/10/2013]    [14:21 23/10/2013]
4DD39726D4B55AC3B4119B35A893323C_EF8CA2E234A0E8C81A5EEC3A76DE5266    --a-s-- 400 bytes    [00:03 23/10/2013]    [20:59 30/10/2013]
4DD39726D4B55AC3B4119B35A893323C_FADA27F19166BDF2E97AA7EF8CB63683    --a-s-- 408 bytes    [01:02 30/10/2013]    [01:11 30/10/2013]
4F4970A584703DA27ECC71A04C0A8133    --a-s-- 330 bytes    [00:20 29/09/2012]    [00:20 29/09/2012]
5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0    --a-s-- 398 bytes    [16:54 27/10/2013]    [14:56 02/11/2013]
570FB14ABC805C46708F32F92F10C3B4    --a-s-- 300 bytes    [00:22 01/05/2012]    [00:22 01/05/2012]
57C8EDB95DF3F0AD4EE2DC2B8CFD4157    --a-s-- 340 bytes    [21:21 14/06/2012]    [10:20 03/11/2013]
5C8DDA36D60247082B142836039F4636    --a-s-- 244 bytes    [00:54 29/04/2012]    [01:04 30/10/2013]
60E31627FDA0A46932B0E5948949F2A5    --a-s-- 274 bytes    [02:46 29/04/2012]    [00:00 01/10/2013]
62B5AF9BE9ADC1085C3C56EC07A82BF6    --a-s-- 304 bytes    [01:00 27/03/2013]    [00:54 29/10/2013]
64D93295DA4D0800723C885BB4F0F064    --a-s-- 212 bytes    [15:02 05/10/2013]    [22:26 21/10/2013]
696F3DE637E6DE85B458996D49D759AD    --a-s-- 284 bytes    [00:52 29/04/2012]    [23:01 03/11/2013]
6B7AED56F69397028F35E77E6DD681FC    --a-s-- 320 bytes    [00:00 06/07/2013]    [01:00 03/11/2013]
6D262CA680BA072DEB1E06AAC0635661    --a-s-- 282 bytes    [00:02 28/05/2013]    [00:01 20/09/2013]
7396C420A8E1BC1DA97F1AF0D10BAD21    --a-s-- 296 bytes    [01:01 29/04/2012]    [01:04 03/11/2013]
74BFD122C0875EC75DBE5C6DB4C59019    --a-s-- 304 bytes    [19:15 15/08/2013]    [14:21 02/11/2013]
77EC63BDA74BD0D0E0426DC8F8008506    --a-s-- 328 bytes    [21:21 14/06/2012]    [01:01 30/10/2013]
7B2238AACCEDC3F1FFE8E7EB5F575EC9    --a-s-- 258 bytes    [04:57 14/07/2009]    [00:03 05/08/2012]
7B8944BA8AD0EFDF0E01A43EF62BECD0_4069BD6CA0A97DCB6D4110B1A16AB213    --a-s-- 404 bytes    [18:54 13/10/2012]    [17:55 08/10/2013]
7B8944BA8AD0EFDF0E01A43EF62BECD0_90B245F3393B277BCC265AEEA916F6BE    --a-s-- 404 bytes    [22:26 14/10/2013]    [22:35 14/10/2013]
7B8944BA8AD0EFDF0E01A43EF62BECD0_E96F61DDAC6BCE50303E5DCD8AF072CA    --a-s-- 412 bytes    [00:00 12/09/2013]    [00:19 12/10/2013]
8A9510437CB4EEB09F4B3AC2BC980E19    --a-s-- 208 bytes    [23:04 21/01/2013]    [14:21 02/11/2013]
8DFDF057024880D7A081AFBF6D26B92F    --a-s-- 280 bytes    [15:50 18/12/2012]    [13:09 06/10/2013]
904590238400AD963F77FAAAADC9BAB5    --a-s-- 262 bytes    [00:01 14/10/2012]    [00:01 14/10/2012]
94308059B57B3142E455B38A6EB92015    --a-s-- 344 bytes    [04:57 14/07/2009]    [00:01 24/06/2012]
955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9    --a-s-- 404 bytes    [00:23 31/03/2013]    [16:50 27/10/2013]
9F70FA6EEBF1E23BF714F0160EAD949B_6AAAA8D074A6325E8E123CBE9142955C    --a-s-- 396 bytes    [01:01 30/10/2013]    [01:01 30/10/2013]
A1377F7115F1F126A15360369B165211    --a-s-- 270 bytes    [23:22 30/04/2012]    [23:01 03/11/2013]
A44F4E7CB3133FF765C39A53AD8FCFDD    --a-s-- 272 bytes    [00:01 11/05/2012]    [23:01 03/11/2013]
A8FABA189DB7D25FBA7CAC806625FD30    --a-s-- 304 bytes    [18:15 30/11/2012]    [15:06 02/11/2013]
AB132ADD47222782522938B9D92E0324    --a-s-- 226 bytes    [19:34 15/08/2013]    [14:21 02/11/2013]
ACD298706363C10E8E9C9A68F63EC66C_88E06BC8299FDE107EF9356895A52E97    --a-s-- 384 bytes    [19:34 15/08/2013]    [14:21 02/11/2013]
B681B8816EE79EAEAA5CA7DA9EC0DC58    --a-s-- 264 bytes    [20:36 04/07/2012]    [00:56 18/05/2013]
B69D763EB21649DA26F20618312DEE70    --a-s-- 216 bytes    [10:21 23/07/2013]    [14:21 02/11/2013]
B8CC409ACDBF2A2FE04C56F2875B1FD6    --a-s-- 262 bytes    [00:52 29/04/2012]    [23:01 03/11/2013]
B90B117906B8A74C79D1BC450C2B94B1_4E03CBB428EF91E974A5A548113DAABF    --a-s-- 408 bytes    [19:05 21/10/2013]    [14:21 02/11/2013]
B90B117906B8A74C79D1BC450C2B94B1_71E52C2647358A15D7C911081EA63F59    --a-s-- 416 bytes    [19:28 15/08/2013]    [19:47 21/10/2013]
B90B117906B8A74C79D1BC450C2B94B1_C2688E7E72687DD043BCBD8B517F78DA    --a-s-- 414 bytes    [11:36 27/08/2013]    [22:27 21/10/2013]
BE432C2EE45E016635C9B13C029DA7E7    --a-s-- 214 bytes    [00:12 01/05/2012]    [08:08 28/05/2013]
C8E7EC0C85688F4738F3BE49B104BA67    --a-s-- 230 bytes    [09:38 28/01/2013]    [18:19 25/10/2013]
D41693DAFE5DEF0C36959FF1FCEF5C96    --a-s-- 290 bytes    [02:46 29/04/2012]    [23:02 03/11/2013]
DC2135CED98D8A4D7C0CEE202BB0B810    --a-s-- 230 bytes    [00:54 29/04/2012]    [00:51 30/10/2013]
E04822AD18D472EA5B582E6E6F8C6B9A    --a-s-- 266 bytes    [00:24 01/05/2012]    [00:24 01/05/2012]
E48DDEA3BF68DF580551FA0F27950B54    --a-s-- 360 bytes    [08:28 05/12/2012]    [23:02 03/11/2013]
E6024EAC88E6B6165D49FE3C95ADD735    --a-s-- 270 bytes    [01:14 15/12/2012]    [01:03 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_043F73DDEA5CEF7323B457AFEE911BD1    --a-s-- 408 bytes    [01:03 30/10/2013]    [01:11 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_55CFFD4594CC6CA7C3E5DCE6567C5488    --a-s-- 408 bytes    [01:03 30/10/2013]    [01:11 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_9E3AFDCFE21438953829BFF5CDB7E144    --a-s-- 400 bytes    [01:03 30/10/2013]    [01:11 30/10/2013]
E7B158B31D45761A93C56C441E33DD68_A312CC7B4ADCD629E0C43F096D162B81    --a-s-- 404 bytes    [01:03 30/10/2013]    [01:11 30/10/2013]
F4D9C889B7AEBCF4E1A2DAABC5C3628A_1958274530ECD2C94C273968227CBAC7    --a-s-- 404 bytes    [11:35 02/09/2013]    [09:02 03/11/2013]
F4D9C889B7AEBCF4E1A2DAABC5C3628A_2A74551A3473E79CF8502ED67383BEA9    --a-s-- 396 bytes    [00:03 29/08/2013]    [09:02 03/11/2013]
F4D9C889B7AEBCF4E1A2DAABC5C3628A_61089B988A2D43DB86CD228935EC97FD    --a-s-- 412 bytes    [23:46 22/04/2013]    [14:21 02/11/2013]
F5A17C00E427F919C4A49EEF5AD0EE53    --a-s-- 242 bytes    [00:54 29/04/2012]    [00:51 30/10/2013]
F64202D7CEB5DA9D6F0F0D20562C7C92_09D0B0D29462C102634F003F13C281DD    --a-s-- 408 bytes    [19:35 15/08/2013]    [14:56 02/11/2013]
F90F18257CBB4D84216AC1E1F3BB2C76    --a-s-- 290 bytes    [23:26 23/06/2012]    [23:02 03/11/2013]

C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Silverlight    d------    [02:43 13/03/2013]

C:\Windows\system32\config\systemprofile\AppData\Roaming    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Acronis    d------    [14:39 22/09/2013]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Acronis\TrueImageHome    d------    [14:39 22/09/2013]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Foxit Software    d------    [00:21 26/04/2012]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Foxit Software\Foxit PDF Creator    d------    [00:21 26/04/2012]
FXCPrivate_57d6.ini    --a---- 454 bytes    [00:21 26/04/2012]    [00:21 26/04/2012]
UserData.xml    --a---- 0 bytes    [00:49 24/06/2012]    [00:49 24/06/2012]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs    d---s--    [04:48 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows    d------    [04:54 14/07/2009]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies    d--hs--    [04:54 14/07/2009]
index.dat    --ahs-- 16384 bytes    [21:54 19/03/2012]    [01:39 08/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache    d--hs--    [05:12 14/07/2009]
index.dat    --ahs-- 262144 bytes    [05:12 14/07/2009]    [02:08 20/03/2012]

C:\Windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client    d------    [20:46 23/04/2012]

C:\Windows\system32\config\systemprofile\AppData\Roaming\SoftGrid Client\140061.ENU-90140011-61-409    d------    [20:46 23/04/2012]
UsrVol_sftfs_v1.pkg    --a---- 57856 bytes    [08:58 22/05/2013]    [08:58 22/05/2013]

C:\Windows\system32\config\systemprofile\AppData\Roaming\VMware    d------    [01:24 22/02/2013]

C:\Windows\system32\config\TxR    d------    [03:20 14/07/2009]
{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms    --ahs-- 5242880 bytes    [21:51 19/03/2012]    [07:01 13/06/2013]
{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms    --ahs-- 5242880 bytes    [21:51 19/03/2012]    [13:09 11/10/2013]
{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms    --ahs-- 5242880 bytes    [21:51 19/03/2012]    [00:37 20/03/2013]
{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.3.regtrans-ms    --ahs-- 5242880 bytes    [22:26 10/05/2012]    [22:58 03/11/2013]
{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf    --ahs-- 65536 bytes    [21:51 19/03/2012]    [22:58 03/11/2013]
{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf    --ahs-- 65536 bytes    [21:49 19/03/2012]    [22:58 03/11/2013]
{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms    --ahs-- 524288 bytes    [21:49 19/03/2012]    [22:58 03/11/2013]
{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms    --ahs-- 524288 bytes    [21:49 19/03/2012]    [16:23 11/10/2013]

-= EOF =-



#9 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 03 November 2013 - 07:44 PM

Sorry, here is the missing StreamArmor file

Attached Files



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 03 November 2013 - 09:00 PM

Nice work getting all the information posted. I want to run another FRST fix. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Any change in computer behavior?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 04 November 2013 - 06:49 PM

Hi,

 

My computer is still slower in going in to and coming out of sleep than in the past however the reaction of the O/S now is a noticeable lag but not as bad as before. The desktop comes up more promptly but then my keyboard and mouse are locked up for a period of time, which while not long as a few days ago, is most definitely not normal. Also if I try to carry out any number of actions using my admin option - right click -> run as administrator, the initial action starts to work then the screen freezes for tens of seconds, then I'm able to select a choice of action. If it's to launch a program installation (say) the process will begin, hang for tens of seconds then complete. Again, a slight improvement on a few days back but nothing close to what it should be like.  

 

Regards,

 

whizzcodebang

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by ziggy-d at 2013-11-04 20:45:26 Run:2
Running from C:\Users\ziggy-d\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AlternateDataStreams: C:\Windows:
*****************

"C:\Windows" => ":" ADS not found.

==== End of Fixlog ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 04 November 2013 - 08:59 PM

Can you tell me if you actually downloaded the fixlist file or did you open it and copy/paste the information into a new Notepad document?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 05 November 2013 - 01:26 AM

Gary,

 

I clicked on the link provided on this forum. The standard win option box popped up with radio button set to Save File. I clicked OK. An Explorer window popped up and because of recent, previous downloads of this nature, Explorer was pointing to the desktop so I selected Save. However, now that I have your email I've gone back to have a look & I cannot find it. I presume the file would not have been consumed by FRST64 so I must have been in la la land and thought I carried out the action correctly. Shall I repeat the process? Ever so sorry about that. The last thing you need is a time waster.

 

Regards,

 

whizzcodebang



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,714 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:45 AM

Posted 05 November 2013 - 09:18 AM

Greetings,

No you did it exactly as you should have! The fixlist file will disappear once it is utilized. Here is the issue which was actually detected by one of my seasoned colleagues. You probably don't care about the explanation but I am giving it to you anyway! :) We may have to do more work on this so at least you will know what is up.

This entry is normally a bad one:
 

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:


But here is the twist with your log. In order for this to really be bad there has to be something following the colon after Windows. Yours doesn't have that which is very strange and quite honestly I have never seen it before. C:\Windows is a critical folder so the potential significance of this could be great. This was the reason for my previous delay in responding, trying to make sense of this entry.

What my colleague detected was that on the site there is no character after the colon. However, if you open the Attach Notepad document you included there is a character after the colon. That character is not recognized when the information is copied into this forum so therefore the character is missing. So what I did was have you download and use the Notepad document I provided which still contained the special character. What is strange is that the report said the ADS entry could not be found. That may actually be the case as there are times when things are not actually there but we need to be sure.

All of that to say I would like you to run Farbar Recovery Scan Tool again but be sure to place a checkmark next to Attach.txt. Please attach that file to your response.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log (copy and paste to site)
  • Attach.txt (include as an attachment)

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 whizzcodebang

whizzcodebang
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:45 PM

Posted 05 November 2013 - 04:38 PM

Gary,

 

Before I proceed with this may I ask, is it advisable to switch off all anti-virus/malware/firewall scanners running on my PC? Reason I ask is that a number of the probing tools people are instructed to use on this forum have clear instructions to disable any such software before proceeding yet there has been no mention of this here. Is that because the nature of what the tools do there's no conflict between them and resident scanners? I want to make sure just in case logging data is getting skewed in the process.

 

> You probably don't care about the explanation but I am giving it to you anyway!

 

On the contrary as a s/w engineer I am more than a little interested to find out what is going on. Don't spare me the horrors :devil:

 

Regards,

 

whizzcodebang






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users