Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All Internet Programs & Browsers are Infected


  • This topic is locked This topic is locked
78 replies to this topic

#1 markgar

markgar

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 24 January 2014 - 05:09 PM

I'm rnning Win XP Professional 664-bit, Version 2003 w/ SP2.

 

Last weekend, half of my Chrome browser windows would not load (aw snap only). Some websites were unaffected. I tried IE and it had no issues initially. After a reboot, IE is frozen - an IE window will open but immediately hangs (Not Responding status in Task Mgr.). On Wed. and again Thurs. my internet connection thru DSL went down for several hours. I have now taken the system off-line and no further issues with the DSL connection.

 

I have done scans with both Avast and AVG a/v. No problems have been reported by either scanner.

 

I'm using my 32bit system to communicate with the internet. I downloaded DDS. When I moved this to the infected system, DDS said it was not supported in my Win XP 64 bit environment. I also downloaded Security  Check and FRST. Both of these scanners ran. I am attaching their scan results below.

 

Thanks in advance for any help you can provide.

 

Results of screen317's Security Check version 0.99.79  
 Windows XP  x64   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
avast! Antivirus                  
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 45  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 31.0.1650.63  
 Google Chrome 32.0.1700.76  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-01-2014 02
Ran by Administrator (administrator) on WORKSTN on 24-01-2014 15:14:41
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.exe
() C:\WINDOWS\SMINST\Scheduler.exe
() C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(American Power Conversion Corporation) C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\WINDOWS\system32\alg.exe
(magicJack L.P.) C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\EXCEL.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [nwiz] - nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15930880 2008-09-11] (NVIDIA Corporation)
HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [18084864 2009-01-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] - C:\WINDOWS\SkyTel.EXE [1826816 2007-11-20] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SoundMan] - C:\WINDOWS\SOUNDMAN.EXE [77824 2008-08-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [AlcWzrd] - C:\WINDOWS\ALCWZRD.EXE [2808832 2008-06-19] (RealTek Semicoductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\WINDOWS\ALCMTR.EXE [57344 2008-06-19] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [320024 2009-02-06] (PDF Complete Inc)
HKLM-x32\...\Run: [Recguard] - C:\WINDOWS\Sminst\Recguard.exe [1138688 2006-05-12] ()
HKLM-x32\...\Run: [Scheduler] - C:\WINDOWS\SMINST\Scheduler.exe [872448 2006-07-10] ()
HKLM-x32\...\Run: [Control Center] - C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe [2482688 2007-12-18] ()
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1564872 2012-06-06] (Ask)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-12-19] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2486296 2014-01-06] ()
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation))
Winlogon\Notify\crypt32chain: C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\crypt32chain-x32: C:\WINDOWS\SysWOW64\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet-x32: C:\WINDOWS\SysWOW64\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll-x32: C:\WINDOWS\SysWOW64\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy-x32: C:\WINDOWS\SysWOW64\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\EFS-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\ScCertProp-x32: wlnotify.dll [X]
Winlogon\Notify\Schedule-x32: wlnotify.dll [X]
Winlogon\Notify\sclgntfy-x32: C:\WINDOWS\SysWOW64\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn-x32: WlNotify.dll [X]
Winlogon\Notify\wlballoon-x32: wlnotify.dll [X]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1681920 2007-02-18] (Microsoft Corporation)
HKCU\...\Run: [ISUSPM] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKCU\...\Run: [cdloader] - C:\Documents and Settings\Administrator\Application Data\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKCU\...\Run: [H/PC Connection Agent] - C:\Program Files (x86)\Microsoft ActiveSync\Wcescomm.exe [1289000 2006-11-13] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
MountPoints2: {61aa0854-6687-11e2-b061-00237d1ba17f} - J:\autorun.exe
MountPoints2: {6e2d2c4e-1aac-11e2-ac39-00237d1ba17f} - F:\TL_Bootstrap.exe
MountPoints2: {81dd18a6-3d5e-11df-851f-00237d1ba17f} - G:\LaunchU3.exe -a
MountPoints2: {b5c6d5fa-6da6-11e1-9def-00237d1ba17f} - F:\TL_Bootstrap.exe
HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
IFEO\Your Image File Name Here without a path: [Debugger] ntsd -d
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk
ShortcutTarget: Microsoft Office Fast Start.lnk -> C:\MSOffice\Office\FASTBOOT.EXE ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll (Microsoft Corporation)
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmws
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
URLSearchHook: HKCU - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5D920AB9-798E-41F0-8C82-B95439D141AA}&mid=1f9894b85bb147d3a909d16a3bff488c-faa6d6e156a334bf8c93679273adf78dbf92812d&lang=en&ds=ft013&coid=avgtbdisft&cmpid=&pr=sa&d=2013-12-15 13:03:27&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: Fast Search - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP21/event/ieatgpc.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\syswow64\urlmon.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\SysWow64\mshtml.dll (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\syswow64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\syswow64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\SysWow64\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [388608 2009-05-25] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\SysWOW64\shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
==================== Services (Whitelisted) =================
 
R2 AeLookupSvc; C:\Windows\SysWOW64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
R3 ALG; C:\Windows\SysWOW64\alg.exe [45056 2007-02-18] (Microsoft Corporation)
R2 APC UPS Service; C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe [176193 2005-12-12] (American Power Conversion Corporation)
R2 AudioSrv; C:\Windows\SysWOW64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-12-19] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 Browser; C:\Windows\SysWOW64\browser.dll [78336 2012-06-29] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S4 ClipSrv; C:\Windows\SysWOW64\clipsrv.exe [32256 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
S4 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
R2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [182696 2013-10-08] (Oracle Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S4 mnmsrvc; C:\WINDOWS\SysWOW64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29262680 2009-05-27] (Microsoft Corporation)
S4 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S4 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
R3 Netman; C:\Windows\SysWOW64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWOW64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S4 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [164352 2008-09-11] (NVIDIA Corporation)
S2 PCA; C:\WINDOWS\SMINST\PCAngel.exe [364544 2006-06-13] (SoftThinks)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [623640 2009-02-06] (PDF Complete Inc)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWOW64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWOW64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S3 RpcLocator; C:\Windows\SysWOW64\locator.exe [71680 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWOW64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWOW64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S4 SysmonLog; C:\Windows\SysWOW64\smlogsvc.exe [96256 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWOW64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\SysWOW64\ups.exe [16896 2007-02-18] (Microsoft Corporation)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-06] (AVG Secure Search)
S4 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWOW64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
R2 WZCSVC; C:\Windows\SysWOW64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWOW64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 MaxBackServiceInt; "C:\Program Files (x86)\Maxtor\Maxtor Backup\MaxBackServiceInt.exe" [x]
S3 WinHttpAutoProxySvc; winhttp.dll [x]
 
==================== Drivers (Whitelisted) ====================
 
S4 Abiosdsk; No ImagePath
S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S4 adpu160m; C:\Windows\system32\DRIVERS\adpu160m.sys [160256 2005-03-24] (Microsoft Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
S4 aic78u2; C:\Windows\system32\DRIVERS\aic78u2.sys [117248 2005-03-24] (Microsoft Corporation)
S4 aic78xx; C:\Windows\system32\DRIVERS\aic78xx.sys [120832 2005-03-24] (Microsoft Corporation)
S3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [51712 2007-02-18] (Advanced Micro Devices)
S3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-16] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-12-19] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-12-19] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [59144 2013-12-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-12-19] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-12-19] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-12-19] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-12-19] ()
S4 Atdisk; No ImagePath
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx64.sys [46368 2013-12-15] (AVG Technologies)
R3 b57nd; C:\Windows\System32\DRIVERS\b57amd64.sys [262144 2007-09-17] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\basamd64.sys [132096 2007-09-11] (Broadcom Corporation)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S1 Changer; No ImagePath
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
S4 dpti2o; C:\Windows\system32\DRIVERS\dpti2o.sys [35328 2005-03-24] (Adaptec, Inc.)
S3 E1000; C:\Windows\System32\DRIVERS\e1G5132e.sys [232960 2005-03-24] (Intel Corporation)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-16] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [187392 2009-02-26] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [48640 2009-02-26] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [50688 2009-02-26] (HP)
S1 i2omgmt; No ImagePath
S1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKHDA64.SYS [5092864 2009-01-13] (Realtek Semiconductor Corp.)
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
S3 KUSBusByTCP; C:\Windows\SysWow64\Drivers\KUSBusByTCP.sys [124952 2008-01-10] (Windows ® Codename Longhorn DDK provider)
R3 KUSBusByTCPMasterBus; C:\Windows\SysWow64\Drivers\KUSBusByTCPMasterBus.sys [73752 2008-01-10] (Windows ® Codename Longhorn DDK provider)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
S3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [8044032 2008-09-11] (NVIDIA Corporation)
S3 NVENET; C:\Windows\System32\DRIVERS\NVENET.sys [185344 2005-03-24] (NVIDIA Corporation)
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
S4 Simbad; No ImagePath
R3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
S4 symmpi; C:\Windows\system32\DRIVERS\symmpi.sys [84992 2005-03-24] (LSI Logic)
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
S4 TosIde; C:\Windows\system32\DRIVERS\toside.sys [8704 2005-03-24] (Microsoft Corporation)
S4 ultra; C:\Windows\system32\DRIVERS\ultra.sys [38912 2005-03-24] (Promise Technology, Inc.)
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-29] (Microsoft Corporation)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2010-04-13] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27648 2010-04-13] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33280 2010-04-13] (LG Electronics Inc.)
S4 ViaIde; C:\Windows\system32\DRIVERS\viaide.sys [8704 2005-03-24] (Microsoft Corporation)
S3 WDICA; No ImagePath
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S0 Lbd; system32\DRIVERS\Lbd.sys [x]
U4 ParVdm; 
S2 sbapifs; system32\drivers\sbapifs.sys [x]
S1 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [171008 2007-02-18] (Microsoft Corporation)
U1 WS2IFSL; 
 
==================== NetSvcs (Whitelisted) ===================
 
NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)
 
==================== One Month Created Files and Folders ========
 
2014-01-24 15:14 - 2014-01-24 15:14 - 00034075 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-24 15:14 - 2014-01-24 15:14 - 00000000 ____D C:\FRST
2014-01-23 17:35 - 2014-01-23 17:35 - 02077696 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2014-01-23 16:36 - 2014-01-23 16:36 - 00987425 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2014-01-23 16:35 - 2014-01-23 16:35 - 00688992 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-01-22 16:24 - 2014-01-22 16:24 - 00011794 _____ C:\hijackthis.log
2014-01-22 16:00 - 2012-06-05 02:37 - 00256904 _____ (Trend Micro Inc.) C:\WINDOWS\SysWOW64\Drivers\tmcomm.sys
2014-01-22 11:55 - 2014-01-22 11:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-01-22 11:33 - 2014-01-22 11:33 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-01-22 11:32 - 2014-01-22 11:34 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-22 11:32 - 2014-01-22 11:32 - 00000000 ___HD C:\$AVG
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-22 11:15 - 2014-01-24 09:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-21 17:38 - 2014-01-21 17:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2014-01-21 16:07 - 2014-01-23 17:07 - 00000412 _____ C:\WINDOWS\Tasks\RegInOut on user logon - Administrator.job
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Program Files (x86)\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RegInOut
2014-01-15 03:04 - 2014-01-15 03:04 - 00004578 _____ C:\WINDOWS\KB2914368.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-11 12:53 - 2014-01-23 17:04 - 00001083 _____ C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2014-01-06 01:39 - 2014-01-06 01:39 - 00000000 ____D C:\WINDOWS\SysWOW64\cache
 
==================== One Month Modified Files and Folders =======
 
2014-01-24 15:14 - 2014-01-24 15:14 - 00034075 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-01-24 15:14 - 2014-01-24 15:14 - 00000000 ____D C:\FRST
2014-01-24 15:12 - 2012-09-23 09:37 - 00000262 _____ C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-01-24 14:52 - 2009-10-25 16:35 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 14:42 - 2011-04-25 15:11 - 00000490 _____ C:\WINDOWS\Tasks\Ad-Aware Scan (bob).job
2014-01-24 14:26 - 2012-11-30 13:56 - 00000314 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2866814949-2479978904-1420319158-500.job
2014-01-24 13:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
2014-01-24 12:23 - 2009-11-23 17:06 - 00002497 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Word (2).lnk
2014-01-24 11:48 - 2011-05-06 10:56 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Investing
2014-01-24 11:12 - 2007-03-14 11:19 - 00032514 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2014-01-24 10:25 - 2011-04-29 08:10 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Simple Sudoku
2014-01-24 09:48 - 2014-01-22 11:15 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2014-01-24 09:05 - 2013-01-11 10:29 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-01-24 07:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
2014-01-24 01:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
2014-01-24 00:04 - 2009-06-03 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PDFC
2014-01-23 21:41 - 2009-06-03 17:01 - 01137621 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-23 19:52 - 2009-10-25 16:35 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-23 19:07 - 2011-04-25 15:11 - 00000496 _____ C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
2014-01-23 17:35 - 2014-01-23 17:35 - 02077696 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST64.exe
2014-01-23 17:07 - 2014-01-21 16:07 - 00000412 _____ C:\WINDOWS\Tasks\RegInOut on user logon - Administrator.job
2014-01-23 17:05 - 2013-01-25 14:17 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\mjusbsp
2014-01-23 17:04 - 2014-01-11 12:53 - 00001083 _____ C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
2014-01-23 17:04 - 2013-01-24 16:41 - 00001089 _____ C:\Documents and Settings\Administrator\Start Menu\Programs\magicJack.lnk
2014-01-23 17:01 - 2012-11-30 13:56 - 00000306 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2866814949-2479978904-1420319158-500.job
2014-01-23 17:01 - 2010-08-24 11:17 - 00000000 _____ C:\WINDOWS\0.log
2014-01-23 17:01 - 2009-06-03 17:14 - 00000000 ____D C:\WINDOWS\SMINST
2014-01-23 17:01 - 2008-09-11 03:48 - 00195261 _____ C:\WINDOWS\system32\nvapps.xml
2014-01-23 17:01 - 2007-03-14 11:19 - 00000159 _____ C:\Documents and Settings\LocalService\wiadebug.log
2014-01-23 17:01 - 2007-03-14 11:19 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 16:36 - 2014-01-23 16:36 - 00987425 _____ C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
2014-01-23 16:35 - 2014-01-23 16:35 - 00688992 _____ (Swearware) C:\Documents and Settings\Administrator\Desktop\dds.com
2014-01-23 12:46 - 2013-04-13 08:32 - 00000000 ____D C:\Documents and Settings\Administrator\.thinkorswim
2014-01-23 12:46 - 2009-10-19 11:31 - 00000000 ____D C:\Program Files (x86)\thinkTDA
2014-01-22 16:24 - 2014-01-22 16:24 - 00011794 _____ C:\hijackthis.log
2014-01-22 16:14 - 2012-05-21 17:14 - 00000000 ____D C:\Download
2014-01-22 15:17 - 2009-06-03 16:00 - 00000000 ____D C:\Documents and Settings\Administrator
2014-01-22 15:17 - 2007-03-14 11:19 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2014-01-22 13:06 - 2009-07-06 15:27 - 00001822 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
2014-01-22 13:06 - 2007-03-14 10:53 - 00001595 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-01-22 13:06 - 2007-03-14 10:50 - 00000804 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
2014-01-22 12:04 - 2010-08-24 11:17 - 00084524 _____ C:\WINDOWS\PFRO.log
2014-01-22 11:55 - 2014-01-22 11:55 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AVG2014
2014-01-22 11:34 - 2014-01-22 11:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2014
2014-01-22 11:33 - 2014-01-22 11:33 - 00000767 _____ C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-01-22 11:33 - 2014-01-22 11:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2014-01-22 11:33 - 2010-09-15 17:44 - 00850441 _____ C:\WINDOWS\setupapi.log
2014-01-22 11:32 - 2014-01-22 11:32 - 00000000 ___HD C:\$AVG
2014-01-22 11:30 - 2014-01-22 11:30 - 00000000 ____D C:\Program Files (x86)\AVG
2014-01-22 10:41 - 2009-11-23 17:06 - 00002495 _____ C:\Documents and Settings\Administrator\Desktop\Microsoft Excel.lnk
2014-01-21 17:39 - 2009-07-05 08:56 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2014-01-21 17:38 - 2014-01-21 17:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Program Files (x86)\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\RegInOut System Utilities
2014-01-21 16:07 - 2014-01-21 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RegInOut
2014-01-21 14:03 - 2007-03-14 11:06 - 00772428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-21 14:02 - 2009-06-03 17:03 - 00759850 ____C C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-21 14:02 - 2009-06-03 16:00 - 00000000 ___RD C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
2014-01-21 14:02 - 2009-06-03 16:00 - 00000000 ____D C:\WINDOWS\Registration
2014-01-21 13:55 - 2010-09-15 17:44 - 00729036 ____C C:\WINDOWS\FaxSetup.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00435644 ____C C:\WINDOWS\msmqinst.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00313196 ____C C:\WINDOWS\tsoc.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00268650 ____C C:\WINDOWS\comsetup.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00238370 ____C C:\WINDOWS\ocgen.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00224118 ____C C:\WINDOWS\iis6.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00172729 ____C C:\WINDOWS\ntdtcsetup.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00049350 ____C C:\WINDOWS\ocmsn.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00044092 ____C C:\WINDOWS\msgsocm.log
2014-01-21 13:55 - 2010-09-15 17:44 - 00002436 _____ C:\WINDOWS\imsins.log
2014-01-18 10:41 - 2012-11-30 14:37 - 00000296 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-01-17 01:02 - 2009-11-28 12:11 - 00000664 _____ C:\WINDOWS\SysWOW64\d3d9caps.dat
2014-01-15 10:22 - 2013-07-30 16:15 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-01-15 03:04 - 2014-01-15 03:04 - 00004578 _____ C:\WINDOWS\KB2914368.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setuperr.log
2014-01-15 03:04 - 2014-01-15 03:04 - 00000000 _____ C:\WINDOWS\setupact.log
2014-01-15 03:04 - 2010-09-15 17:44 - 00000970 _____ C:\WINDOWS\imsins.BAK
2014-01-15 03:03 - 2013-08-15 02:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 03:00 - 2009-07-05 09:11 - 86054176 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-06 01:39 - 2014-01-06 01:39 - 00000000 ____D C:\WINDOWS\SysWOW64\cache
2014-01-06 01:38 - 2013-12-15 13:03 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2014-01-03 09:04 - 2010-08-17 11:08 - 00000000 ____C C:\WINDOWS\SysWOW64\config.nt
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B
 
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F
 
C:\Windows\SysWOW64\explorer.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344
 
C:\Windows\System32\svchost.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9
 
C:\Windows\SysWOW64\svchost.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0014848 ___AC (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682
 
C:\Windows\System32\services.exe
[2007-02-18 00:00] - [2009-03-19 18:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698F
 
C:\Windows\System32\User32.dll
[2007-03-02 00:54] - [2007-03-02 00:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38
 
C:\Windows\SysWOW64\User32.dll
[2007-03-02 00:54] - [2007-03-02 00:54] - 0602624 ____A (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DE
 
C:\Windows\System32\userinit.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9
 
C:\Windows\SysWOW64\userinit.exe
[2007-02-18 00:00] - [2007-02-18 00:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5
 
C:\Windows\System32\rpcss.dll
[2009-03-19 18:51] - [2009-03-19 18:51] - 0845312 ____A (Microsoft Corporation) A6130365606F3D6332B014FC3DA931AA
 
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2007-02-18 00:00] - [2012-08-23 00:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB
 
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
 
==================== End Of Log ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-01-2014 02
Ran by Administrator at 2014-01-24 15:15:23
Running from C:\Documents and Settings\Administrator\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
 
==================== Installed Programs ======================
 
64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
6500_E709 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
6500_E709_eDocs (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
6500_E709_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Adobe Connect Add-in (HKCU Version:  - )
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.7.148 - Adobe Systems, Inc.)
Amazon Kindle (x32 Version:  - Amazon)
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
APC PowerChute Personal Edition (x32 Version: 2.0 - American Power Conversion Corporation)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (x32 Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Ask Toolbar Updater (HKCU Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
avast! Free Antivirus (x32 Version: 8.0.1504.0 - AVAST Software)
AVG 2014 (Version: 14.0.3681 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG SafeGuard toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom Management Programs (Version: 10.55.08 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Dell Magazines Crosswords (x32 Version:  - )
Fast Search (x32 Version: 3.3.8 - Surf Canyon)
File Opener Pro (x32 Version:  - FileOpenerPro) <==== ATTENTION
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (x32 Version: 9.3.4053 - Microsoft Corporation)
Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Backup and Recovery Manager (x32 Version: 2.5C - Hewlett-Packard Company)
HP Officejet 6500 E709 Series (Version: 12.0 - HP)
HP Performance Tuning Framework (x32 Version: 2.28.3117 - Hewlett-Packard)
ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
K-Lite Codec Pack 7.0.0 (Standard) (x32 Version: 7.0.0 - )
LG USB Modem Drivers (x32 Version: 4.9.7 - LG Electronics)
magicJack (HKCU Version: 2.0.6073.4413 - magicJack L.P.)
Microsoft .NET Framework 1.1 (x32 Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (x32 Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32 Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft ActiveSync (x32 Version: 4.5.5096.0 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows x64 (Version: 1 - Microsoft Corporation)
Microsoft Office 2000 Disc 2 (x32 Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2000 Professional (x32 Version: 9.00.2720 - Microsoft Corporation)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (x32 Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0 - Microsoft Corporation)
Network64 (Version: 120.0.194.000 - Hewlett-Packard) Hidden
NirSoft BlueScreenView (x32 Version:  - )
NVIDIA Drivers (Version:  - )
PDF Complete (x32 Version: 3.5.85 - PDF Complete, Inc.)
QFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 5.10.0.5776 - Realtek Semiconductor Corp.)
RegInOut System Utilities (x32 Version: 4.0 - SORCIM Technologies Pvt Ltd)
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.4.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Simple Sudoku 4.2 (x32 Version:  - )
StreetSmart Pro (x32 Version: 4.22 - )
thinkorswim (x32 Version: desktop - thinkorswim, Inc)
thinkorswim from TD AMERITRADE (x32 Version:  - TD AMERITRADE, Inc.)
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TRENDnet USB MFP Server Control Center (x32 Version: 2.33 - TRENDnet)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2661254) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows XP (KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB977165) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (x32 Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebEx (x32 Version:  - Cisco WebEx LLC)
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (Version: 20090308.140744 - Microsoft Corporation)
Windows Media Format 11 runtime (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
 
==================== Restore Points  =========================
 
22-01-2014 16:35:19 Installed AVG 2014
22-01-2014 18:23:21 System Checkpoint
23-01-2014 18:41:57 System Checkpoint
 
==================== Hosts content: ==========================
 
2007-02-18 00:00 - 2011-04-27 15:17 - 00325647 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 www.123moviedownload.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Ad-Aware Scan (bob).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-2866814949-2479978904-1420319158-500.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-2866814949-2479978904-1420319158-500.job => C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RegInOut on user logon - Administrator.job => C:\Program Files (x86)\RegInOut System Utilities\RegInOut.exe
Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files (x86)\Ask.com\UpdateTask.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-23 16:46 - 2014-01-23 13:55 - 02258432 _____ () C:\Program Files\AVAST Software\Avast\defs\14012301\algo.dll
2014-01-06 01:38 - 2014-01-06 01:38 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2007-02-18 00:00 - 2007-02-18 00:00 - 00061440 _____ () C:\WINDOWS\SysWOW64\devenum.dll
2007-02-18 00:00 - 2007-02-18 00:00 - 00023040 ____C () C:\WINDOWS\system32\msdmo.dll
2014-01-16 14:57 - 2014-01-11 05:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 14:57 - 2014-01-11 05:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 14:57 - 2014-01-11 05:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2014 03:14:03 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 00:23:16 PM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:54:12 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:51:15 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:38:20 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:36:28 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:04:31 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:02:18 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 11:01:14 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
Error: (01/24/2014 10:51:15 AM) (Source: Windows Search Service) (User: )
Description: The protocol handler Search.Mapi2Handler.1 cannot be loaded. Error description: Class not registered
.
 
 
System errors:
=============
Error: (01/23/2014 07:52:00 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (01/23/2014 07:52:00 PM) (Source: SideBySide) (User: )
Description: Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference error message: The referenced assembly is not installed on your system.
.
 
Error: (01/23/2014 07:52:00 PM) (Source: SideBySide) (User: )
Description: Dependent Assembly Microsoft.Windows.Common-Controls could not be found and Last Error was The referenced assembly is not installed on your system.
 
Error: (01/23/2014 05:03:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
Lbd
SBRE
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error: 
%%1053
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
 
Error: (01/23/2014 05:03:23 PM) (Source: Service Control Manager) (User: )
Description: The sbapifs service failed to start due to the following error: 
%%2
 
Error: (01/23/2014 05:01:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
 
Error: (01/23/2014 05:01:52 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{555F3418-D99E-4E51-800A-6E89CFD8B1D7}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission can be modified using the Component Services administrative tool.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 24%
Total physical RAM: 8175.03 MB
Available physical RAM: 6191.98 MB
Total Pagefile: 9781.06 MB
Available Pagefile: 7857.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:62.51 GB) (Free:6.64 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12 GB) (Free:8.93 GB) NTFS
Drive g: () (Removable) (Total:1.88 GB) (Free:1.32 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 75 GB) (Disk ID: BF9BBF9B)
Partition 1: (Active) - (Size=63 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=12 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 91F72D24)
Partition 1: (Not Active) - (Size=2 GB) - (Type=0B)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:38 PM

Posted 29 January 2014 - 05:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521982 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 29 January 2014 - 11:03 PM

Yes, I still need help.

 

The first line of the post should read:  I'm running Win XP Professional 64-bit, Version 2003 w/ SP2.

 

I do not have an original CD of Windows. It came pre-loaded on the system.

 

As I said in the original post, the DDS download I was able to get did not support a 64 bit system. I have provided alternate scans. I hope these are sufficient.

 

Thanks.

 

Mark



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:38 PM

Posted 05 February 2014 - 07:55 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------
 
Your Windows Operating System is out of date...
You are currently running Windows XP Service Pack 2. The latest service pack is service pack 3.  Download service pack 3 here and install it.
------------
 
n3uobiT.jpg  Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply
  • ----------

    weVCzW0.jpg Please download TDSSKiller
    • Double click TDSSKiller.exe
    • Press Start Scan but do nothing else as we are just looking for what is there.
    • If Malicious objects are found, select Skip by changing the Cure dropdown in the upper right.
    • Attach the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
    ----------
     

    81mYIKe.jpg  AdwCleaner
     
    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 05 February 2014 - 01:47 PM

Hi Jeff.

 

I got stuck on step 1 - installing SP3. I downloaded the update on my chrome browser. When I ran the install it tells me I have a bad .inf file and won't run.

 

As I said in my original post, IE hangs and won't run. I don't think Microsoft wants to use anything but IE.

 

I'm ready to skip this step and go on with the malware scanners. I thought I should make sure you agree first.

 

Mark



#6 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:38 PM

Posted 05 February 2014 - 01:49 PM

Go ahead and run CKScanner and see if that will run.  Post the log if one is made.  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#7 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 05 February 2014 - 02:47 PM

Below are scan results from the 3 scanners:

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.GNAPPZ
 ----- EOF ----- 
 
14:34:42.0665 0x17fc  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
14:34:50.0931 0x17fc  ============================================================
14:34:50.0931 0x17fc  Current date / time: 2014/02/05 14:34:50.0931
14:34:50.0931 0x17fc  SystemInfo:
14:34:50.0931 0x17fc  
14:34:50.0931 0x17fc  OS Version: 5.2.3790 ServicePack: 2.0
14:34:50.0931 0x17fc  Product type: Workstation
14:34:50.0931 0x17fc  ComputerName: WORKSTN
14:34:50.0931 0x17fc  UserName: Administrator
14:34:50.0931 0x17fc  Windows directory: C:\WINDOWS
14:34:50.0931 0x17fc  System windows directory: C:\WINDOWS
14:34:50.0931 0x17fc  Running under WOW64
14:34:50.0931 0x17fc  Processor architecture: Intel x64
14:34:50.0931 0x17fc  Number of processors: 2
14:34:50.0931 0x17fc  Page size: 0x1000
14:34:50.0931 0x17fc  Boot type: Normal boot
14:34:50.0931 0x17fc  ============================================================
14:34:51.0149 0x17fc  KLMD registered as C:\WINDOWS\system32\drivers\11127432.sys
14:34:51.0462 0x17fc  System UUID: {F35350D4-D90B-4F70-1E09-238D353494AC}
14:34:52.0227 0x17fc  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:34:52.0243 0x17fc  ============================================================
14:34:52.0243 0x17fc  \Device\Harddisk0\DR0:
14:34:52.0243 0x17fc  MBR partitions:
14:34:52.0243 0x17fc  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7D047A1
14:34:52.0243 0x17fc  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x7D086A1, BlocksNum 0x1801F5F
14:34:52.0243 0x17fc  ============================================================
14:34:52.0259 0x17fc  C: <-> \Device\Harddisk0\DR0\Partition1
14:34:52.0290 0x17fc  D: <-> \Device\Harddisk0\DR0\Partition2
14:34:52.0290 0x17fc  ============================================================
14:34:52.0290 0x17fc  Initialize success
14:34:52.0290 0x17fc  ============================================================
14:35:01.0509 0x10b4  ============================================================
14:35:01.0509 0x10b4  Scan started
14:35:01.0509 0x10b4  Mode: Manual; 
14:35:01.0509 0x10b4  ============================================================
14:35:01.0509 0x10b4  KSN ping started
14:35:35.0446 0x10b4  KSN ping finished: true
14:35:35.0634 0x10b4  ================ Scan system memory ========================
14:35:35.0634 0x10b4  System memory - ok
14:35:35.0634 0x10b4  ================ Scan services =============================
14:35:35.0790 0x10b4  Abiosdsk - ok
14:35:35.0852 0x10b4  [ 0CC42D1FB637112DE6F6196DDAF83DEC, C554152C72102E4FEB1B712CC46CEC95C09ED1C2A822B7C1C0E10123016E68D3 ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:35:35.0852 0x10b4  ACPI - ok
14:35:36.0009 0x10b4  [ A4D4F508BC6613442B0C32CDE443E382, 17D804FC5846CBBC9C35113DEC6A8BFD8C07848522C6394F26E9BFA8A9EA80CA ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
14:35:36.0024 0x10b4  ACPIEC - ok
14:35:36.0024 0x10b4  [ 9573848DB551092F1B2C35BFDCC89B74, 74816D65A6EC2EACDC1A8C358111F84DA0B87B60A1EE061F005B4C49EBE7E422 ] adpu160m        C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:35:36.0040 0x10b4  adpu160m - ok
14:35:36.0071 0x10b4  [ 11FC948F6807A5CF36AF1D3CE05A5867, 522FE501A3FBF7CA37B637405DDAACFC06E478E34546C5196A5D8CAC740F1E5E ] adpu320         C:\WINDOWS\system32\DRIVERS\adpu320.sys
14:35:36.0087 0x10b4  adpu320 - ok
14:35:36.0118 0x10b4  [ 92500BC3A6E241BBC357F532DD500A75, FE14096E9F3DA851092D43EB58AA89C69235456768EA6D0CB9BCFE655FCA90CD ] aec             C:\WINDOWS\system32\drivers\aec.sys
14:35:36.0134 0x10b4  aec - ok
14:35:36.0165 0x10b4  [ AC7010DDE9111A1C65D7391ADA5C7257, 8F28866AC9F10C377A401A9E7F6E50106DA72967E8C4F65D641B6AACEF7D2FD5 ] AeLookupSvc     C:\WINDOWS\System32\aelupsvc.dll
14:35:36.0165 0x10b4  AeLookupSvc - ok
14:35:36.0212 0x10b4  [ 8A7742098432696EC85A9EEF15C4D8E7, 5B8D75044B2CFC6B0DFE60E41327D0B2081A9D2EB6006204F384B869705F3D8B ] AFD             C:\WINDOWS\System32\drivers\afd.sys
14:35:36.0212 0x10b4  AFD - ok
14:35:36.0227 0x10b4  [ 3373905E7DED6168676707F318C612FA, 2756430801D80CE181C278A72E94695F3E8C93229366C953A851EB511A1AD415 ] agp440          C:\WINDOWS\system32\DRIVERS\agp440.sys
14:35:36.0227 0x10b4  agp440 - ok
14:35:36.0274 0x10b4  [ BE8CF97DCA9B4906E3F325B6F0A0C7E1, 3997DFDA5515DAEC3A236EF888784B300757503FEA30186A75A12535613CCF4A ] aic78u2         C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:35:36.0274 0x10b4  aic78u2 - ok
14:35:36.0290 0x10b4  [ 5CCFF568F3C1892B43733B182887258B, CE68DF43CDC016F6748F5D2B3251C15C85B3D2A45446148984F81DA32916BEA7 ] aic78xx         C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:35:36.0290 0x10b4  aic78xx - ok
14:35:36.0321 0x10b4  [ AFA2CF7CB731CA177CCCFFFFE5D88776, BD5F71D558AAD16F34E1F6810C962A720CD8F7B80352DE4CD72A06222EA4025E ] Alerter         C:\WINDOWS\system32\alrsvc.dll
14:35:36.0321 0x10b4  Alerter - ok
14:35:36.0352 0x10b4  [ 2D21FF6D4CD30E679F1A294D5BA3D97B, 9202A43243E48CDF1274A63D09FAC5591835D59F488F06C811D47A8DF965391F ] ALG             C:\WINDOWS\System32\alg.exe
14:35:36.0368 0x10b4  ALG - ok
14:35:36.0368 0x10b4  [ DEC1AB343E20088A9CDE6F6661EC0A98, 5E347D816D6870EC0239EC17CAD34ABE5757D61A5AE873764CA65849AA13ED4A ] AliIde          C:\WINDOWS\system32\DRIVERS\aliide.sys
14:35:36.0368 0x10b4  AliIde - ok
14:35:36.0368 0x10b4  [ E21EDF0AD0B24C379E197A46D61F84A6, DB3C016E37D5595DCEACE4F9F3F64C37E5D9559523148980BF72AFF28BF20FFB ] AmdIde          C:\WINDOWS\system32\DRIVERS\amdide.sys
14:35:36.0368 0x10b4  AmdIde - ok
14:35:36.0384 0x10b4  [ 6A441B028408EC66E789CBEAFA7F95B6, 6EEBA209EEA659DD4BF612A4E51592AA19F8DAE3D65F06B0B26F1851ED575784 ] AmdK8           C:\WINDOWS\system32\DRIVERS\amdk8.sys
14:35:36.0384 0x10b4  AmdK8 - ok
14:35:36.0493 0x10b4  [ DC45AB27932447B598848B10650313C5, 350BC3BBC714A392F369619C384EFC80A361B97F6D68EA33D414DCBB40BF0547 ] APC UPS Service C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
14:35:36.0524 0x10b4  APC UPS Service - ok
14:35:36.0587 0x10b4  [ 4F6B2DE8BC199C542F174844BB64485A, 6DCB098F5B0EBB188554E2B1415C1FF22D2FCFFA49A505A81933E812039DFBBF ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
14:35:36.0587 0x10b4  AppMgmt - ok
14:35:36.0602 0x10b4  [ CBDE05FE8F7162ADF1ED6F8F14A18F9E, 7AEB8210EC4B232B2F0978012F2FD8C76842E05982C233070CD29F0360B30AD3 ] arc             C:\WINDOWS\system32\DRIVERS\arc.sys
14:35:36.0602 0x10b4  arc - ok
14:35:36.0602 0x10b4  [ FDA73C1ECD1EC4F366FF0AB85ABF816D, 5A1125D2E75CACF75C70988B2A21E0110ED050FF9FB052E9B56822C10253FE0A ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:35:36.0618 0x10b4  Arp1394 - ok
14:35:36.0712 0x10b4  [ F9F0F095586009E5DA0C32E648AA99FA, DBF3F49B62A13FF5DA1189665F1E41FE51F1A4AEEF24ECD793F6D68753BEBA25 ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe
14:35:36.0727 0x10b4  aspnet_state - ok
14:35:36.0759 0x10b4  [ 97D944593F31FB52C28A83D42E7F2567, C98D0C874B9FDE33035CB9DBC318460D083C194D4C95FB3F6E2C8D5A9086F990 ] aswFsBlk        C:\WINDOWS\system32\drivers\aswFsBlk.sys
14:35:36.0759 0x10b4  aswFsBlk - ok
14:35:36.0790 0x10b4  [ 0620BCAC47F58099882162337C093052, A313A3CA7EF7A2CB010A71F156BD3BA775993DC8C2F2A48C0F783C72098FFCD3 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
14:35:36.0790 0x10b4  aswMonFlt - ok
14:35:36.0806 0x10b4  [ 5E50D508394679C365644E688B71288E, 3F325D15003E9F6E7D25B22AEECD12ED4E2679DDA7C691BF6C53F97FCB57E440 ] AswRdr          C:\WINDOWS\system32\drivers\AswRdr.sys
14:35:36.0806 0x10b4  AswRdr - ok
14:35:36.0852 0x10b4  [ 984A068AB4CF918955150B3457D7C147, 555E90F579D24BD0530618B376E1A0891E5F314FA813F69851C4BBFB7AF99732 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
14:35:36.0852 0x10b4  aswRvrt - ok
14:35:36.0899 0x10b4  [ 99E0249C5DA80C86354E19839E40F013, DDC137C356C0A3CD38A70FB2A1F60BCD90E388E6B52D653C53079BC099E6B979 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
14:35:36.0915 0x10b4  aswSnx - ok
14:35:36.0962 0x10b4  [ 888BF5729FC9C5293346A5BF5F77B272, E85EF92CE4138BB41927FF5C959B8456CB98567A0E4A7F221A00B58FC8B7CFD5 ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
14:35:36.0962 0x10b4  aswSP - ok
14:35:36.0993 0x10b4  [ 42886789F6A5A3DE69686BDE84806A38, 96D5FBC5BFDBDEB497EC26C2224CF37032F0D20852E4E1FE382E9F80F6E1618A ] aswTdi          C:\WINDOWS\system32\drivers\aswTdi.sys
14:35:36.0993 0x10b4  aswTdi - ok
14:35:37.0024 0x10b4  [ F71105429AEB03E29E1503B761FC261A, EDBC2E0AC23A22284D4E2F931370086AD6895103831E73BD74499B92DB8E4D44 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
14:35:37.0024 0x10b4  aswVmm - ok
14:35:37.0056 0x10b4  [ 7380ACDD2D8E6621392E56D9A0467FE4, A364874276B85EC7E338A336ACC3427B7C6EFC6DA7F835580A31883A7B16E8F1 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:35:37.0056 0x10b4  AsyncMac - ok
14:35:37.0087 0x10b4  [ 7A1814D0D112F50F828E25557A1ED29F, 2A85B602D5087A27736A2BBE71FDA372E9B843539C10AFF3C4A0A8A9784408FE ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
14:35:37.0087 0x10b4  atapi - ok
14:35:37.0102 0x10b4  Atdisk - ok
14:35:37.0102 0x10b4  [ 62D65FCE5695B53A2DDF92E83111EA06, EA309ED82765593D1A1762DE62226647BF873524A780F000883B3F2382215622 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:35:37.0102 0x10b4  Atmarpc - ok
14:35:37.0149 0x10b4  [ 0DA015AB1EE54988572CFC4B7644556A, AD282873A3917A0DB5FF3C6C91877F6607CDDE1F752712E7E7C6B9F7EB4B062F ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
14:35:37.0149 0x10b4  AudioSrv - ok
14:35:37.0181 0x10b4  [ 1437089F59DBA75FEE4ED959077A938E, 9063F1BF7D018961894172E7F63D7295BD2A4F1A24255F89905810AB756626AD ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
14:35:37.0181 0x10b4  audstub - ok
14:35:37.0290 0x10b4  [ 3CC44CA7AE61394004A64FB3F1225969, 2DF5FBA97A6C1FA106B89BB2CE70008F19CCFC456D2C480A0F08CD8F4C37E3FF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
14:35:37.0290 0x10b4  avast! Antivirus - ok
14:35:37.0337 0x10b4  [ 27CA53E91543B800E16129BCEC3247AD, D13DAF369EDEC383377A7FCE4AA997F8EA6740D18819BBEBAEC0C09C41F700B8 ] Avgdiska        C:\WINDOWS\system32\DRIVERS\avgdiska.sys
14:35:37.0337 0x10b4  Avgdiska - ok
14:35:38.0196 0x10b4  [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
14:35:38.0274 0x10b4  AVGIDSAgent - ok
14:35:38.0306 0x10b4  [ 57250DDDE2523115D0927DBBA745F9FA, 0560733DBECC074016532ABCF2B2428DBA689A9B930993E7544A2D50B0DCAFA9 ] AVGIDSDriver    C:\WINDOWS\system32\DRIVERS\avgidsdrivera.sys
14:35:38.0306 0x10b4  AVGIDSDriver - ok
14:35:38.0352 0x10b4  [ 19AD820FC44AA71EDD1BC70B6E3F36B0, 997CA09273476881E4F824803B769BF3B67CC5ADAE8B99EBBD7A72C2205C3153 ] AVGIDSHA        C:\WINDOWS\system32\DRIVERS\avgidsha.sys
14:35:38.0368 0x10b4  AVGIDSHA - ok
14:35:38.0399 0x10b4  [ 4BE8BB177B4C2BC3564845EF6D1073F1, 4ACA54EA54F5ABA96A73BD83C0C5A83C37090FEB7CBE67AE94E9CD3E364931C8 ] Avgldx64        C:\WINDOWS\system32\DRIVERS\avgldx64.sys
14:35:38.0399 0x10b4  Avgldx64 - ok
14:35:38.0415 0x10b4  [ D3772CC086FB81F76B5A82C85E1C7C8E, B1BEFD7AC658F28AECEF5468F5815504BDDC8A4203207B6F0CA53C5B216F782D ] Avgloga         C:\WINDOWS\system32\DRIVERS\avgloga.sys
14:35:38.0415 0x10b4  Avgloga - ok
14:35:38.0446 0x10b4  [ A0BCE5DC2C1F1EE5C1CA19A33375AC23, 517663AEDD7A45607E17910DE60B2847E521472F9C0AB56034617BE2F351DE8D ] Avgmfx64        C:\WINDOWS\system32\DRIVERS\avgmfx64.sys
14:35:38.0446 0x10b4  Avgmfx64 - ok
14:35:38.0462 0x10b4  [ 12FAAF366975B2BF2E93F1866C0E480D, 559480A1434E6805CF4F3DB5352E98387053194BB7B0DB18099B53D306D9951D ] Avgrkx64        C:\WINDOWS\system32\DRIVERS\avgrkx64.sys
14:35:38.0462 0x10b4  Avgrkx64 - ok
14:35:38.0493 0x10b4  [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia         C:\WINDOWS\system32\DRIVERS\avgtdia.sys
14:35:38.0509 0x10b4  Avgtdia - ok
14:35:38.0524 0x10b4  [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp           C:\WINDOWS\system32\drivers\avgtpx64.sys
14:35:38.0540 0x10b4  avgtp - ok
14:35:38.0587 0x10b4  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
14:35:38.0587 0x10b4  avgwd - ok
14:35:38.0634 0x10b4  [ 3FCDCED9A58F10E8E6AB621136D6C87F, 8E1055F8468D57E2D032CD7FA4787DB35520DEBFE54ADD5F7B9A11A8BD3244A4 ] b57nd           C:\WINDOWS\system32\DRIVERS\b57amd64.sys
14:35:38.0649 0x10b4  b57nd - ok
14:35:38.0759 0x10b4  [ 6163664C7E9CD110AF70180C126C3FDC, 9A801295CDE2BDE4EE0E96C610E4C01F6915DBDA2104D0E8873AFF1BC34A0FA1 ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:35:38.0759 0x10b4  BcmSqlStartupSvc - ok
14:35:38.0774 0x10b4  [ 8BA2E5CDFDE406DC4646AFB894804844, DB043993312412262AD89111E3CFE3B21A4F85E356D71F1353E38052ACC4DED4 ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
14:35:38.0774 0x10b4  Beep - ok
14:35:38.0821 0x10b4  [ 749C15323919984A6E08BAD427D89936, FA23F2813EA95B91831CAB9EA58C6573F11ED5175ABD89BB1752C59E4F2C9E12 ] BITS            C:\WINDOWS\system32\qmgr.dll
14:35:38.0868 0x10b4  BITS - ok
14:35:38.0977 0x10b4  [ 3440A793720FEB94A6D2B90C56702BEE, 0F771E7705D51C7B0881AF0A2F83EB6C36C5F913D076F4AA69F8BF4613E23BBB ] Blfp            C:\WINDOWS\system32\DRIVERS\basamd64.sys
14:35:38.0993 0x10b4  Blfp - ok
14:35:39.0024 0x10b4  [ 3F12A27C914C83CACA78B6DBF4C39FA2, 9FB6A9E675329043557A1BB72B8E2A653AA7C85EB9BFB4809DB3FA488D72947F ] Browser         C:\WINDOWS\System32\browser.dll
14:35:39.0024 0x10b4  Browser - ok
14:35:39.0056 0x10b4  [ 982563CF02CD6D4E5D8E0F4B5CBB9B6A, 2A793288E8EED0C656E62D53FB538F9CE9B65B7666370D406F5BC34DB7CD3472 ] CdaC15BA        C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys
14:35:39.0056 0x10b4  CdaC15BA - ok
14:35:39.0071 0x10b4  [ 9067D96899D98CA4535A76E8C8B2E3A5, 9B1F9F69B5BC3F519F1A7F191AE0440F1DD33E405396C4214AE565E913C1D41C ] CdaD10BA        C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys
14:35:39.0071 0x10b4  CdaD10BA - ok
14:35:39.0087 0x10b4  [ 4D99E36322FB51A8D1B2B6D6B69D9889, ADD7675C57EE2576AB3D79B3C6DCA9284BC1D75728D89842DE871C08B1BCE455 ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
14:35:39.0087 0x10b4  Cdfs - ok
14:35:39.0102 0x10b4  [ 11663FE50E499FFEE77979542B285F38, F19E6270B6C548BDBFE5FE1A001AD50BFEBA330415BB742FB8C912E9AF33C860 ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:35:39.0102 0x10b4  Cdrom - ok
14:35:39.0102 0x10b4  Changer - ok
14:35:39.0134 0x10b4  [ 46C54F209031AFA0F100D0703FC346DA, 5E122FDAC6FB1DBB71A65EE81FD6F65D326B4C465C9311A54B190AFE111BB9A2 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
14:35:39.0134 0x10b4  CiSvc - ok
14:35:39.0165 0x10b4  [ 74F11D0323666D9F615A2D3692590122, EBF245F1FCDEBF8FF25179D1D606235CB216855323D33246C868D36BD2143506 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
14:35:39.0165 0x10b4  ClipSrv - ok
14:35:39.0227 0x10b4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:35:39.0227 0x10b4  clr_optimization_v2.0.50727_32 - ok
14:35:39.0274 0x10b4  [ FA58B51ED71C9133E141164EAA7C54EB, 36310620185E43149A5CACFC9E26D3F322D7E5A958024885232F1AC0A5AA5C0D ] clr_optimization_v2.0.50727_64 C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:35:39.0274 0x10b4  clr_optimization_v2.0.50727_64 - ok
14:35:39.0306 0x10b4  [ A663464027956BDECA29A652E7FAD96E, 830AC9B6B9F4D9194C24DD986ECB9B484C7A95DD81DB3D1BD34D988E6F160FA9 ] CmdIde          C:\WINDOWS\system32\DRIVERS\cmdide.sys
14:35:39.0306 0x10b4  CmdIde - ok
14:35:39.0337 0x10b4  [ 35F6977863F97D80D3E30F8FF0C293A4, A6525C5E0A4FFEFFC56A3E2D9D6BDAFDCC3FFC0B608524F9C10A251CD55C3788 ] Compbatt        C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:35:39.0352 0x10b4  Compbatt - ok
14:35:39.0352 0x10b4  COMSysApp - ok
14:35:39.0352 0x10b4  [ 423F7A6E3AF4C2A73C8C8AD945F72CBA, D552491C3874B60859E278EE11F5A1DE15E16C2B58CE7B6E473A0311BB6D996D ] crcdisk         C:\WINDOWS\system32\DRIVERS\crcdisk.sys
14:35:39.0352 0x10b4  crcdisk - ok
14:35:39.0399 0x10b4  [ 8B0B3744C60936ACAE31012799DB3982, D4A85362ABDCD874A79F65911A7DA76122D00BD53E47AEBFC58C0FFB7E99BC0B ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
14:35:39.0399 0x10b4  CryptSvc - ok
14:35:39.0477 0x10b4  [ A6130365606F3D6332B014FC3DA931AA, 80A81A3D351305EAD11B90C35F06D20035328FF802A628F91DB8DD8CB424AEEF ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
14:35:39.0587 0x10b4  DcomLaunch - ok
14:35:39.0634 0x10b4  [ DE4C841DDA8D5800515A5CA908580A36, B1B92BD9D611A7E6EC00D6970602FDDAE563EC99A810CF2404AB1A42F8AB41A8 ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
14:35:39.0634 0x10b4  Dhcp - ok
14:35:39.0681 0x10b4  [ 417D7B9C6F36685A417E54690F8BD7B2, AB8EF8885BCB7667624DB06A2B50582FF3AE5FDFF7A8BD410CEE2FA326B161B0 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
14:35:39.0681 0x10b4  Disk - ok
14:35:39.0681 0x10b4  dmadmin - ok
14:35:39.0727 0x10b4  [ 19D704C92C2E2BD4DC99DB18A3523918, 0905E497E14AB2CB3A00C6C35BCB9BB9E0635AB09B632F8B95D29B80EC5A4E4A ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
14:35:39.0743 0x10b4  dmboot - ok
14:35:39.0743 0x10b4  [ B293CE1C9243219F6B9E5DBCAA75B962, F01F0F949D4FD82BA8CA0E17A76CC05EF9FF90F6E425A297453B78C8D1D43494 ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
14:35:39.0759 0x10b4  dmio - ok
14:35:39.0759 0x10b4  [ C294E31D6CB7407A43C96EC1FEC1F8A4, 62F2E5A2B4FA04416EA58E9D525B482BFF6753FBD2378B17B0438527156032B0 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
14:35:39.0759 0x10b4  dmload - ok
14:35:39.0884 0x10b4  [ 76F7E7922F428BE040F800920BB8FF3B, 71C4C0ECEFE3DFED359891F855F86B18142B8D5F432F08F4D77A32E166F14BF6 ] dmserver        C:\WINDOWS\System32\dmserver.dll
14:35:39.0884 0x10b4  dmserver - ok
14:35:39.0915 0x10b4  [ 19C1612C4F5D828935D2270C7AF13E6E, 2319CE96B13D0E31CC13959E76709F0EF34AC5D20F4F8595BFC3AE852088EAB0 ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
14:35:39.0931 0x10b4  Dnscache - ok
14:35:39.0946 0x10b4  [ 3B11B51956C3D5C39BABF064FA30FF26, 8544360BA283A5273428F9E1C86C3C35D00FFA0E1962A043E60D8CFE68DBB6C4 ] dpti2o          C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:35:39.0946 0x10b4  dpti2o - ok
14:35:39.0962 0x10b4  [ 9DDCC35AE7DCE7FC0ED9C2B6F6D522EA, 821CFFD7E03704DF444B438FE90BF50CAAC8B7B79FF0A5836E61325D72479FB2 ] E1000           C:\WINDOWS\system32\DRIVERS\e1G5132e.sys
14:35:39.0977 0x10b4  E1000 - ok
14:35:39.0993 0x10b4  [ B063A36E4E027A9DBE2B019EBBBEAE86, DA2BA66D9C610B03D973C6747C5FBA34F2582AE9BE9F6162816F455694306E37 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
14:35:40.0009 0x10b4  ERSvc - ok
14:35:40.0040 0x10b4  [ 1E07EE3F50DFF2FE9B0A9D196E82698F, 34527011E240255179F6C40DA3DF9AACBA9A6AE14E19172D12AA38DB096D88EE ] Eventlog        C:\WINDOWS\system32\services.exe
14:35:40.0040 0x10b4  Eventlog - ok
14:35:40.0087 0x10b4  [ CDEF30A1DCFFCAF6A4E8B7812AE79C95, B5F30FD6EB2A6958709CEE8B97EDED7E4BFB25583E4BDF6B22364B61648285FC ] EventSystem     C:\WINDOWS\system32\es.dll
14:35:40.0102 0x10b4  EventSystem - ok
14:35:40.0118 0x10b4  [ 7C713B9F6F968F135D3D819492882CDD, 07F05A9240603B1B0C1845ABDA4188BE591CF3BC8784D88146B953895DF2F905 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
14:35:40.0134 0x10b4  Fastfat - ok
14:35:40.0134 0x10b4  [ 7E35D423FF10AB5B8AF1D3DE86236690, 27976CA874C7FAC2CD6B0ABD4C3278B42FE96CFE15B621CE80923A2A5E6DA38D ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
14:35:40.0134 0x10b4  Fdc - ok
14:35:40.0149 0x10b4  [ 73EA9000F8FB2E060954EB7C3377A3C7, 2B9EB0C4904019B5E404F5A47028E2F16A375C4F67420CE3647D9132D362ABF3 ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
14:35:40.0149 0x10b4  Fips - ok
14:35:40.0165 0x10b4  [ 8AC77974378EAC3548330951A5DEEEBF, 1C0B7338E8F00E1915E1CDC265FD7249548DDD949106A5CE451A6CAE3FABE2FD ] Flpydisk        C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:35:40.0165 0x10b4  Flpydisk - ok
14:35:40.0196 0x10b4  [ 087DB260F98056AC40261ACAE4240882, 9583DECB2631425BA470256A970B305949AA2C95A232F51D498A1ADF70A5948C ] FltMgr          C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:35:40.0212 0x10b4  FltMgr - ok
14:35:40.0290 0x10b4  [ 8A4DCD28D2BE12946F6D5D308B0942A6, 92956D815C4C63AA1886AB26AEDBCBBBB352D56AAD7081FC0AADFAE5B956241B ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
14:35:40.0290 0x10b4  FontCache3.0.0.0 - ok
14:35:40.0306 0x10b4  [ 70DF80567A55A97894B4E8952EC5E7FC, C0AB4711F3755D84F3C419FED5F8D9AA9A3337B7F1F147F84D4A54073DD27914 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:35:40.0306 0x10b4  Fs_Rec - ok
14:35:40.0321 0x10b4  [ E90AA7C073519DD8571670818CB85CCB, 5474D20C1355AD986B7A43B21D0069C94C31254426C9A4F33ABCDE6A34C0580C ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:35:40.0337 0x10b4  Ftdisk - ok
14:35:40.0337 0x10b4  [ 865D4D0B4E3730EF8040000CFB846D9F, E5F4BB59A16AF2E984615F57B1F6E552F2D5BF2E248ED993D8A4B20F06B41DCD ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:35:40.0352 0x10b4  Gpc - ok
14:35:40.0368 0x10b4  [ 38F92E8510B8FAEC9BBB9E31724236DC, 4BF19BE677B94AEA8B3007BAFB6E618FA9BB4117D0220E68B71A0A27DF789286 ] grmnusb         C:\WINDOWS\system32\drivers\grmnusb.sys
14:35:40.0368 0x10b4  grmnusb - ok
14:35:40.0431 0x10b4  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:35:40.0446 0x10b4  gupdate - ok
14:35:40.0446 0x10b4  [ 626A24ED1228580B9518C01930936DF9, CBD94AB1E5477D7288799D17528CC43D572E711DA0F2B0C784A0B9FE105BF0F4 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:35:40.0446 0x10b4  gupdatem - ok
14:35:40.0493 0x10b4  [ D36E47728CDBC8D17A77D36A6CBC29BB, F24FBB4C773C330A0F040833745C3B66ED203AFB913C9614EF5A33989BD1E576 ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:35:40.0493 0x10b4  HDAudBus - ok
14:35:40.0556 0x10b4  [ 40E274B64843813A81C42687592339D7, 90C3262F6F809543A5B00B0ED7AC0A71821BEAB68C955451470CF4BED0E930D5 ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:35:40.0571 0x10b4  helpsvc - ok
14:35:40.0602 0x10b4  [ DDD74D94D018BCB66CA31E4533925695, 76A8B3D674BF64B1309882BA2C997F51160789F6D9323F6F343972F73BFE7B76 ] HidBatt         C:\WINDOWS\system32\DRIVERS\HidBatt.sys
14:35:40.0602 0x10b4  HidBatt - ok
14:35:40.0602 0x10b4  HidServ - ok
14:35:40.0618 0x10b4  [ F32BEC5614A61BBB2BEDE070D279F88B, B9CA32159CFBF658F412C77BF175BFC2E8209A32947F7C4BB251AD2A76D81759 ] HidUsb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:35:40.0618 0x10b4  HidUsb - ok
14:35:40.0727 0x10b4  [ 298A6890A7AC415DABB35047D168F13B, 6889A7DB3363194C36C2DF827AA6E5CED0ADB28275FF118C561D8477961C68BC ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:35:40.0977 0x10b4  HPSLPSVC - ok
14:35:41.0024 0x10b4  [ B76FDD8EC7120474E7BC9CAD400DAC6C, EB834268927A9E4CC58C180E59068AC83DBDD186D1EEDDF8D4442E3A0B5E4CF9 ] HPZid412        C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:35:41.0024 0x10b4  HPZid412 - ok
14:35:41.0056 0x10b4  [ 9B28887500DB96A433C9C9DED8FDC886, C888EEA1BC43ACA3C3D8FE0760F7FB8C58E6A6D58637F3427FA00C0E9B35B459 ] HPZipr12        C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:35:41.0056 0x10b4  HPZipr12 - ok
14:35:41.0087 0x10b4  [ 0013DD74CD20EBFB8C816D9DF7413D91, 527944E558868382CCE2DF755AE6C75D6D08FF0CED23CAF035BB0D11D52ABEBE ] HPZius12        C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:35:41.0087 0x10b4  HPZius12 - ok
14:35:41.0149 0x10b4  [ B54738DF11D0E06072BF9C332DB1D254, E9E20EC1E8F8C80C632CDB765C406C5CF120F8B927ABC4A2D947F62F861426F3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
14:35:41.0165 0x10b4  HTTP - ok
14:35:41.0274 0x10b4  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] HTTPFilter      C:\WINDOWS\System32\lsass.exe
14:35:41.0274 0x10b4  HTTPFilter - ok
14:35:41.0290 0x10b4  i2omgmt - ok
14:35:41.0337 0x10b4  [ 50FD608643D9B56C4C75C0784513F77E, 676229455643781D79F421B986CCCAA14F861492B66C7225AE1347881E561777 ] i8042prt        C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:35:41.0337 0x10b4  i8042prt - ok
14:35:41.0384 0x10b4  IASJet - ok
14:35:41.0431 0x10b4  [ CEB53BB804B41C52AB0782505C8E2994, AFA87D5A9512A9308E4CA8E70639C5A905CA0CEE6EDC35F8673E1F033FC925B4 ] iaStor          C:\WINDOWS\system32\DRIVERS\iaStor.sys
14:35:41.0446 0x10b4  iaStor - ok
14:35:41.0556 0x10b4  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
14:35:41.0571 0x10b4  IDriverT - ok
14:35:41.0743 0x10b4  [ 501CF65702D7F64C38DB360F7EB07ADC, D4EC76EC74B6A79D06CD14C75ABC82ED1931CF5EF393BBCADA40FCC78FA9BD6D ] idsvc           c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:35:41.0774 0x10b4  idsvc - ok
14:35:41.0868 0x10b4  [ 766E9360FDC47AF63804EEB99541EF32, 5F5A785288CB0BB5680ED87ED325B1673F01E11385A6CF48FBD2F62D19DC153C ] iirsp           C:\WINDOWS\system32\DRIVERS\iirsp.sys
14:35:41.0868 0x10b4  iirsp - ok
14:35:41.0899 0x10b4  [ D2E541613B72FF9FCEDF37B166930706, CF3985DCD3EABEF8B972664C0F22C6A42E2C3F3A3572EC391D083B7E76A00455 ] imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
14:35:41.0899 0x10b4  imapi - ok
14:35:41.0946 0x10b4  [ 9014C144CD95EEE1F5884664A4BFB4D8, B8E6D6509C11B080558AF72377D4373E5D363979D3B0FE832E3B41D20870ACFE ] ImapiService    C:\WINDOWS\system32\imapi.exe
14:35:41.0977 0x10b4  ImapiService - ok
14:35:42.0227 0x10b4  [ 51C25DF3F00A0D2E7B25ABFEC09ABF0E, 5CB97599B4BAB5043F5232223F50384B07CFB0371B3819459C452EE2527EA17C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKHDA64.SYS
14:35:42.0446 0x10b4  IntcAzAudAddService - ok
14:35:42.0477 0x10b4  [ 06B7ACD0E67BDA504DFD0340663F9B78, A33460847B1AEDB53B3A843E17234600C7228CD37588585A6C519399A576564F ] IntelIde        C:\WINDOWS\system32\DRIVERS\intelide.sys
14:35:42.0493 0x10b4  IntelIde - ok
14:35:42.0524 0x10b4  [ F8DEF5F83DEF3D1EE89BC851BFB6A886, FECFE1FE36877441956C1DBD96A46A946CB5EC2744A8B3D6252548196A2CA8DC ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:35:42.0540 0x10b4  intelppm - ok
14:35:42.0540 0x10b4  [ 6601A43EE389D0ADB11AAEDE9A98036B, 0CE5143CC0FFFC7CAAF083A54227010137E00E97876C4D9BC898C4B7320F8DF6 ] Ip6Fw           C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:35:42.0540 0x10b4  Ip6Fw - ok
14:35:42.0556 0x10b4  [ 1B1B4654A5492A42D2E1BF5B2B22D32B, 17BE92DEE96967788F35DCB4BA325D6411230B55214F5895D27F5DDC2B12544C ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:35:42.0571 0x10b4  IpFilterDriver - ok
14:35:42.0571 0x10b4  IpInIp - ok
14:35:42.0587 0x10b4  [ 088ECB04137DF1F52EC10C29D57A8CCA, E1A581047C1DA3F51950FA54B51AEADEA2A41EF8189F31CCBE7638B376024E36 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:35:42.0602 0x10b4  IpNat - ok
14:35:42.0665 0x10b4  [ DB841EC6F027C780002EF47AABFDDF86, 59CF682AC2C3908495BF8791CE545095E931D1D2CEE71E9D33A7DD2FA0D31015 ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:35:42.0681 0x10b4  IPSec - ok
14:35:42.0712 0x10b4  [ 8B7015EA0171242CCA03C2FB48CCC771, 9CC5BB9492751CC1829E87B17964F2A6BCCB2EB448145998881E31330970FF8D ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
14:35:42.0727 0x10b4  IRENUM - ok
14:35:42.0759 0x10b4  [ D994162E4D8E931FC16A892A87852BBB, F80D217317E08F1366040DA5FC7331EFE9DF5DDC8608AAD4FAA45D6DF118E28B ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:35:42.0759 0x10b4  isapnp - ok
14:35:42.0837 0x10b4  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files (x86)\Java\jre7\bin\jqs.exe
14:35:42.0852 0x10b4  JavaQuickStarterService - ok
14:35:42.0884 0x10b4  [ E85095372008A9194C7ED6206CB782DA, 4C19D415D2D35F4A3E173D47C3F9881659C68D98ECB0123450665CD79FF2C001 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:35:42.0884 0x10b4  Kbdclass - ok
14:35:42.0899 0x10b4  [ 1B280B3B4C10CC2E3EC3AEC17EB6B658, 8540FA4B4E06067ADD9421C8444B0F143970513CEF000CE6899572D4F3B8CA1B ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
14:35:42.0899 0x10b4  kmixer - ok
14:35:42.0931 0x10b4  [ EDCDC587073AC4BE72C5A66FE30ACA00, 4F14C074BF67D7D00AAD4BE3AA5AC08EAEE2FEADE942AD6082B8D22DC278C05E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
14:35:42.0946 0x10b4  KSecDD - ok
14:35:42.0977 0x10b4  [ 5CB302B6CAACE41AF70C34B56EB3DB23, DE545B1CF1D37D2A58826665D8694B0F6FAAA293D4DB4D707D32FC726EF42866 ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
14:35:42.0977 0x10b4  ksthunk - ok
14:35:43.0071 0x10b4  [ 068B8D12ACF6A4263C3FA473CD0BC23C, 89F531D293638415A7F32A808D86A7B26C7A707A56B4426A2D144D68B3D4FB87 ] KUSBusByTCP     C:\WINDOWS\syswow64\Drivers\KUSBusByTCP.sys
14:35:43.0087 0x10b4  KUSBusByTCP - ok
14:35:43.0118 0x10b4  [ A7DE55BE852077E9BE383EC94C96B825, 598F8DF4FF2267A24B9D457CD76A1F2A71D3B5F06671248CDE93BE7D944CA5C4 ] KUSBusByTCPMasterBus C:\WINDOWS\syswow64\Drivers\KUSBusByTCPMasterBus.sys
14:35:43.0118 0x10b4  KUSBusByTCPMasterBus - ok
14:35:43.0212 0x10b4  [ 4D8E9A805ADD244B5C511147A5D9BB8C, BD489A23DC8999A5BBB70C820CCCC14FCBFE023A236B5715A61BFC856B0CBC29 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
14:35:43.0243 0x10b4  lanmanserver - ok
14:35:43.0306 0x10b4  [ BF4105D3EB357652A4EA73F170715ACD, F28D4A3615E188104E094FAA185EF8C9275168913E9DD120A921CC6627E32B06 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:35:43.0321 0x10b4  lanmanworkstation - ok
14:35:43.0321 0x10b4  Lbd - ok
14:35:43.0368 0x10b4  [ 80DB42573F8EF6CBB6A7A0FF6966A352, B2CF856BC3EE206B983C213F476DA040A74C315C45F22867F587BF02C76EC160 ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
14:35:43.0368 0x10b4  LmHosts - ok
14:35:43.0368 0x10b4  MaxBackServiceInt - ok
14:35:43.0415 0x10b4  [ 34EF8CBEA95EF5108A1349FC22D87513, 10BEC2856EAE0CA2B2A7AF147C40805BCC1C24695BCFCA893325EBB340F24276 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
14:35:43.0415 0x10b4  Messenger - ok
14:35:43.0446 0x10b4  [ AD6BC1EFA0C1B53409947F06DE87FC89, A5A32E731151E6A22969A12FB75E64448E3B012CA56AD3FE7E92EE89B89173A3 ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
14:35:43.0446 0x10b4  mnmdd - ok
14:35:43.0446 0x10b4  mnmsrvc - ok
14:35:43.0462 0x10b4  [ 9A67A96A0CBC2BC658ABF8C9B5EE065A, BDFC3D82578E049592A273E7247A80495D2BB82B9F2E603164037CBC4B7CA28F ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
14:35:43.0462 0x10b4  Modem - ok
14:35:43.0493 0x10b4  [ 12ACF32EDF03E46805347817ACB9F64C, 03549892876175B3FB3C7DFC51460E2576C3CD575C99A173745088E1D38410ED ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:35:43.0493 0x10b4  Mouclass - ok
14:35:43.0524 0x10b4  [ A0C4E4A79C5D6F418315C33177F2B5BC, AF892EF90545319E9DC68AB1848FF291CE1059A2CD04AA7BD12945C01A1949BA ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:35:43.0524 0x10b4  mouhid - ok
14:35:43.0524 0x10b4  [ 7E9CC7E4282A8E7A480560A6F817C177, CA6A9FAFAFD1E62A79EE1E88F103FC36ADA1026FAFCC626DB9C88421DE5555D8 ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
14:35:43.0524 0x10b4  MountMgr - ok
14:35:43.0540 0x10b4  [ E2539EFC597E2BEA7037BB42A67EB717, D794DA5F4D8CA1A33833EBA1ECFF4662C06D49439AC2192AC28457F268A5B5A7 ] mraid35x        C:\WINDOWS\system32\DRIVERS\mraid35x.sys
14:35:43.0540 0x10b4  mraid35x - ok
14:35:43.0571 0x10b4  [ 3D33208E5A7414D8633D34D24F119173, C2F4B8FE32F0D0C9F861A63E34E2A25BE432609E406E500BB02834BEA5834C63 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:35:43.0571 0x10b4  MRxDAV - ok
14:35:43.0634 0x10b4  [ 9385E695B33068B90CF419186ECAA3DE, BEAE16546FA43FCB47B6FEACDADF9C7EE1D492D5825DF615E84E36B03C5E7A6D ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:35:43.0649 0x10b4  MRxSmb - ok
14:35:43.0681 0x10b4  [ D42976785BA169C2361F97CC6A20681F, 7790219D3C783886ECC0D06EEBC10973759A278C307B334877243F14978A3565 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
14:35:43.0681 0x10b4  MSDTC - ok
14:35:43.0696 0x10b4  [ 983F4AB7A50D56CD33E2061EE733BD55, 91F67285564BDD007C56F124E34323B455747D79A1D370690D016316A73A247E ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
14:35:43.0696 0x10b4  Msfs - ok
14:35:43.0696 0x10b4  MSIServer - ok
14:35:43.0743 0x10b4  [ 308EC6FBEF38871CB2C4CACE9C8F4808, BAE1435430A08930207DDA961AE4B62D7657ECA57F84B7C6102C776FBBD327D0 ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:35:43.0743 0x10b4  MSKSSRV - ok
14:35:43.0759 0x10b4  [ 8D3226738479719AAB3B6D2617D7A55C, 2C6974639170016C00010CDC49231BD8B10D7B5B5D2775B19065EC9DC32B1CC0 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:35:43.0759 0x10b4  MSPCLOCK - ok
14:35:43.0759 0x10b4  [ 058D63E8D000AE678D4549BFA8EB0DEB, E3BC297DF7D9C67D235B35B692B7CFE37B38A14A5CD78EB5E7A7652E3BB39AF1 ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
14:35:43.0759 0x10b4  MSPQM - ok
14:35:43.0774 0x10b4  [ 5992D1F9ED64017A76AFEE2B79F5CFB9, 82077C3D5C7C77B923E75A250837BE3E911BCD3ED4A53C8A13E4372429E32721 ] mssmbios        C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:35:43.0774 0x10b4  mssmbios - ok
14:35:43.0868 0x10b4  MSSQL$MSSMLBIZ - ok
14:35:43.0931 0x10b4  [ C06EA83F6FC2959E897C117255B6B1D5, 012C6E5AA61BAAED47CB0E59E2F3E6E87941F555C5581ECAC7DF1051795AF681 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:35:43.0931 0x10b4  MSSQLServerADHelper - ok
14:35:43.0993 0x10b4  [ 5902C8E565FE346076786F43103EF02E, D16FA965CC55BC820C79E84A1A62FF6B0D9948FE8FA8211A22A9B9720A6F258C ] Mup             C:\WINDOWS\system32\drivers\Mup.sys
14:35:44.0009 0x10b4  Mup - ok
14:35:44.0102 0x10b4  [ 6FE83D05AEBEF7930D7CE91568DC99DF, 584DA0561F1E106830B4958510862B8520885257B9F67A10A192D6A5EE384D4E ] NDIS            C:\WINDOWS\system32\drivers\NDIS.sys
14:35:44.0118 0x10b4  NDIS - ok
14:35:44.0165 0x10b4  [ 389CFAB53AA9807EA4536CB0B03609C3, 539EEDA91096B0259D8A02A12B0851D3115631CFDB3295F034B2C707FB099C5D ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:35:44.0165 0x10b4  NdisTapi - ok
14:35:44.0196 0x10b4  [ 49C1207C1AE8C6958F1C1747132814C2, C1DA17D8A9CC4A93E620E98E52880F7591419145B9C031FF4501794D3B8252F9 ] Ndisuio         C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:35:44.0196 0x10b4  Ndisuio - ok
14:35:44.0212 0x10b4  [ 6157A7AEAE6D2B948FF2E872FFAC765B, 22C28325D50EF4B5C7EB9AAA71BCB72CECE2B6591D380C24285E938DCD15E3BF ] NdisWan         C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:35:44.0212 0x10b4  NdisWan - ok
14:35:44.0259 0x10b4  [ F3D27141BEDE53E05D8B44362A62FC2D, BB7281ADDA1D66A09191A9D39DF90D6FBF2E2D4D4DA6CB2990215BBDEADE3D29 ] NDProxy         C:\WINDOWS\system32\drivers\NDProxy.sys
14:35:44.0259 0x10b4  NDProxy - ok
14:35:44.0290 0x10b4  [ BD94210175C488F18ADD3E189EE9304C, 450E10FB0BD4F39477752EAC6088984D216757B7151981B382BE9AED33995BF2 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
14:35:44.0337 0x10b4  Net Driver HPZ12 - ok
14:35:44.0352 0x10b4  [ B1CEE06471A069149B11FADA23FF00FD, 0EF7F85230AF7E0CC2D189A2EC0B124674F1C2877F499F9243F4B4CE50356FF1 ] NetBIOS         C:\WINDOWS\system32\DRIVERS\netbios.sys
14:35:44.0352 0x10b4  NetBIOS - ok
14:35:44.0368 0x10b4  [ FEDAAFB6CD700B9E0787C94D81C07DB5, D8394E0922C9F92DA27526F96841BD675AAC8EA9F0B8783A8E1B08E8239CB41A ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
14:35:44.0384 0x10b4  NetBT - ok
14:35:44.0415 0x10b4  [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDE          C:\WINDOWS\system32\netdde.exe
14:35:44.0431 0x10b4  NetDDE - ok
14:35:44.0431 0x10b4  [ FB13279D8C89ADD5B0F7497C45BCF1C3, 955E3876C7DD8E5B21834EC827061DB1696CDDF11132F887A0E3EFAAABE2E536 ] NetDDEdsdm      C:\WINDOWS\system32\netdde.exe
14:35:44.0431 0x10b4  NetDDEdsdm - ok
14:35:44.0446 0x10b4  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] Netlogon        C:\WINDOWS\system32\lsass.exe
14:35:44.0462 0x10b4  Netlogon - ok
14:35:44.0477 0x10b4  [ F28FD9DBA68A85D6EE4225A83F127D2B, 60D97E3FBA76A767C29AE9586E6DCE55EB9F6F696583338DFA58436A00FF78A9 ] Netman          C:\WINDOWS\System32\netman.dll
14:35:44.0493 0x10b4  Netman - ok
14:35:44.0524 0x10b4  [ 8BC776595238AB62072AA6BEB17DDF59, 50C6944D52D13A602F254F7ADCFB7A66C51334E273DDA0876DFC40F0D1E158F0 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:35:44.0540 0x10b4  NetTcpPortSharing - ok
14:35:44.0571 0x10b4  [ DAFC30299E872CD7ED3795EA0FA08F67, 71D95D624B12621BC918A39CA2D684916C8CB6E388EC6D01D011597B0B36C7B7 ] NIC1394         C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:35:44.0571 0x10b4  NIC1394 - ok
14:35:44.0618 0x10b4  [ BA13C3C32A69DC37653C9543E065950E, C9E48C33A4B36BE9D553F16662B3F36714043AE67FFBEB3314557575005221C0 ] Nla             C:\WINDOWS\System32\mswsock.dll
14:35:44.0618 0x10b4  Nla - ok
14:35:44.0634 0x10b4  [ 81819038621A2C524781EC503D400287, 9CB8DD11863C1AC2CBD2D5A6F4237770A6D864FF11098924D5ECDE07634D6E29 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
14:35:44.0634 0x10b4  Npfs - ok
14:35:44.0681 0x10b4  [ C8904B5F90AB2236692E83D491C4D426, 331F8944AF992054B62F43E83BD31D0B82BC96EE3483E18B9F2BAA35803BC83D ] Ntfs            C:\WINDOWS\system32\drivers\Ntfs.sys
14:35:44.0727 0x10b4  Ntfs - ok
14:35:44.0727 0x10b4  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] NtLmSsp         C:\WINDOWS\system32\lsass.exe
14:35:44.0727 0x10b4  NtLmSsp - ok
14:35:44.0790 0x10b4  [ A398462077F68A41B4DFF9FB7E8FC7B8, C59A19BAC990525AE3CBB81414DBED5BCB5FED0E2B42620953A77D467E4CEAC6 ] NtmsSvc         C:\WINDOWS\system32\ntmssvc.dll
14:35:44.0821 0x10b4  NtmsSvc - ok
14:35:44.0852 0x10b4  [ 501039187C444FA7AB9D97B6A6C667B3, 96E2D68DEC08A78BC73868DC35DC23E62CDC1D5A91381A90BBAC5866952A6D19 ] Null            C:\WINDOWS\system32\drivers\Null.sys
14:35:44.0852 0x10b4  Null - ok
14:35:45.0181 0x10b4  [ 07166936351425BDFEAC45EAAC860277, BEB0AE982B2704417358975EB6CA3C18A6714A50E22C7424D3D92F468EB19108 ] nv              C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:35:45.0493 0x10b4  nv - ok
14:35:45.0571 0x10b4  [ 11CA5111487D2DBD3C7E6721139559C3, FD68A454D690FF972AC119DE1C6AC8A84B9AE4C128B13C6994EACF0C2AB995CD ] NVENET          C:\WINDOWS\system32\DRIVERS\NVENET.sys
14:35:45.0571 0x10b4  NVENET - ok
14:35:45.0602 0x10b4  [ 7F3005AE43E3014CB058FA16FF58C34E, 04942A5B8FD18009E44E33CA22CA9B535EAB3B1C77F252EF34C664E47693F119 ] NVSvc           C:\WINDOWS\system32\nvsvc64.exe
14:35:45.0618 0x10b4  NVSvc - ok
14:35:45.0618 0x10b4  [ C3E47D8E74F05C9691B4A0BC37EFC663, EE4749319EF8B3B6B44B0A88F3A38D5D3807C6450D145859F680A2FB8F52EDFB ] nv_agp          C:\WINDOWS\system32\DRIVERS\nv_agp.sys
14:35:45.0618 0x10b4  nv_agp - ok
14:35:45.0665 0x10b4  [ F8160AC8AE516A33221427C2353A7D12, B47DE09882E0D3F6A6ACD40EBA75103C19DEDFD3276C5A45D8462AD07A7C6E65 ] ohci1394        C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:35:45.0665 0x10b4  ohci1394 - ok
14:35:45.0806 0x10b4  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:35:45.0806 0x10b4  ose - ok
14:35:45.0852 0x10b4  [ 7DDAA09186DA9F1D304E819B5A6BBC5A, 274FD7391E81642F022045A2472283942CB9278B61D640575942E6D0A2FC2297 ] Parport         C:\WINDOWS\system32\DRIVERS\parport.sys
14:35:45.0852 0x10b4  Parport - ok
14:35:45.0868 0x10b4  [ 5F9A703240468A0C35A629D17FFCA847, 9D5EBB415C17E79B5DA1281F2B5AFA2AC20645108DD514BE60F7DDD72F7D239E ] PartMgr         C:\WINDOWS\system32\drivers\PartMgr.sys
14:35:45.0868 0x10b4  PartMgr - ok
14:35:45.0946 0x10b4  [ 2A42DDAEAAE7743C55A3FA68A7AD9538, 7A645600BADA9BA6CDD09FE0E890384DEECEB13855248BA32065FD329F69C8E0 ] PCA             C:\WINDOWS\SMINST\PCAngel.exe
14:35:46.0024 0x10b4  PCA - ok
14:35:46.0040 0x10b4  [ 5B2C8D6971D8DF4937C2FA013CD4C00D, DF679B09318EF922DB5F2DD55DEADE60C29C038B70A8EA470BA5C11B041D9CBF ] PCI             C:\WINDOWS\system32\DRIVERS\pci.sys
14:35:46.0040 0x10b4  PCI - ok
14:35:46.0071 0x10b4  [ F1978C7849A0047306DB3B8BB94F0764, 4423A89C71CF1C4DE1670B7B8BAAA03E66FEC1F76470E6F1FE3C9BD1F83D87C5 ] PCIIde          C:\WINDOWS\system32\DRIVERS\pciide.sys
14:35:46.0087 0x10b4  PCIIde - ok
14:35:46.0102 0x10b4  [ 037F3A19F49A4C6A320C4154EBD6EE9D, CEF1860D8DD031FA69A6FADD62A91C11EAF98109082906436CCFCBAC7F32C21B ] Pcmcia          C:\WINDOWS\system32\drivers\Pcmcia.sys
14:35:46.0102 0x10b4  Pcmcia - ok
14:35:46.0102 0x10b4  PDCOMP - ok
14:35:46.0134 0x10b4  pdfcDispatcher - ok
14:35:46.0134 0x10b4  PDFRAME - ok
14:35:46.0134 0x10b4  PDRELI - ok
14:35:46.0149 0x10b4  PDRFRAME - ok
14:35:46.0274 0x10b4  [ 1E07EE3F50DFF2FE9B0A9D196E82698F, 34527011E240255179F6C40DA3DF9AACBA9A6AE14E19172D12AA38DB096D88EE ] PlugPlay        C:\WINDOWS\system32\services.exe
14:35:46.0274 0x10b4  PlugPlay - ok
14:35:46.0321 0x10b4  [ 7FE2AFB17D91CF39843D6766EA31CFC7, A4FF09302976CB204BC9E358ED470BDD54BCDA17E49617FCCCD2820D4C94D631 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
14:35:46.0352 0x10b4  Pml Driver HPZ12 - ok
14:35:46.0368 0x10b4  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] PolicyAgent     C:\WINDOWS\system32\lsass.exe
14:35:46.0368 0x10b4  PolicyAgent - ok
14:35:46.0415 0x10b4  [ E176F640EE6BF550F61FAA9CE9A683F4, 52218543EC0265275C1E47A356EABAA3DD6A4B92D1394B939EB5A061DC8143BD ] PptpMiniport    C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:35:46.0415 0x10b4  PptpMiniport - ok
14:35:46.0415 0x10b4  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:35:46.0415 0x10b4  ProtectedStorage - ok
14:35:46.0431 0x10b4  [ 01AAE06E543C0956AC247546A8F2DAFE, 9E42997B145A8071D1FF0A80D9978001E84CD639541117DE36C1766B7F3418E2 ] PSched          C:\WINDOWS\system32\DRIVERS\psched.sys
14:35:46.0431 0x10b4  PSched - ok
14:35:46.0446 0x10b4  [ 35E39A969D227C2A56C1DC98361D8E35, A8F6135798D562EF21F8A546CD7C7A48C88AC8CC51BE24DCEA9B3233DDA48F3A ] Ptilink         C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:35:46.0446 0x10b4  Ptilink - ok
14:35:46.0477 0x10b4  [ A6BF0A9B5A30D743623CA0D3BE35DF05, 0AA2DAE7ADC38F4197548DE174D551A0CF9281D2680B07E6C84914CA199C0661 ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
14:35:46.0477 0x10b4  PxHlpa64 - ok
14:35:46.0493 0x10b4  [ D646A315E6386DAC1D96C8CE8A4BFEE7, 2DCCFDC6A390AD6938957A9CA80CF4B76FC3CE3211D707E43CE2C9AADE101CFD ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:35:46.0493 0x10b4  RasAcd - ok
14:35:46.0524 0x10b4  [ 3F573D0C001B982C3180860366783BC0, D059C7298717513B5F8086E5C1FC83FB8E1D053E60D4F3A4E1B8BBD668560F3D ] RasAuto         C:\WINDOWS\System32\rasauto.dll
14:35:46.0540 0x10b4  RasAuto - ok
14:35:46.0540 0x10b4  [ D81FDC53EE9C0F68D709E504342D1D74, 9C0224B1D0D3672AD737EE7F15BC32938B37F75840ECAABCCBAE82D6518C0BDB ] Rasl2tp         C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:35:46.0540 0x10b4  Rasl2tp - ok
14:35:46.0571 0x10b4  [ 47F7838F77A42F85C763899AB1B77D14, A21A653135A4AF028D4216F4CB3B2891F283AF7ACEEC1FCD929CE0703C952165 ] RasMan          C:\WINDOWS\System32\rasmans.dll
14:35:46.0587 0x10b4  RasMan - ok
14:35:46.0602 0x10b4  [ 31FA5AB662C58CC5CF92396224F6B29A, E6279EF4F6A78EC17F0B10A446AF476C005FC4F9FE41057E540B2505B831EFE2 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:35:46.0602 0x10b4  RasPppoe - ok
14:35:46.0602 0x10b4  [ 701493F9A6EDE759AF8D3FA7C08BAB3B, 2659B1F99BCECDD760E808439B8AAFE67301CCF0A0B7D581E5950B3515B62E31 ] Raspti          C:\WINDOWS\system32\DRIVERS\raspti.sys
14:35:46.0602 0x10b4  Raspti - ok
14:35:46.0649 0x10b4  [ F1C8347F0E437E145B2E30A6F29E45BD, D9F8B85609B1AFB2AC88CCC524D6E082BC5F2E8943F64AEDE3B2D94A2DB9A9BF ] Rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:35:46.0665 0x10b4  Rdbss - ok
14:35:46.0790 0x10b4  [ C013379D04060318C3B2E4967D82739A, DB7092052C44D103C4AF4792742F9701A33BBF0C8FFEF29A86CBDBCF470B2F75 ] RDPCDD          C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:35:46.0790 0x10b4  RDPCDD - ok
14:35:46.0806 0x10b4  [ 0482A9BE0BE2098A12A61464306BF24B, 2F42ADB978F20888BC985F65FA9673C25BB02F6550CE3BCBBBAFA92B788EC0CE ] rdpdr           C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:35:46.0821 0x10b4  rdpdr - ok
14:35:46.0868 0x10b4  [ 7B586DB3E86E407F6A43E83586AF4F32, CCDA4E20096B2F9B52F5C7108EC5BDECE518EB6901D87D19FACA5B72776B70C7 ] RDPWD           C:\WINDOWS\system32\drivers\RDPWD.sys
14:35:46.0868 0x10b4  RDPWD - ok
14:35:46.0915 0x10b4  [ A72BE0B07655141AB4EABECF0D66528A, F92EAD99AA7B903442EB22150D5C6ABE50347C843005A6C4DD47D025E4FBD905 ] RDSessMgr       C:\WINDOWS\system32\sessmgr.exe
14:35:46.0931 0x10b4  RDSessMgr - ok
14:35:46.0946 0x10b4  [ 1D793394201000D2D56E848C18FE9A62, 18B876699CEBA83A1926E04C9C4EDEC9982D8C79A419EA0E181AC9588F391A07 ] redbook         C:\WINDOWS\system32\DRIVERS\redbook.sys
14:35:46.0946 0x10b4  redbook - ok
14:35:46.0993 0x10b4  [ 60C8A5D4954CCE7D280369DFF5068019, 1F7E437B3CD0A576875863A945B6015899B63A29FADB7B74D7091C8F5044C395 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
14:35:47.0009 0x10b4  RemoteAccess - ok
14:35:47.0040 0x10b4  [ B2D55CE8C7C946C625B687F75040AD3F, 8BBCFB5765E42DA638681A659FEC67C3C5BE784575FAFEA9D729F7908DF3B120 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
14:35:47.0040 0x10b4  RemoteRegistry - ok
14:35:47.0071 0x10b4  [ 809785CF7BE1B857F3B52D9B1AF10817, BB37B37F0B31FD0C3CE6159C7D7615FE3C27B2B1DE6847DBC20993EB11CB142E ] RpcLocator      C:\WINDOWS\system32\locator.exe
14:35:47.0087 0x10b4  RpcLocator - ok
14:35:47.0134 0x10b4  [ A6130365606F3D6332B014FC3DA931AA, 80A81A3D351305EAD11B90C35F06D20035328FF802A628F91DB8DD8CB424AEEF ] RpcSs           C:\WINDOWS\system32\rpcss.dll
14:35:47.0165 0x10b4  RpcSs - ok
14:35:47.0243 0x10b4  [ 1A782D5CA033F553F0BE54546EBF3B4F, 758C063A59C960118BCA3D89A85786D54BF868BB5420EF8D158BFB3F9FA2E130 ] SamSs           C:\WINDOWS\system32\lsass.exe
14:35:47.0243 0x10b4  SamSs - ok
14:35:47.0243 0x10b4  sbapifs - ok
14:35:47.0259 0x10b4  SBRE - ok
14:35:47.0290 0x10b4  [ A2069FFA2A6FEBB3818F180373C84A89, 5BA399793247AF1BC2B8C8A417211EF5D4FC9C126496E5692E5D0C08BD38D512 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.exe
14:35:47.0290 0x10b4  SCardSvr - ok
14:35:47.0321 0x10b4  [ 71CD398385835C08613C65E5BF91E7FA, C43407F43557B8B3F43C76245DD18C66155D3D0B4B020A061C052C7B9B615C4C ] Schedule        C:\WINDOWS\system32\schedsvc.dll
14:35:47.0337 0x10b4  Schedule - ok
14:35:47.0368 0x10b4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] Secdrv          C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:35:47.0368 0x10b4  Secdrv - ok
14:35:47.0384 0x10b4  [ B4E054549321372D995E4DB9A5304E77, 8D3FF430963AFEDF8388CD23B4C63ABF62F3419B8084F0FC30D7068FCBCFC257 ] seclogon        C:\WINDOWS\System32\seclogon.dll
14:35:47.0384 0x10b4  seclogon - ok
14:35:47.0399 0x10b4  [ 222C0A6C354D6A90700956C60574A09A, 1D44DF7A052B7CD8D220A453D8ECCF39FC74D126B94C5B2AE36EA56C821DB642 ] SENS            C:\WINDOWS\system32\sens.dll
14:35:47.0399 0x10b4  SENS - ok
14:35:47.0415 0x10b4  [ 111B29F3FCF9FB61C903A01E3706F7DC, EB872B6769806170E26BEC23F689B38D0779A1219353B0DA47F52F747DC4120A ] serenum         C:\WINDOWS\system32\DRIVERS\serenum.sys
14:35:47.0431 0x10b4  serenum - ok
14:35:47.0446 0x10b4  [ C0DC97399576FCCFF5FE877EC2D8DACC, 0AED50A4D99161FC66B323606D13F08ED4556ACD18E5EDE1E030EB5FECF03D1E ] Serial          C:\WINDOWS\system32\DRIVERS\serial.sys
14:35:47.0446 0x10b4  Serial - ok
14:35:47.0462 0x10b4  [ C6EACC8920A31B8D5842D1F7A28E2113, 8883115F406A4A8588DD9E8ED6E9ED7ED4AFF9DFDBE8B391C0D9AEBE187DD27D ] Sfloppy         C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:35:47.0462 0x10b4  Sfloppy - ok
14:35:47.0509 0x10b4  [ D71A8153D3CF0ED527F6BA1F087FAA22, 1EEB6A8D379EE51A17C9E7DC01467EA283F2B60DA8167EB1DD0EB8A60E25FFD6 ] SharedAccess    C:\WINDOWS\system32\ipnathlp.dll
14:35:47.0524 0x10b4  SharedAccess - ok
14:35:47.0571 0x10b4  [ 15DE8EAE99A0F4E313E83ABA5B849FAA, 40B71B533761943CB903E44DB1BD57AD25A9B05500A6CCD5041A496C66601BA7 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:35:47.0571 0x10b4  ShellHWDetection - ok
14:35:47.0587 0x10b4  Simbad - ok
14:35:47.0634 0x10b4  [ 17EC29105989101DB536C49E1279A0EB, 7B8D96703584DCBF94802B18C8A601D806DB2D3DA4EA0D33AA4C268C9C06467F ] splitter        C:\WINDOWS\system32\drivers\splitter.sys
14:35:47.0634 0x10b4  splitter - ok
14:35:47.0665 0x10b4  [ 206FD327B4AAD3AEAA8E0D7D03F2044A, 343B9D3A06F077C1227829DAEC5953BC887467536D4B6DEC0E719E6003DDD70D ] Spooler         C:\WINDOWS\system32\spoolsv.exe
14:35:47.0681 0x10b4  Spooler - ok
14:35:47.0696 0x10b4  [ B2EC3E1DEAC5F0A764BD3486D213A0AF, 77597D6AF90BF0FD50AF7271C800D84BE69E288760116B7A252FB8B068614A52 ] SQLBrowser      c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:35:47.0712 0x10b4  SQLBrowser - ok
14:35:47.0790 0x10b4  [ D63FC56C7C3F9B576BC25F617E3F7963, 1F1D024A6A41DD93DE4F09999D90DB5148D87C1C1DDEFFC0407C6E59EB7199D1 ] SQLWriter       c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:35:47.0790 0x10b4  SQLWriter - ok
14:35:47.0837 0x10b4  [ DAE1D5553D42A06034001D6EF4F5CB36, CAD426CCD2BFE81F7B13D2777F699CFE9F7708FFE768BBB618C78601D4AD99CA ] sr              C:\WINDOWS\system32\DRIVERS\sr.sys
14:35:47.0837 0x10b4  sr - ok
14:35:47.0884 0x10b4  [ 7B6DA719973755BD091131E53AD6EC23, 2C0D2191ACDF2BA7D5711C6088F28D9478396B6144FBFFECE5B688646A701C62 ] srservice       C:\WINDOWS\system32\srsvc.dll
14:35:47.0884 0x10b4  srservice - ok
14:35:47.0946 0x10b4  [ 2A08328562D0BA596B699EEB90B511D1, 10FE978DCAAAFEA8FB028440D1C1746492597A4B4B99DAC98E9EA87D86E327C3 ] Srv             C:\WINDOWS\system32\DRIVERS\srv.sys
14:35:47.0962 0x10b4  Srv - ok
14:35:47.0993 0x10b4  [ 94AD81C8EE2385EDDB08C7E34FEDB7A8, 86565EC29AC5CB84B6BA3B482ED2EB743EF11BD53A93EAEDA2400DFCF3F88440 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
14:35:47.0993 0x10b4  SSDPSRV - ok
14:35:48.0087 0x10b4  [ F6D4F452DB507820F726525A1425F0CC, D5D46951B2B08156ADE2E4B74CAE95345718F9B27208B190FE526D946950A8C2 ] stisvc          C:\WINDOWS\system32\wiaservc.dll
14:35:48.0102 0x10b4  stisvc - ok
14:35:48.0134 0x10b4  [ B6536185FEEB8F0C86AD3BF2FBAB4F2F, D9E2935B3C1D3326E5BCC2F8C8D65D72B453D60E5E702812383256606B69D414 ] swenum          C:\WINDOWS\system32\DRIVERS\swenum.sys
14:35:48.0149 0x10b4  swenum - ok
14:35:48.0181 0x10b4  [ 8E9E35B36A27AD154A5F92397CDE343C, EDB9F8B366D8CDEB26CB0C669559829D7D7522F8EC673CE5F53A7858B78AA17B ] swmidi          C:\WINDOWS\system32\drivers\swmidi.sys
14:35:48.0181 0x10b4  swmidi - ok
14:35:48.0352 0x10b4  [ 2E54746998139CB708B83974F1AC09F3, 167CA13C072DFFD094C230B8466823B63A09B6015C5D827D0A2C174519DBC771 ] swprv           C:\WINDOWS\System32\swprv.dll
14:35:48.0368 0x10b4  swprv - ok
14:35:48.0493 0x10b4  [ 02363A8690BA2DB405B9EC6A598A8D89, B439DEA4D16FDEDFE012FE04904A8769D63D62BAF62CB7B65038951CF280E693 ] symc8xx         C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:35:48.0493 0x10b4  symc8xx - ok
14:35:48.0509 0x10b4  [ D3B52787F40DDB43ACAFA01583B079FE, 44C724AC0CC9D2E36AC240553AA3F05010EE13A72A6FD3ED1C5FAA148D90E782 ] symmpi          C:\WINDOWS\system32\DRIVERS\symmpi.sys
14:35:48.0509 0x10b4  symmpi - ok
14:35:48.0509 0x10b4  [ 1F8245798DE985A00EA7E2D40FA9876E, BC7B4149F40982F59837DC67C72CA53C45134AD75C3977FC5078D14B91A4059A ] sym_hi          C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:35:48.0509 0x10b4  sym_hi - ok
14:35:48.0509 0x10b4  [ 954C7C1C9A1400AE68DF10D730A6A31D, 50633D5D071C16DEE8CF819EA32E3F97410F72FD010F0D6076F0FF161A748795 ] sym_u3          C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:35:48.0524 0x10b4  sym_u3 - ok
14:35:48.0540 0x10b4  [ 2E843F129DAF4C789DF7ACD40E26208F, A7B8B46AA5E72B43142E2D59E49DE908FEF3FFBD2E54D1AF1B0CCA8142462009 ] sysaudio        C:\WINDOWS\system32\drivers\sysaudio.sys
14:35:48.0540 0x10b4  sysaudio - ok
14:35:48.0571 0x10b4  [ D3FFFEA8C94BA3C1CEAC9694AC390472, E777300694BF46F6E988CEE703144E079B1AC2D4DF1E59FDCEEED4E2DC157B51 ] SysmonLog       C:\WINDOWS\system32\smlogsvc.exe
14:35:48.0587 0x10b4  SysmonLog - ok
14:35:48.0634 0x10b4  [ FAFEFC85FC929B81571BFF315C93E299, 830BEB95F7259305B6ED0FD064533E3757D6B0C53D9038034AC8953E3C95DE9F ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
14:35:48.0649 0x10b4  TapiSrv - ok
14:35:48.0712 0x10b4  [ 34D970B38E9E835009E1AD07C5422B58, 54E2B65ACBC474CC625F9CE15182B9F8F064DEF1B931A936039B8291090B5A9B ] Tcpip           C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:35:48.0727 0x10b4  Tcpip - ok
14:35:48.0759 0x10b4  [ DA1E9CD22238FA4DB565EF41C7312E1B, 5E858462DBD7557CC8CADA0E5A26F11F1F22829FD29D8A91916F7A384A1D7543 ] TDPIPE          C:\WINDOWS\system32\drivers\TDPIPE.sys
14:35:48.0759 0x10b4  TDPIPE - ok
14:35:48.0759 0x10b4  [ 47D24EBB1C442DCC18D89B8B89BAFB49, BD906AB7C17AC9CCCB551DE51B7354597B9676276C65CBF9F8C9FC97451C6AFF ] TDTCP           C:\WINDOWS\system32\drivers\TDTCP.sys
14:35:48.0759 0x10b4  TDTCP - ok
14:35:48.0774 0x10b4  [ 8AB9AD44907D4C57AD10E175C8720ECF, 279EB8472C15E6BCA2D680B8B6D66C7C0945182B0325A7B999DF5C90B23BDDAA ] TermDD          C:\WINDOWS\system32\DRIVERS\termdd.sys
14:35:48.0790 0x10b4  TermDD - ok
14:35:48.0806 0x10b4  [ F4849A4962779132B02CA4BBF696F434, 7D3A81E2B8006E8B733C0B85E4586DEA19D18707DBF433DFAB636FF221BAA938 ] TermService     C:\WINDOWS\System32\termsrv.dll
14:35:48.0821 0x10b4  TermService - ok
14:35:48.0837 0x10b4  [ 15DE8EAE99A0F4E313E83ABA5B849FAA, 40B71B533761943CB903E44DB1BD57AD25A9B05500A6CCD5041A496C66601BA7 ] Themes          C:\WINDOWS\System32\shsvcs.dll
14:35:48.0837 0x10b4  Themes - ok
14:35:48.0868 0x10b4  [ 0FDF294D30CA53391485132854151B26, 6CD8BDDEC3B712C65E71964375565EE7DB60E77D1809FBDA85DE3B0C0B190F34 ] TlntSvr         C:\WINDOWS\system32\tlntsvr.exe
14:35:48.0884 0x10b4  TlntSvr - ok
14:35:48.0884 0x10b4  [ E732F06DA26A6ED57AC63A68DE246F6B, 75FFF8468D2AE4970F46D8908120E1B2514AE9AA8379956299C2B368CAE9F75D ] TosIde          C:\WINDOWS\system32\DRIVERS\toside.sys
14:35:48.0884 0x10b4  TosIde - ok
14:35:48.0915 0x10b4  [ 483FFCD8E5080198D87EEED44246E6A9, 769748087408A515B865079BE3FAE3BF1F483A750EB376509844FC787AB6ADEC ] TrkWks          C:\WINDOWS\system32\trkwks.dll
14:35:48.0931 0x10b4  TrkWks - ok
14:35:48.0946 0x10b4  [ A6DD2DFCC44EC61D18AA645620CD8F63, 74B4BBBAD1955CED21F14C9AAB19805689FA077B6BFACDD4C12B45D4C78A9DBB ] Udfs            C:\WINDOWS\system32\drivers\Udfs.sys
14:35:48.0962 0x10b4  Udfs - ok
14:35:48.0993 0x10b4  [ DE3C294E44468BE08A27C089F4B9B5AA, 51274D08C45985E6F75F92924945F6BBA66318E984AE341FBA53D5EEE0F8321E ] uliagpkx        C:\WINDOWS\system32\DRIVERS\uliagpkx.sys
14:35:48.0993 0x10b4  uliagpkx - ok
14:35:49.0009 0x10b4  [ 3C1D799058E89CFF843B10E2A0929C38, 5EF8032DE2030CD2038D5C86AA94E38575A36BC8317BC68BF01C44737D04799F ] ultra           C:\WINDOWS\system32\DRIVERS\ultra.sys
14:35:49.0024 0x10b4  ultra - ok
14:35:49.0087 0x10b4  [ 1446762923434D2A9C315325CF4770C8, 6FE7368615F3A40CC402E44F53534E285C95921EA5B056E03057BA13CCA73A82 ] Update          C:\WINDOWS\system32\DRIVERS\update.sys
14:35:49.0087 0x10b4  Update - ok
14:35:49.0134 0x10b4  [ 78C605CB6E0CE966D3347FF7CAF3F8AC, 2C9897035C927F7FC4180848062CE11DBFF8E1CFB352A7DA7204E5C8A06848DF ] upnphost        C:\WINDOWS\System32\upnphost.dll
14:35:49.0149 0x10b4  upnphost - ok
14:35:49.0165 0x10b4  [ 3EC1501AA03CECD66ED093428FBC8B0E, A54797051FF44765BA62BA9F71B3F4D6E0E3494DBA193930AE88D7A3CCBEE503 ] UPS             C:\WINDOWS\System32\ups.exe
14:35:49.0181 0x10b4  UPS - ok
14:35:49.0243 0x10b4  [ 07495FD89CBE07BF2CACBEC77FA9821B, FD19B77CFE7943EC42493E4E11242B9C8F17E794FBB7F9E9C41DBAC0EA03F834 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
14:35:49.0243 0x10b4  usbaudio - ok
14:35:49.0274 0x10b4  [ E4EB7DD07EECA792A2982CE4622BE04B, 88618CB6F788831F83C12B0E0DE59BC675AE09E537E096488A358B4564D98D2C ] usbbus          C:\WINDOWS\system32\DRIVERS\lgx64bus.sys
14:35:49.0274 0x10b4  usbbus - ok
14:35:49.0306 0x10b4  [ 35AA2A9FFD53B0704A2B9F96AD8A499F, 2874A3232D01A1306335A39F028C5C63BAFF72089A36EE75E33F1CBB0D3A4203 ] usbccgp         C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:35:49.0306 0x10b4  usbccgp - ok
14:35:49.0337 0x10b4  [ B4074DD520E0E66BD122D510EBF94468, 52EE3D6332273F8B4B4BE5EC9E57BEFE9B09E311FC50B33CCB9A02C2D3E6F3A3 ] UsbDiag         C:\WINDOWS\system32\DRIVERS\lgx64diag.sys
14:35:49.0337 0x10b4  UsbDiag - ok
14:35:49.0352 0x10b4  [ C98711361F5A79E891B223256CF77333, 7772D20E1A62AE7A6A4A8CEB0B7975ED327473D68B6D0532C098BA9F1A392C48 ] usbehci         C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:35:49.0368 0x10b4  usbehci - ok
14:35:49.0399 0x10b4  [ D63CB1B59D54F9C2BB8A4107584A664F, 92B1744EB8FFB6BD5C8502508825C8D88F94EF76ED119937A4A791D2EA030198 ] usbhub          C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:35:49.0415 0x10b4  usbhub - ok
14:35:49.0431 0x10b4  [ 52870DDCF2AD4F8C451BA1C0CF3BF838, 25E989B61A8836D6EA8B72FF5C0BE464E5A6322E1AAA0AAECE95FA731C272C65 ] USBModem        C:\WINDOWS\system32\DRIVERS\lgx64modem.sys
14:35:49.0431 0x10b4  USBModem - ok
14:35:49.0446 0x10b4  [ 5E49C7923AB1101A2729B5B201ADB064, 44233A13F08A4A00FFC064F5F965FADFA3A7F9E5C8F98E1326C81171603C8ECE ] usbohci         C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:35:49.0446 0x10b4  usbohci - ok
14:35:49.0493 0x10b4  [ 040F6F425A6CC4FB156470502CAFB31B, 83665F72188F2AACF34A3333BE7AB2DCA36EB2209121BC8CD5E5A6E1332EC439 ] usbprint        C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:35:49.0493 0x10b4  usbprint - ok
14:35:49.0509 0x10b4  [ B1E6205AD6D78940A3B94EB26C68A4CA, 64A9A4FC4096E06DC8947B427FBA0ECF4EC57781D625D27AF93CAB098781D377 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:35:49.0509 0x10b4  usbscan - ok
14:35:49.0556 0x10b4  [ EDCE8A162E8023FD1751E08E23E41948, 6BFCEC240F243FA213D844D0A0A736BC96DDC57CE2FF5AB0A93A70FE5B91CDCA ] USBSTOR         C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:35:49.0556 0x10b4  USBSTOR - ok
14:35:49.0587 0x10b4  [ D39CA694137819E4B8BEB3D558E8B3DE, D9414C06B9FF1DB098CD78BB93EFBE23039D96BF035FEB02CB05A0DAB8CB616B ] usbuhci         C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:35:49.0587 0x10b4  usbuhci - ok
14:35:49.0649 0x10b4  [ B1E327AEA4ECF42DDF7C579B0FB0DE4C, BADE3BB0B11E5ECC9F98726AB9ABEAF6BFB9416B31F2E6A6D5FBBB1656BDD8C9 ] vds             C:\WINDOWS\System32\vds.exe
14:35:49.0665 0x10b4  vds - ok
14:35:49.0774 0x10b4  [ B40CFD2FFDD838B0CE0C35EE449407BD, E5ABAA0DC1E55B71522A908287820FB91B2ED554A1F1D45CA3FBEE59C674F77E ] vga             C:\WINDOWS\system32\DRIVERS\vgapnp.sys
14:35:49.0774 0x10b4  vga - ok
14:35:49.0790 0x10b4  [ 78EBFE6F11F10DB8237B910E9158CA91, E2F6EC862C80F6C6CEAEE586659A99C725B9EB8C786CB0A9E51F36946523D8BD ] VgaSave         C:\WINDOWS\System32\drivers\vga.sys
14:35:49.0790 0x10b4  VgaSave - ok
14:35:49.0790 0x10b4  [ AF90283616C8138CF610214983772A7A, 110E50BBF7C250A1DD95A0B6B146D0CEAB35E1667A1219811D358B355034B205 ] ViaIde          C:\WINDOWS\system32\DRIVERS\viaide.sys
14:35:49.0806 0x10b4  ViaIde - ok
14:35:49.0837 0x10b4  [ 941D45C8A14B2B1E8A57D0EEF6A98AEB, 50BDB18C6CD4B12EAB321B502202B959C7A88FCAAE87F88801E3155A18A8B392 ] VolSnap         C:\WINDOWS\system32\DRIVERS\volsnap.sys
14:35:49.0852 0x10b4  VolSnap - ok
14:35:49.0946 0x10b4  [ 0A05DE966B412D6289632AC05FC6ADA2, BB6E46415DDD45F62842D328D53B704A39D119283E3794F4C98DC64C324DE622 ] VSS             C:\WINDOWS\System32\vssvc.exe
14:35:50.0009 0x10b4  VSS - ok
14:35:50.0181 0x10b4  [ 9237CDFF7D7185510A7DDB3666691D0D, D19A08253F08C2151ACD2096C5D1F27E713475EFE3895EB846A1F28E791D83DC ] vToolbarUpdater17.3.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
14:35:50.0212 0x10b4  vToolbarUpdater17.3.0 - ok
14:35:50.0290 0x10b4  [ 6FE371026674BAF189F7A81746A67C87, 51BD0AF47ED0CA9769017EE1777D94C2314094BFC90291C87C0BB32C31246271 ] W32Time         C:\WINDOWS\system32\w32time.dll
14:35:50.0290 0x10b4  W32Time - ok
14:35:50.0337 0x10b4  [ D2A01D73FE4A455C1D741B48C56763B2, 4BE09FF135A64A17C505C15C8F5DCB04C61BF43CA5C0C6530AD25B46C91B7C1D ] Wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:35:50.0337 0x10b4  Wanarp - ok
14:35:50.0352 0x10b4  WDICA - ok
14:35:50.0368 0x10b4  [ DAFF7E89C84079022B9606F83E1BD29A, 7DEB90751776F6BD5578746738531FD8F1E5E149689D8766620DC1383559EAF9 ] wdmaud          C:\WINDOWS\system32\drivers\wdmaud.sys
14:35:50.0368 0x10b4  wdmaud - ok
14:35:50.0399 0x10b4  [ FE8590FA0367A29BC7ED7BFC4962AD1C, DA18DD579D2AD183A8ACF63416F67890575F5E26438F311E0D70EFA1418ACF09 ] WebClient       C:\WINDOWS\System32\webclnt.dll
14:35:50.0415 0x10b4  WebClient - ok
14:35:50.0415 0x10b4  WinHttpAutoProxySvc - ok
14:35:50.0493 0x10b4  [ 881271D649E778690A365D73B8958509, 33450D9174FDABEC3D504AA4B8E7C3F051A97976E24276047F9A6758837F90A1 ] winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
14:35:50.0509 0x10b4  winmgmt - ok
14:35:50.0524 0x10b4  [ 4D32F7BDBF325792AE28D5380DDF6BCF, 56D5B1E1C809E6C8E03514ECB4E7E53A4C18B263201B46BCCEB8A1EA83521D66 ] WmdmPmSN        C:\WINDOWS\SysWOW64\mspmsnsv.dll
14:35:50.0540 0x10b4  WmdmPmSN - ok
14:35:50.0602 0x10b4  [ B51966DB20D5C700228DFE222FDF9E67, 1AF870EC0CB2D364A836F3106540FF01BB9C7720C2240AA31DDA32C8925122D0 ] Wmi             C:\WINDOWS\System32\advapi32.dll
14:35:50.0618 0x10b4  Wmi - ok
14:35:50.0649 0x10b4  [ EA6A8317C29120EDE0E422286712D769, EF15C613EB94DCB983FD4A168E976293CB9B6B8EE780F5DC11CE74430F8573ED ] WmiAcpi         C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:35:50.0649 0x10b4  WmiAcpi - ok
14:35:50.0665 0x10b4  [ 56980BE8B5A6861B5D9175EABA8AC7DC, BC47558AA9C9F282A9EFAADF9DC2D9C454FBE48A87AF9AE9EF5EA07139354061 ] WmiApSrv        C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:35:50.0681 0x10b4  WmiApSrv - ok
14:35:50.0774 0x10b4  [ F74E3D9A7FA9556C3BBB14D4E5E63D3B, C71FAAC752F6D58BF8556661252DBF8C5DDD090CAE002A2C7E09C9A014526066 ] WMPNetworkSvc   C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe
14:35:50.0884 0x10b4  WMPNetworkSvc - ok
14:35:50.0915 0x10b4  [ 82960CE97C1898C28D7AE62BA6721D27, 1FDB191D274E7E228B4D78A7EA9106B95BABCED23488D5DE7D74F5B321CF60AC ] wscsvc          C:\WINDOWS\system32\wscsvc.dll
14:35:50.0915 0x10b4  wscsvc - ok
14:35:50.0931 0x10b4  WSearch - ok
14:35:50.0931 0x10b4  [ EF7576AF44B484F7A3E6072D633BAB34, 03736A1CD63857BB9C1422DFCE66232FE3E76DD92EA4BC708A7EAD79DE639772 ] wuauserv        C:\WINDOWS\system32\wuauserv.dll
14:35:50.0931 0x10b4  wuauserv - ok
14:35:50.0962 0x10b4  [ 3F98A4E57933963CF2A941BB48F9D47A, 5AF120657C2AEA3D749D97D0CD1F7500873A39B685FA8A2046A94004DF7A17A7 ] WudfPf          C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:35:50.0977 0x10b4  WudfPf - ok
14:35:51.0024 0x10b4  [ 881C0C35CDD09077B0E95EC2269CB44C, 43E1847031666789885747A3537E5B76BE8122070646A8A58942C5E39EF69C01 ] WudfRd          C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:35:51.0024 0x10b4  WudfRd - ok
14:35:51.0056 0x10b4  [ 9DCF6C499773B709DE8F70CD5013CB38, AD63481DCCD8B78A81E87C79644300E18392C50512A979DD80704F1922CF8FCE ] WudfSvc         C:\WINDOWS\System32\WUDFSvc.dll
14:35:51.0071 0x10b4  WudfSvc - ok
14:35:51.0134 0x10b4  [ F4EC5C736BBA9A27F9C36412C930B386, 51820C6FC8E865D4927EC8DADC435A70B2554195CF8DC226CE6A7FBDDA697CD4 ] WZCSVC          C:\WINDOWS\System32\wzcsvc.dll
14:35:51.0149 0x10b4  WZCSVC - ok
14:35:51.0181 0x10b4  [ A1ABA5A0B4F1FF9B83C50F92F8C080A2, 757A3F939DA878921BB23CD9560A33AD15E91A9718A132EECB61EF3D45506959 ] xmlprov         C:\WINDOWS\System32\xmlprov.dll
14:35:51.0196 0x10b4  xmlprov - ok
14:35:51.0196 0x10b4  ================ Scan global ===============================
14:35:51.0243 0x10b4  [ 2AE60E46216266CDC9E20886E4CE3281, 25192BDD2098853D401A109C5E983C7DC086B30983F19ED53ACB70F37412FBA2 ] C:\WINDOWS\system32\basesrv.dll
14:35:51.0306 0x10b4  [ 09AC0851FE16DDB82224E970ED3F4817, 89ADD2538CC3B1C75A4E8AA7A9EF6CC4B0200F82F1FF47505D9311B99937480E ] C:\WINDOWS\system32\winsrv.dll
14:35:51.0337 0x10b4  [ 09AC0851FE16DDB82224E970ED3F4817, 89ADD2538CC3B1C75A4E8AA7A9EF6CC4B0200F82F1FF47505D9311B99937480E ] C:\WINDOWS\system32\winsrv.dll
14:35:51.0352 0x10b4  [ 1E07EE3F50DFF2FE9B0A9D196E82698F, 34527011E240255179F6C40DA3DF9AACBA9A6AE14E19172D12AA38DB096D88EE ] C:\WINDOWS\system32\services.exe
14:35:51.0352 0x10b4  [ Global ] - ok
14:35:51.0352 0x10b4  ================ Scan MBR ==================================
14:35:51.0384 0x10b4  [ 4F02A8D4048A138C450ED7F867EB0144 ] \Device\Harddisk0\DR0
14:35:51.0571 0x10b4  \Device\Harddisk0\DR0 - ok
14:35:51.0571 0x10b4  ================ Scan VBR ==================================
14:35:51.0571 0x10b4  [ 7E9456C91EC6E2D3980C27B2DE57321E ] \Device\Harddisk0\DR0\Partition1
14:35:51.0571 0x10b4  \Device\Harddisk0\DR0\Partition1 - ok
14:35:51.0571 0x10b4  [ CDF7F7E5B5AA3CA09F5B3FA26D68F764 ] \Device\Harddisk0\DR0\Partition2
14:35:51.0571 0x10b4  \Device\Harddisk0\DR0\Partition2 - ok
14:35:51.0571 0x10b4  Waiting for KSN requests completion. In queue: 195
14:35:52.0571 0x10b4  Waiting for KSN requests completion. In queue: 195
14:35:53.0571 0x10b4  Waiting for KSN requests completion. In queue: 195
14:35:54.0571 0x10b4  Waiting for KSN requests completion. In queue: 195
14:35:55.0571 0x10b4  Waiting for KSN requests completion. In queue: 195
14:35:56.0602 0x10b4  AV detected via SS1: AVG AntiVirus Free Edition 2014, 2014.0, enabled, updated
14:35:56.0602 0x10b4  AV detected via SS1: avast! Antivirus, 5.0.134219232, enabled, updated
14:35:56.0618 0x10b4  Win FW state via NFM: enabled
14:36:09.0556 0x10b4  ============================================================
14:36:09.0556 0x10b4  Scan finished
14:36:09.0556 0x10b4  ============================================================
14:36:09.0556 0x16e8  Detected object count: 0
14:36:09.0556 0x16e8  Actual detected object count: 0
 
 
# AdwCleaner v3.018 - Report created 05/02/2014 at 14:43:06
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Administrator - WORKSTN
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\END
File Found : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Found C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
Folder Found C:\Documents and Settings\All Users\Application Data\Ask
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Surf Canyon
Folder Found C:\Program Files (x86)\Viewpoint
Folder Found C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Surf Canyon
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\APN
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\AskToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\Crossrider
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Surf Canyon
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Found : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11351 octets] - [05/02/2014 14:43:06]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11412 octets] ##########
 
 


#8 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:38 PM

Posted 05 February 2014 - 03:49 PM

Visit the page below to download and then install Windows XP3.  You can use any browser that will work.
 
http://www.microsoft.com/en-us/download/details.aspx?id=24
 
Once you get Windows XP3 and all other updates downloaded and installed, run a new scan with DDS and post the new log.  :)
 
If you have any problems let me know.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#9 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 05 February 2014 - 04:24 PM

I got the same result as the other link. SP3 downloads, unpacks, and then gives me a Setup Error message: The updatebr.inf file is invalid. I'm stuck.

 

Mark



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:38 PM

Posted 05 February 2014 - 05:25 PM

Forget about the Windows updates...   :)
 
81mYIKe.jpg  AdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 07 February 2014 - 10:17 AM

Jeff,

 

OK. I ran AdwCleaner and pressed the Clean button. Here's the log file.

 

# AdwCleaner v3.018 - Report created 07/02/2014 at 10:00:37
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 2 (64 bits)
# Username : Administrator - WORKSTN
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Program Files (x86)\Viewpoint
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
File Deleted : C:\END
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.ShowSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAFFE112-08AB-4B91-8428-C008A22864FB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf Canyon
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v32.0.1700.107
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11581 octets] - [05/02/2014 14:43:06]
AdwCleaner[R1].txt - [11642 octets] - [07/02/2014 09:56:48]
AdwCleaner[S0].txt - [10083 octets] - [07/02/2014 10:00:37]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10144 octets] ##########


#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:38 PM

Posted 07 February 2014 - 10:54 AM

How is your system running?  :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 07 February 2014 - 11:27 AM

Unfortunately, it's still running the same way. IE is hung (not responding). Chrome still only will show select websites with a frequent Aw Snap - Reload requirement. And I'm still getting messages that Shockwave Flash has crashed.

 

I was hoping getting all those toolbars and junk out of there would help.

 

Where do we go next?

 

Thanks for your help.

 

Mark



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:38 PM

Posted 07 February 2014 - 12:21 PM

Let's get a look with a different tool. 
 
ttLR1ki.jpg

  • Download OTL to your desktop.
  • Right-click and Run as Administrator on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
      Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

----------


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 markgar

markgar
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 07 February 2014 - 01:08 PM

Jeff,

 

Here's the latest scans.

 

OTL.txt:

 

OTL logfile created on: 2/7/2014 12:54:52 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Administrator\Desktop
64bit-Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 6.68 Gb Available Physical Memory | 83.68% Memory free
9.55 Gb Paging File | 8.62 Gb Available in Paging File | 90.20% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 62.51 Gb Total Space | 6.19 Gb Free Space | 9.90% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 8.93 Gb Free Space | 74.35% Space Free | Partition Type: NTFS
 
Computer Name: WORKSTN | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Oracle Corporation)
PRC - C:\Documents and Settings\Administrator\Application Data\mjusbsp\magicJack.exe (magicJack L.P.)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe ()
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\defs\14020700\algo.dll ()
MOD - C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe ()
MOD - C:\WINDOWS\SMINST\Scheduler.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Spooler) -- C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (mnmdd) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (Winsock) -- C:\WINDOWS\SysWow64\winsock.dll (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=all&pf=cmws
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{E1EE4AA9-6882-483A-8B4A-F4A4E74D850B}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20120624,6901,0,8,0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/thinkorswim: C:\Program Files (x86)\thinkTDA\npthinkorswim.dll (TD Ameritrade)
FF - HKCU\Software\MozillaPlugins\tdameritrade.com/tossc: C:\Program Files (x86)\thinkTDA\nptossc.dll (TD Ameritrade)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
Hosts file not found
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - %SystemRoot%\system32\SHELL32.dll File not found
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup File not found
O4:64bit: - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\TRENDnet\MFP Server\Control Center.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKCU..\Run: [AVG-Secure-Search-Update_0214c] C:\Documents and Settings\Administrator\Application Data\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=1f9894b85bb147d3a909d16a3bff488c-faa6d6e156a334bf8c93679273adf78dbf92812d /CMPID=0214c File not found
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files (x86)\Microsoft ActiveSync\Wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files (x86)\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files (x86)\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O15 - HKLM\..Trusted Domains: antimalwareguard.com ([]* in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246802380515 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246831521859 (MUWebControl Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://investools.webex.com/client/T27L10NSP21/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85DFEB0D-FDBD-49B2-9C47-AF2E0336DC19}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -  File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) -  File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) -  File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) -  File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) -  File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) -  File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) -  File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) -  File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) -  File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28:64bit: - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/14 10:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 19:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2011/04/23 16:15:50 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{61aa0854-6687-11e2-b061-00237d1ba17f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{61aa0854-6687-11e2-b061-00237d1ba17f}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{61aa0854-6687-11e2-b061-00237d1ba17f}\Shell\phone\command - "" = J:\autorun.exe
O33 - MountPoints2\{6e2d2c4e-1aac-11e2-ac39-00237d1ba17f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e2d2c4e-1aac-11e2-ac39-00237d1ba17f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e2d2c4e-1aac-11e2-ac39-00237d1ba17f}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O33 - MountPoints2\{81dd18a6-3d5e-11df-851f-00237d1ba17f}\Shell - "" = AutoRun
O33 - MountPoints2\{81dd18a6-3d5e-11df-851f-00237d1ba17f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81dd18a6-3d5e-11df-851f-00237d1ba17f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b5c6d5fa-6da6-11e1-9def-00237d1ba17f}\Shell - "" = AutoRun
O33 - MountPoints2\{b5c6d5fa-6da6-11e1-9def-00237d1ba17f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5c6d5fa-6da6-11e1-9def-00237d1ba17f}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2014\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/07 12:38:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/05 14:42:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/24 15:14:32 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/22 16:00:04 | 000,256,904 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\SysWow64\drivers\tmcomm.sys
[2014/01/22 11:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2014/01/22 11:33:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/01/22 11:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2014/01/22 11:32:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2014/01/22 11:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2014/01/22 11:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2014/01/22 11:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/01/22 11:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\MFAData
[2014/01/22 11:15:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Avg2014
[2014/01/21 17:38:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Adobe
[2014/01/21 16:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/07 12:52:00 | 000,000,912 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/07 12:36:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/02/07 10:15:00 | 000,000,364 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2014/02/07 10:11:29 | 000,001,083 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2014/02/07 10:08:21 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/07 10:08:17 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RegInOut on user logon - Administrator.job
[2014/02/07 10:08:17 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2866814949-2479978904-1420319158-500.job
[2014/02/07 07:07:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2014/02/07 01:07:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2014/02/06 19:07:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2014/02/06 14:42:00 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (bob).job
[2014/02/06 13:07:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2014/02/05 12:22:50 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Excel.lnk
[2014/02/01 10:41:01 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/01/31 14:26:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2866814949-2479978904-1420319158-500.job
[2014/01/27 18:10:37 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word (2).lnk
[2014/01/26 15:24:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2014/01/24 11:22:51 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2014/01/23 16:36:40 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2014/01/22 16:12:38 | 000,166,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2014/01/22 16:12:36 | 000,154,621 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2014/01/22 15:55:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2014/01/22 13:06:15 | 000,001,806 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2014/01/22 11:33:54 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/01/21 14:02:50 | 000,759,850 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/01/15 03:04:50 | 000,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/23 16:36:34 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2014/01/22 16:12:38 | 000,166,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\census.cache
[2014/01/22 16:12:36 | 000,154,621 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ars.cache
[2014/01/22 15:55:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2014/01/22 11:33:54 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
[2014/01/21 16:07:27 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RegInOut on user logon - Administrator.job
[2014/01/11 12:53:09 | 000,001,083 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\magicJack.lnk
[2013/05/01 14:37:36 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc
[2012/06/14 16:51:36 | 000,165,376 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2012/05/21 17:15:48 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2012/05/21 17:15:47 | 000,013,312 | ---- | C] () -- C:\WINDOWS\SysWow64\DEVLOAD.EXE
[2012/05/21 17:15:47 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2012/05/21 17:15:47 | 000,002,204 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\UNINST2K.SYS
[2010/12/07 09:28:29 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/13 09:58:45 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/03 16:00:00 | 000,002,262 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\soosi.guc
 
========== ZeroAccess Check ==========
 
[2009/06/03 17:03:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2007/02/18 00:00:00 | 001,508,352 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009/03/19 18:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/02/13 16:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon
[2013/12/15 13:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG SafeGuard toolbar
[2014/01/22 11:55:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG2014
[2010/01/26 19:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
[2013/08/02 15:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
[2010/08/17 09:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2009/08/31 12:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Logs
[2014/02/07 10:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mjusbsp
[2012/07/25 06:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orifog
[2012/07/25 06:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Paudyp
[2009/07/06 15:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\play2p
[2009/06/03 17:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2014/02/07 09:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Simple Sudoku
[2014/01/22 11:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/05/05 16:05:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2009/07/06 15:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/09/01 15:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2010/08/17 11:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2013/01/11 10:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/12/21 15:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2014/01/22 11:34:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2014
[2013/12/15 13:00:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/01/24 16:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
[2011/01/15 12:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2014/02/07 12:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/02/05 13:24:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDFC
[2014/01/21 16:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegInOut
[2013/05/01 13:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2009/11/23 16:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2013/06/27 14:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/16 14:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
 
========== Purity Check ==========
 
 
 
< End of report >
 
 
NO LOG EXTRAS.TXT WAS GENERATED. l LOOKED WHERE OTL.TXT WAS STORED ON THE SYSTEM, BUT EXTRAS.TXT DOES NOT EXIST.
 
Thanks.
 
Mark





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users