Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Saveshare, safesaver, Akamai, sprotector, etc


  • This topic is locked This topic is locked
18 replies to this topic

#1 wierdsci

wierdsci

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 07 February 2014 - 12:38 AM

All Browsers redirect; Ads including indecent repeatedly embed into email, website, etc or pop-up

 

Hi, I'm hoping to get this family computer cleaned.  tdds and adw seemed to work when i googled some articles a few months ago but each time, the embeded and pop-up material would return after a few days.  Here's the dds log:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.7.2
Run by user at 0:04:50 on 2014-02-07
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2014\avgrsx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2014\avgidsagent.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\AVG\AVG2014\avgnsx.exe
C:\Program Files\AVG\AVG2014\avgemcx.exe
C:\ProgramData\DatacardService\HWDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
C:\ProgramData\WIND\OnlineUpdate\ouc.exe
C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG2014\avgui.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\AVG\AVG2014\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/video_and_audio/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: VeriSoft Access Manager: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\bioscrypt\verisoft\bin\ItIEAddIn.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Facebook Update] "c:\users\user\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [AVG-Secure-Search-Update_1113a] c:\users\user\appdata\roaming\avg 1113a campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d /CMPID=1113a
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\bioscr~1\verisoft\bin\ASTSVCC.dll,RegisterModule
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{21A079CB-F58F-460A-B39A-B0369B5A8F4B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{8551C11D-95C7-4D2B-9729-BF8E9D4F259A} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{9D76396F-826C-48B4-9935-3397F2630A21} : DHCPNameServer = 64.71.255.198
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\17.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= apshook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  scecli ASWLNPkg
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\qhl4hxby.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\17.3.0\npsitesafety.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_44.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-12-10 19:01; avg@toolbar; c:\programdata\avg safeguard toolbar\firefoxext\17.2.0.38
.
============= SERVICES / DRIVERS ===============
.
R? BthAvrcp;Bluetooth AVRCP Profile
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? csr_a2dp;Bluetooth AV Profile
R? ew_hwusbdev;Huawei MobileBroadband USB PNP Device
R? ewusbnet;HUAWEI USB-NDIS miniport
R? hwmobile;Huawei FP Handset USB Modem and USB Serial
R? hwmobilehsn;High Speed USB Modem and USB Serial For Normal
R? IcRecUsb;IC Recorder Driver
R? McComponentHostService;McAfee Security Scan Component Host Service
R? SkypeUpdate;Skype Updater
R? WIND. RunOuc;WIND. OUC
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
R? zghsdiag;ZTE General Handset Diagnostic Port
R? zghsmdm;ZTE General Handset USB Modem Proprietary
R? zghsnmea;ZTE General Handset NMEA Port
S? !SASCORE;SAS Core Service
S? AdvancedSystemCareService6;Advanced SystemCare Service 6
S? ASBroker;Logon Session Broker
S? ASChannel;Local Communication Channel
S? Avgdiskx;AVG Disk Driver
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHX;AVGIDSHX
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avglogx;AVG Logging Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? Blackberry Device Manager;Blackberry Device Manager
S? Com4QLBEx;Com4QLBEx
S? FontCache;Windows Font Cache Service
S? huawei_enumerator;huawei_enumerator
S? HWDeviceService.exe;HWDeviceService.exe
S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? NAUpdate;Nero Update
S? NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SmartDefragDriver;SmartDefragDriver
S? TuneUp.UtilitiesSvc;AVG PC TuneUp Service
S? TuneUpUtilitiesDrv;TuneUpUtilitiesDrv
S? vToolbarUpdater17.3.0;vToolbarUpdater17.3.0
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-02-05 18:06:44    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 18:06:44    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-03 20:00:28    16400    ----a-w-    c:\windows\system32\drivers\LNonPnP.sys
2013-12-11 00:01:07    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-11-19 08:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2013-11-14 22:42:41    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-11-14 22:42:32    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-11-14 22:38:54    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-11-14 22:35:52    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
.
============= FINISH:  0:13:30.87 ===============
 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 07 February 2014 - 04:12 AM

Hi,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 08 February 2014 - 10:43 PM

Hi aharonov,

 

I had a hard time finding this post using messages, forums, etc.  I dont use my email on the infected computer so I couldn't click on the link. I bookmarked it now hoping this helps me find it easily from now on.

 

Here are the posts:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2014
Ran by user (administrator) on USER-PC on 08-02-2014 22:12:33
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
() C:\ProgramData\WIND\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cognizance Corporation) C:\Program Files\Bioscrypt\VeriSoft\Bin\asghost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwucli.exe
(Microsoft Corporation) C:\WINDOWS\System32\sdclt.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [176128 2007-04-23] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [162912 2009-06-11] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [85600 2013-11-20] (Nullsoft, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-04] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\user\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d /CMPID=1113a
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: G - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {029bc325-daa0-11e1-8b65-a92df7aa7872} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {04bd9823-6665-11e2-b65c-c98ddc825755} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {04bd9824-6665-11e2-b65c-cf0532beacb6} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {13bb4805-6e44-11e2-8119-d53de5caef49} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {1901448c-63f3-11e2-a596-869a1cee0eac} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {27b2948a-68e8-11e2-96d8-b9abbe2c6474} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {27b2948b-68e8-11e2-96d8-b9abbe2c6474} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {2df6d67b-80e7-11e2-89dd-df8989abd099} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {43e38373-8719-11e1-9a13-d81738c747d8} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {43e88849-6663-11e2-8350-9b6b8ed10d65} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {462cd8f5-d21d-11e1-8e71-f8077c945026} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {46b5d7af-30db-11e1-9828-001e101f4da1} - K:\PMBP_Win.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {4c73a2a0-23e0-11e1-a9ca-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {4cbd3b2a-10c3-11e1-a91b-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {59dbc9bc-0271-11e1-92cc-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {59dbca76-0271-11e1-92cc-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {5e92a683-2588-11e1-a10e-806e6f6e6963} - F:\HWPcAssistant.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {8f5627aa-1071-11e1-ad6e-001e101fea31} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {8f5627b9-1071-11e1-ad6e-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {954c068f-12cb-11e1-ab6c-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {99d4e753-5ffc-11e2-8eaa-e0043eccb7fd} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {99d4e75f-5ffc-11e2-8eaa-e0043eccb7fd} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {acfd723c-0e5a-11e1-a37c-806e6f6e6963} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {acfd73d1-0e5a-11e1-a37c-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {b201e36b-02e8-11e1-a538-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {bbb5ac02-8721-11e1-90a7-dbe957be3fcd} - G:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {ce49ad00-21e1-11e1-bd6a-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {ce49ad05-21e1-11e1-bd6a-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {e1fbce93-73b3-11e2-abcf-fb5852bd5dea} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {e1fbce94-73b3-11e2-abcf-fb5852bd5dea} - G:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca4780-6065-11e2-823d-87bb6093de0e} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca4791-6065-11e2-823d-87bb6093de0e} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca47a4-6065-11e2-823d-b5bbb03e5f53} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f27d5aca-0de0-11e1-9f25-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f5b763dd-7204-11e2-9533-ec16fd67e11b} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f5b763e4-7204-11e2-9533-ca03315b92c6} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\fc65b9ad-f476-4e82-afdf-6b4bb1ad7b11.com [5706480 2013-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-21] (Google Inc.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {2df6d67b-80e7-11e2-89dd-df8989abd099} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {5e92a683-2588-11e1-a10e-806e6f6e6963} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {6756f510-5a51-11e1-b727-9820ad2926e1} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {e1fbce94-73b3-11e2-abcf-fb5852bd5dea} - F:\Setup.exe
AppInit_DLLs: apshook.dll => C:\Windows\system32\apshook.dll [56832 2006-07-13] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/video_and_audio/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {640B7C8C-2E18-42C5-B660-31FAB716F443} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {640B7C8C-2E18-42C5-B660-31FAB716F443} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://mysearch.avg.com?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2013-12-29]

Chrome:
=======
CHR HomePage: homepage_is_newtabpage
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.1.2.1&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
CHR Extension: (Downloadu  keepper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha [2013-10-02]
CHR Extension: (AVG SafeGuard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2013-12-29]

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
R2 ASBroker; C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] ()
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532728 2013-10-31] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [30008 2013-10-31] (AVG)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2013-12-29] (AVG Secure Search)
S2 WIND. RunOuc; C:\Program Files\WIND\UpdateDog\ouc.exe [218624 2011-10-29] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-08 22:12 - 2014-02-08 22:13 - 00029162 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-08 22:12 - 2014-02-08 22:12 - 00000000 ____D () C:\FRST
2014-02-08 22:11 - 2014-02-08 22:11 - 01136640 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-02-08 09:21 - 2014-02-08 09:21 - 00000068 _____ () C:\Users\M\Downloads\listen.pls
2014-02-07 01:28 - 2011-03-25 21:49 - 00001849 _____ () C:\Users\user\Desktop\BlackYouthJobs w BADC.txt
2014-02-07 00:13 - 2014-02-07 00:16 - 00016891 _____ () C:\Users\user\Desktop\dds.txt
2014-02-07 00:13 - 2014-02-07 00:16 - 00008054 _____ () C:\Users\user\Desktop\attach.txt
2014-02-07 00:01 - 2014-02-07 00:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-06 00:48 - 2014-02-06 00:48 - 00069238 _____ () C:\Users\user\Desktop\TO REGISTER A BUSINESS - All Ontario.htm
2014-02-06 00:48 - 2014-02-06 00:48 - 00000439 _____ () C:\Users\user\Desktop\FEB 6 NOTES TODO 2014 G.txt
2014-02-04 12:41 - 2014-02-04 12:41 - 00019054 _____ () C:\Users\user\Desktop\Hire Police Rates (Paid Duty Officer) Toronto Police Service   To Serve and Protect.htm
2014-02-04 07:53 - 2014-02-04 07:53 - 00292086 _____ () C:\Users\user\Desktop\CUQ331Ok.htm
2014-02-04 02:45 - 2014-02-04 02:45 - 00164030 _____ () C:\Users\user\Desktop\Common causes and solutions to Backup, System Restore, and Complete PC Backup problems - updated! - The Storage Team at Microsoft - File Cabinet Blog - Site Home - TechNet Blogs.htm
2014-02-04 02:08 - 2014-02-04 02:08 - 00000818 _____ () C:\Users\user\Desktop\Internet Firefox.lnk
2014-01-23 12:22 - 2014-01-23 12:22 - 00013420 _____ () C:\Users\M\Desktop\Mint - Bell Fibe PVR_DVR.htm
2014-01-16 15:05 - 2014-01-16 15:16 - 00000000 ____D () C:\Users\M\Desktop\hrto union
2014-01-16 15:05 - 2014-01-16 15:05 - 00010401 _____ () C:\Users\M\Desktop\Practice Direction on Naming Respondents.htm
2014-01-16 15:03 - 2014-01-16 15:03 - 01070168 _____ (Solid State Networks) C:\Users\M\Downloads\install_reader10_en_mssd_awc_aih.exe
2014-01-11 14:23 - 2014-01-11 14:23 - 00001687 _____ () C:\Users\Public\Desktop\HP Help and Support.lnk

==================== One Month Modified Files and Folders =======

2014-02-08 22:13 - 2014-02-08 22:12 - 00029162 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-08 22:12 - 2014-02-08 22:12 - 00000000 ____D () C:\FRST
2014-02-08 22:11 - 2014-02-08 22:11 - 01136640 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-02-08 22:11 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-02-08 22:06 - 2012-04-05 23:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-08 21:31 - 2011-10-21 18:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-08 20:29 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 20:29 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 18:09 - 2013-03-08 23:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-08 10:52 - 2007-10-19 17:52 - 01705829 _____ () C:\Windows\WindowsUpdate.log
2014-02-08 09:21 - 2014-02-08 09:21 - 00000068 _____ () C:\Users\M\Downloads\listen.pls
2014-02-08 00:31 - 2011-10-21 18:06 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 10:31 - 2007-10-19 17:08 - 00000149 _____ () C:\Users\Public\Documents\hpqp.ini
2014-02-07 01:32 - 2006-11-02 05:33 - 00758794 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-07 01:06 - 2013-01-16 18:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-07 01:06 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 01:03 - 2007-10-19 15:55 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-02-07 01:03 - 2006-11-02 08:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-07 00:16 - 2014-02-07 00:13 - 00016891 _____ () C:\Users\user\Desktop\dds.txt
2014-02-07 00:16 - 2014-02-07 00:13 - 00008054 _____ () C:\Users\user\Desktop\attach.txt
2014-02-07 00:01 - 2014-02-07 00:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-06 23:21 - 2012-07-13 02:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-02-06 00:48 - 2014-02-06 00:48 - 00069238 _____ () C:\Users\user\Desktop\TO REGISTER A BUSINESS - All Ontario.htm
2014-02-06 00:48 - 2014-02-06 00:48 - 00000439 _____ () C:\Users\user\Desktop\FEB 6 NOTES TODO 2014 G.txt
2014-02-05 13:06 - 2012-04-05 23:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 13:06 - 2011-10-21 18:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 12:47 - 2013-12-10 19:01 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-02-04 12:41 - 2014-02-04 12:41 - 00019054 _____ () C:\Users\user\Desktop\Hire Police Rates (Paid Duty Officer) Toronto Police Service   To Serve and Protect.htm
2014-02-04 07:53 - 2014-02-04 07:53 - 00292086 _____ () C:\Users\user\Desktop\CUQ331Ok.htm
2014-02-04 02:45 - 2014-02-04 02:45 - 00164030 _____ () C:\Users\user\Desktop\Common causes and solutions to Backup, System Restore, and Complete PC Backup problems - updated! - The Storage Team at Microsoft - File Cabinet Blog - Site Home - TechNet Blogs.htm
2014-02-04 02:29 - 2013-10-11 23:19 - 00002875 _____ () C:\Windows\setupact.log
2014-02-04 02:08 - 2014-02-04 02:08 - 00000818 _____ () C:\Users\user\Desktop\Internet Firefox.lnk
2014-02-03 15:01 - 2013-11-05 22:53 - 00001749 _____ () C:\Windows\LkmdfCoInst.log
2014-02-03 15:00 - 2013-03-09 09:55 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-30 15:23 - 2012-05-31 15:07 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-01-23 12:22 - 2014-01-23 12:22 - 00013420 _____ () C:\Users\M\Desktop\Mint - Bell Fibe PVR_DVR.htm
2014-01-16 15:25 - 2013-03-13 22:13 - 00000000 ____D () C:\Users\M
2014-01-16 15:16 - 2014-01-16 15:05 - 00000000 ____D () C:\Users\M\Desktop\hrto union
2014-01-16 15:05 - 2014-01-16 15:05 - 00010401 _____ () C:\Users\M\Desktop\Practice Direction on Naming Respondents.htm
2014-01-16 15:03 - 2014-01-16 15:03 - 01070168 _____ (Solid State Networks) C:\Users\M\Downloads\install_reader10_en_mssd_awc_aih.exe
2014-01-15 03:11 - 2011-10-20 12:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-15 03:09 - 2013-08-15 02:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 03:01 - 2006-11-02 05:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-15 00:50 - 2013-03-24 03:40 - 00000000 ____D () C:\Users\G\AppData\Roaming\TuneUp Software
2014-01-14 22:00 - 2011-10-20 12:04 - 00000318 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-01-14 20:27 - 2007-10-19 17:18 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-01-11 14:23 - 2014-01-11 14:23 - 00001687 _____ () C:\Users\Public\Desktop\HP Help and Support.lnk
2014-01-11 14:22 - 2013-04-25 14:56 - 00000000 ____D () C:\Users\G\AppData\Roaming\Hewlett-Packard
2014-01-10 10:56 - 2007-10-19 16:17 - 00000000 ____D () C:\Program Files\Hewlett-Packard
2014-01-10 10:56 - 1999-03-30 13:17 - 00000000 ___HD () C:\System.sav
2014-01-10 10:52 - 2013-03-16 13:23 - 00000000 ____D () C:\Users\M\AppData\Roaming\HpUpdate

Files to move or delete:
====================
C:\Users\user\BOIE9_ENCA_VIS (1).EXE
C:\Users\user\BOIE9_ENCA_VIS.EXE


Some content of TEMP:
====================
C:\Users\G\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\M\AppData\Local\Temp\SP37614.exe
C:\Users\M\AppData\Local\Temp\SP39868.exe
C:\Users\M\AppData\Local\Temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 13:25

==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2014
Ran by user at 2014-02-08 22:14:45
Running from C:\Users\user\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (Version: 10.1.9 - Adobe Systems Incorporated)
Advanced SystemCare 6 (Version: 6.1 - IObit)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.62 - AuthenTec, Inc.) Hidden
AVG 2014 (Version: 14.0.3697 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG PC TuneUp (Version: 12.0.4020.9 - AVG Technologies)
AVG PC TuneUp (Version: 12.0.4020.9 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (Version: 12.0.4020.9 - AVG Technologies) Hidden
AVG SafeGuard toolbar (Version: 17.3.0.49 - AVG Technologies)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (Version: 6.0.1.37 - Research In Motion Ltd)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (Version:  - )
Canon My Printer (Version:  - )
CCleaner (Version: 4.06 - Piriform)
CloneDVD2 (Version: 2.9.3.0 - Elaborate Bytes)
Conexant HD Audio (Version: 4.36.7.61 - Conexant)
CyberLink YouCam (Version: 3.0.1811.7429 - CyberLink Corp.)
CyberLink YouCam (Version: 3.0.1811.7429 - CyberLink Corp.) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dialup (Version: 12.09.105 - Huawei Technologies Co.,Ltd)
DivX Setup (Version: 2.6.1.87 - DivX, LLC)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESU for Microsoft Vista (Version: 2.0.3.1 - Hewlett-Packard)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287 - Skype Limited)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (Version:  - )
HP Active Support Library (Version: 3.1.9.1 - Hewlett-Packard)
HP Active Support Library 32 bit components (Version: 1.0.9 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (Version: 5.1.0.2278 - Hewlett-Packard)
HP Doc Viewer (Version: 1.01.0005 - Hewlett-Packard)
HP Easy Setup - Frontend (Version: 5.1.0.2279 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (Version: 6.0.1.3700 - HP)
HP Photosmart Essential 2.0 (Version: 2.0 - HP)
HP Photosmart Essential2.5 (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (Version: 6.50.14.1 - Hewlett-Packard Company)
HP QuickPlay 3.2 (Version:  - )
HP Update (Version: 5.005.000.002 - Hewlett-Packard)
HP User Guides 0060 (Version: 1.02.0001 - Hewlett-Packard)
HP Wireless Assistant (Version: 3.00 F1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.2.2 - Hewlett-Packard) Hidden
HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden
Instmsi (Version: 1.0.0 - Panasonic)
Intel® Graphics Media Accelerator Driver (Version:  - )
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 17 (Version: 7.0.170 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Java™ SE Runtime Environment 6 (Version: 1.6.0.0 - Sun Microsystems, Inc.)
LightScribe  1.4.136.1 (Version: 1.4.136.1 - http://www.lightscribe.com) Hidden
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Marvell Miniport Driver (Version: 9.16.4.3 - Marvell)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0818 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSCU for Microsoft Vista (Version: 1.0.1.2 - Hewlett-Packard)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BurnExpress (Version: 12.5.00700 - Nero AG)
Nero ControlCenter (Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (Version: 11.0.20200 - Nero AG) Hidden
Nero Express (Version: 12.5.6000 - Nero AG) Hidden
Nero Express Help (CHM) (Version: 12.0.13000 - Nero AG) Hidden
Nero SharedVideoCodecs (Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (Version: 11.0.11800.31.0 - Nero AG) Hidden
NetWaiting (Version: 2.5.43 - BVRP Software, Inc)
Opera 12.16 (Version: 12.16.1860 - Opera Software ASA)
PC Suite (Version: 12.08.219 - Huawei Technologies Co.,Ltd)
PC Suite 2.0 (Version: 12 - Huawei Technologies Co.,Ltd)
Picasa 3 (Version: 3.9 - Google, Inc.)
Prerequisite installer (Version: 12.0.0003 - Nero AG) Hidden
PSSWCORE (Version: 2.00.5000 - Hewlett-Packard) Hidden
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02 - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (Version: 3.4.0 - Roxio)
Roxio Creator Copy (Version: 3.4.0 - Roxio)
Roxio Creator Data (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (Version: 3.4.0 - Roxio)
Roxio Creator Tools (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (Version: 9.0.551 - Roxio)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skype™ 6.10 (Version: 6.10.104 - Skype Technologies S.A.)
Smart Defrag 2 (Version: 2.7 - IObit)
Sony Picture Utility (Version: 2.0.05.13150 - Sony Corporation)
Sony USB Driver (Version: 2.00 - Sony Corporation)
Spybot - Search & Destroy (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (Version: 5.6.1014 - SUPERAntiSpyware.com)
Total Video Converter 3.71 100812 (Version:  - EffectMatrix Inc.)
Touch Pad Driver (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VeriSoft Access Manager (Version: 2.1.2.880.15 - Bioscrypt Inc.)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Winamp (Version: 5.66  - Nullsoft, Inc)
WIND (Version: 12.08.109 - Huawei Technologies Co.,Ltd)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.00 beta 4 (32-bit) (Version: 4.00.4 - win.rar GmbH)
XviD & MP3 Codec Pack (remove only) (Version:  - )
XviD MPEG-4 Video Codec (Version: XviD-1.0.3-20122004 - XviD Team (Koepi))
Yahoo! Messenger (Version:  - Yahoo! Inc.)
ZTE 3GPhone USB Driver 5.2066.1.7B01 (Version: 5.2066.1.7B01 - ZTE Corporation)

==================== Restore Points  =========================

03-02-2014 15:54:06 Windows Backup
03-02-2014 19:58:42 Windows Backup
04-02-2014 00:00:02 Windows Backup
04-02-2014 07:19:54 Windows Backup
05-02-2014 05:00:03 Scheduled Checkpoint
06-02-2014 04:53:08 Windows Backup
06-02-2014 05:58:58 Windows Backup
07-02-2014 00:02:39 Windows Backup
08-02-2014 07:01:43 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1E919E34-BB63-4C8B-91D3-4078FF8F4AB7} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {2F48882A-29B3-4A20-9C13-B5AD9FAF777E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {35631965-F049-46A2-9FC2-6EC790E3014D} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D3C29C7-8451-41AB-8007-9E25B09D56C1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {50DFCAA9-D37B-4D0F-80BC-0028DD428A7A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {63DC3A7C-813C-4834-8C9E-7EA05F9A67DE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6F776E26-9A06-441A-8F6E-90086DC0E08C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files\AVG\AVG PC TuneUp\OneClick.exe [2013-10-31] (AVG)
Task: {8C5B0C10-3A77-49B7-9E37-C4677805F8DB} - System32\Tasks\Hewlett-Packard online update program => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09] (Hewlett-Packard)
Task: {A4FAF196-8873-49EA-BE49-99DB06F6A137} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-21] (Google Inc.)
Task: {B3E9D62D-C01F-4BB5-A348-9C6270DBADD7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B699EB1A-D3E2-4155-AAF9-4EE3B3345463} - System32\Tasks\HP online update program => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-05-09] (Hewlett-Packard)
Task: {DBDA45B2-9156-4D5E-8B91-619DB9F50407} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.)
Task: {DFD1CCF9-218D-4F2B-BFD7-D729C335F078} - System32\Tasks\ASC6_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 6\Monitor.exe [2013-01-15] (IObit)
Task: {E0B8037A-3AB5-46F2-8E9C-DA2BFC01195F} - System32\Tasks\Adobe online update program => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2011-10-20] ()
Task: {E69C6428-F411-4211-95A3-21FA304309D1} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-19] (Microsoft Corporation)
Task: {F0C0E5FC-D79E-4532-99C7-7A88E748B425} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {F96E0A3D-5EFE-4CAE-881F-C205CEF8409F} - System32\Tasks\HPCeeScheduleForuser => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-03-23] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForuser.job => C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-10-20 12:32 - 2011-01-04 16:45 - 00139776 _____ () C:\Program Files\WinRAR\rarext.dll
2013-03-29 23:47 - 2013-01-15 17:59 - 00106304 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCComputerMenu.dll
2013-11-23 22:24 - 2010-07-29 18:19 - 00234496 _____ () C:\Program Files\Total Video Converter\TVCShellExt.dll
2013-03-29 23:47 - 2013-01-15 17:47 - 00143168 _____ () C:\Program Files\IObit\Advanced SystemCare 6\ASCExtMenu.dll
2007-10-19 17:07 - 2007-04-23 20:11 - 00114787 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2007-10-19 17:07 - 2007-04-23 20:11 - 00032768 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll
2007-10-19 17:07 - 2007-04-23 20:11 - 00237673 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2007-10-19 17:07 - 2007-04-23 20:11 - 00339968 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-28 19:25 - 2013-08-28 19:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2013-12-29 14:03 - 2013-12-29 14:03 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\log4cplusU.dll
2006-12-20 07:00 - 2006-12-20 07:00 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL
2012-12-28 23:05 - 2012-05-25 04:25 - 00921600 _____ () C:\Program Files\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #26
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name: Microsoft ISATAP Adapter #62
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

Name:
Description:
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Chic
Service: mouhid
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/08/2014 10:11:53 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\USER\DESKTOP\FRST.EXE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/08/2014 10:11:53 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\USER\DESKTOP\FRST.EXE> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog


Details:
    A device attached to the system is not functioning.   (0x8007001f)

Error: (02/08/2014 10:09:58 PM) (Source: Application Error) (User: )
Description: Faulting application TuneUpUtilitiesApp32.exe, version 12.0.4020.9, time stamp 0x527281a0, faulting module TuneUpUtilitiesApp32.exe, version 12.0.4020.9, time stamp 0x527281a0, exception code 0xc0000417, fault offset 0x0002c0b7,
process id 0xae4, application start time 0xTuneUpUtilitiesApp32.exe0.

Error: (02/08/2014 07:00:04 PM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).

Error: (02/08/2014 06:21:24 PM) (Source: Application Error) (User: )
Description: Faulting application firefox.exe, version 26.0.0.5087, time stamp 0x52a0d273, faulting module xul.dll, version 26.0.0.5087, time stamp 0x52a0d20a, exception code 0xc0000005, fault offset 0x0014e1a8,
process id 0x1afc, application start time 0xfirefox.exe0.

Error: (02/07/2014 07:00:03 PM) (Source: Windows Backup) (User: )
Description: File backup failed due to an error writing to the backup location F:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check your hardware configuration. (0x81000006).

Error: (02/07/2014 10:31:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15623063

Error: (02/07/2014 10:31:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15623063

Error: (02/07/2014 10:31:45 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/07/2014 10:31:41 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15619304


System errors:
=============
Error: (02/08/2014 10:02:35 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (02/07/2014 01:07:55 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (02/07/2014 01:07:52 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)

Error: (02/07/2014 01:07:00 AM) (Source: Service Control Manager) (User: )
Description: WIND. OUC%%1053

Error: (02/07/2014 01:07:00 AM) (Source: Service Control Manager) (User: )
Description: 30000WIND. OUC

Error: (02/07/2014 01:07:00 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (02/07/2014 01:07:00 AM) (Source: Service Control Manager) (User: )
Description: IC Recorder Driver%%1058

Error: (02/07/2014 01:02:22 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (02/04/2014 07:48:28 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Task Scheduler (CTS)CyberLink Background Capture Service (CBCS)%%1070

Error: (02/04/2014 07:48:24 AM) (Source: Service Control Manager) (User: )
Description: CyberLink Background Capture Service (CBCS)


Microsoft Office Sessions:
=========================
Error: (11/26/2013 09:11:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2102 seconds with 900 seconds of active time.  This session ended with a crash.

Error: (05/16/2013 11:21:41 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1996 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/14/2013 07:06:40 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 676 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (09/04/2012 08:14:16 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6327 seconds with 1740 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-02-08 22:13:42.193
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:41.709
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:41.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:40.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:40.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:39.665
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:39.182
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-08 22:13:38.651
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-11 00:33:00.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-11 00:32:59.455
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\avgidshx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3061.61 MB
Available physical RAM: 1446.83 MB
Total Pagefile: 6329.47 MB
Available Pagefile: 4456.86 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.2 MB

==================== Drives ================================

Drive c: (Computer Hard Drive) (Fixed) (Total:142 GB) (Free:62.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Back Up RECOVERY Drive) (Fixed) (Total:7.04 GB) (Free:2.7 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 149 GB) (Disk ID: B657DE00)
Partition 1: (Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 25 February 2014 - 05:53 AM

I'm sorry I missed your reply.


Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#5 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 25 February 2014 - 08:59 PM

Thanks for letting me know. Here's the report:

 

 

11:12:42.0128 0x130c  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
11:12:45.0843 0x130c  ============================================================
11:12:45.0843 0x130c  Current date / time: 2014/02/25 11:12:45.0843
11:12:45.0843 0x130c  SystemInfo:
11:12:45.0843 0x130c  
11:12:45.0843 0x130c  OS Version: 6.0.6002 ServicePack: 2.0
11:12:45.0843 0x130c  Product type: Workstation
11:12:45.0843 0x130c  ComputerName: USER-PC
11:12:45.0843 0x130c  UserName: user
11:12:45.0843 0x130c  Windows directory: C:\Windows
11:12:45.0843 0x130c  System windows directory: C:\Windows
11:12:45.0843 0x130c  Processor architecture: Intel x86
11:12:45.0843 0x130c  Number of processors: 2
11:12:45.0843 0x130c  Page size: 0x1000
11:12:45.0843 0x130c  Boot type: Normal boot
11:12:45.0843 0x130c  ============================================================
11:12:46.0576 0x130c  KLMD registered as C:\Windows\system32\drivers\52552381.sys
11:12:47.0028 0x130c  System UUID: {21BA0008-3EE4-E59D-8B2E-ED3DC3931495}
11:12:48.0276 0x130c  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:12:48.0292 0x130c  ============================================================
11:12:48.0292 0x130c  \Device\Harddisk0\DR0:
11:12:48.0292 0x130c  MBR partitions:
11:12:48.0292 0x130c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x11C027C1
11:12:48.0292 0x130c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11C02800, BlocksNum 0xE15000
11:12:48.0292 0x130c  ============================================================
11:12:48.0323 0x130c  C: <-> \Device\Harddisk0\DR0\Partition1
11:12:48.0386 0x130c  D: <-> \Device\Harddisk0\DR0\Partition2
11:12:48.0386 0x130c  ============================================================
11:12:48.0386 0x130c  Initialize success
11:12:48.0386 0x130c  ============================================================
11:13:18.0122 0x0a28  ============================================================
11:13:18.0122 0x0a28  Scan started
11:13:18.0122 0x0a28  Mode: Manual; SigCheck; TDLFS;
11:13:18.0122 0x0a28  ============================================================
11:13:18.0122 0x0a28  KSN ping started
11:13:43.0909 0x0a28  KSN ping finished: true
11:13:44.0221 0x0a28  ================ Scan system memory ========================
11:13:44.0221 0x0a28  System memory - ok
11:13:44.0221 0x0a28  ================ Scan services =============================
11:13:44.0330 0x0a28  [ 01E81C84AD1D0ACC61CF3CFD06632210, 1140756BA2F28CA8DFCFF8FD223654E6A78BA1B770A169CC557ECE0E01381B17 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
11:13:44.0673 0x0a28  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
11:13:54.0923 0x0a28  !SASCORE ( UnsignedFile.Multi.Generic ) - warning
11:14:10.0023 0x0a28  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
11:14:10.0101 0x0a28  ACPI - ok
11:14:10.0226 0x0a28  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:14:10.0257 0x0a28  AdobeARMservice - ok
11:14:10.0367 0x0a28  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:14:10.0429 0x0a28  AdobeFlashPlayerUpdateSvc - ok
11:14:10.0523 0x0a28  [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB, 0342700760874683A6DF4F149DACACEF0569D40C45FC5958C67100B3C5D9BBBC ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
11:14:10.0601 0x0a28  adp94xx - ok
11:14:10.0663 0x0a28  [ B84088CA3CDCA97DA44A984C6CE1CCAD, 87009809FB101BF51483FA32318CBCD209386582880C82417BE4FFAD1B04C8C1 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
11:14:10.0725 0x0a28  adpahci - ok
11:14:10.0772 0x0a28  [ 7880C67BCCC27C86FD05AA2AFB5EA469, C8B06E203EEA6EAD19651F212432005ABADFF21E2AA5699E34040527394F2677 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
11:14:10.0803 0x0a28  adpu160m - ok
11:14:10.0850 0x0a28  [ 9AE713F8E30EFC2ABCCD84904333DF4D, B0C7801AC6E0811C38F0474703F34283914C8873D851F59EE232834F7C0D8087 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
11:14:10.0897 0x0a28  adpu320 - ok
11:14:11.0100 0x0a28  [ CBFAA333EBA2E402A0439A3A0E5413F3, 46EBCE5740E613EFB31F7F97982E2CAA64046AAF00E598E71C4F6E7541AA4526 ] AdvancedSystemCareService6 C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
11:14:11.0178 0x0a28  AdvancedSystemCareService6 - ok
11:14:11.0209 0x0a28  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
11:14:11.0365 0x0a28  AeLookupSvc - ok
11:14:11.0459 0x0a28  [ 3911B972B55FEA0478476B2E777B29FA, 62545B90C7DD3F73777E62CD8264E611A4D71B6956CABFD2D820D25F41F471FD ] AFD             C:\Windows\system32\drivers\afd.sys
11:14:11.0552 0x0a28  AFD - ok
11:14:11.0630 0x0a28  [ EF23439CDD587F64C2C1B8825CEAD7D8, 762665CFC202B3E16CA2338887896FDF996331A363DC709F1EC088BF927133A3 ] agp440          C:\Windows\system32\drivers\agp440.sys
11:14:11.0661 0x0a28  agp440 - ok
11:14:11.0693 0x0a28  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
11:14:11.0724 0x0a28  aic78xx - ok
11:14:11.0771 0x0a28  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
11:14:11.0942 0x0a28  ALG - ok
11:14:11.0973 0x0a28  [ 90395B64600EBB4552E26E178C94B2E4, 73095893964DC7915983B58A567184FC51949C99341E7E0D04D70CC4C4F95E37 ] aliide          C:\Windows\system32\drivers\aliide.sys
11:14:12.0005 0x0a28  aliide - ok
11:14:12.0036 0x0a28  [ 2B13E304C9DFDFA5EB582F6A149FA2C7, 196CCE13E0376526B79D9C43D4071990576C4DD210A48E9E922B438AA11C95E7 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
11:14:12.0067 0x0a28  amdagp - ok
11:14:12.0098 0x0a28  [ 0577DF1D323FE75A739C787893D300EA, 079EF3CA18FB847DB7E62929071BFF007FAF390E1DBF4C59F28DAAC6B9C2DE51 ] amdide          C:\Windows\system32\drivers\amdide.sys
11:14:12.0129 0x0a28  amdide - ok
11:14:12.0145 0x0a28  [ DC487885BCEF9F28EECE6FAC0E5DDFC5, 24A62F6E628AD46273BC226F7BC3453A9C7B76F81ABB9FB801EBEFADB2AB7C9B ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
11:14:12.0457 0x0a28  AmdK7 - ok
11:14:12.0473 0x0a28  [ 0CA0071DA4315B00FC1328CA86B425DA, 4F816FA2197166A83A266084F9D5ED68876D0521D378F90F1314DD53C6FB8814 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
11:14:12.0613 0x0a28  AmdK8 - ok
11:14:12.0691 0x0a28  [ B49A709F65BF3BEAA2B03F8EC139D568, BEBBA53572CE395B233B523497F15DD272C66CF1CF77B2D78F72A9D03AD5D195 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
11:14:12.0785 0x0a28  ApfiltrService - ok
11:14:12.0847 0x0a28  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
11:14:12.0925 0x0a28  Appinfo - ok
11:14:13.0034 0x0a28  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:14:13.0065 0x0a28  Apple Mobile Device - ok
11:14:13.0112 0x0a28  [ 5F673180268BB1FDB69C99B6619FE379, C4307A861163F96648109046A6C7D53AB1C9B10D0B841DD1A7D147D22F462649 ] arc             C:\Windows\system32\drivers\arc.sys
11:14:13.0159 0x0a28  arc - ok
11:14:13.0206 0x0a28  [ 957F7540B5E7F602E44648C7DE5A1C05, F03C7708A6C9D2579ECE5A7413AFA068E1067D7191EC653A78BA4FEDE76CFBD8 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
11:14:13.0237 0x0a28  arcsas - ok
11:14:13.0331 0x0a28  [ 2EEDA27C19259C2340324EF7180D086B, 5426BF8EED7F87CEEA4D3EE1E721305A3703B0C490E01DE97DE5AFA0003C93D6 ] ASBroker        C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
11:14:13.0362 0x0a28  ASBroker - detected UnsignedFile.Multi.Generic ( 1 )
11:14:23.0377 0x0a28  ASBroker ( UnsignedFile.Multi.Generic ) - warning
11:14:23.0377 0x0a28  Force sending object to P2P due to detect: C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll
11:14:38.0415 0x0a28  Object send P2P result: true
11:14:58.0508 0x0a28  [ BB3C0521ECCA4BB17AC55EB640DF0FA5, 125B285960B45E0384EB1770B10488BEBB87F6CD1785EA83C0C24CDD9B9EDEAF ] ASChannel       C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll
11:14:58.0555 0x0a28  ASChannel - detected UnsignedFile.Multi.Generic ( 1 )
11:15:08.0570 0x0a28  ASChannel ( UnsignedFile.Multi.Generic ) - warning
11:15:23.0406 0x0a28  [ B979979AB8027F7F53FB16EC4229B7DB, 3D50396B13B494D0082266C29C40715981CA105F6E407288C71410D4B833BB10 ] ASPI32          C:\Windows\system32\drivers\ASPI32.sys
11:15:23.0468 0x0a28  ASPI32 - detected UnsignedFile.Multi.Generic ( 1 )
11:15:33.0483 0x0a28  ASPI32 ( UnsignedFile.Multi.Generic ) - warning
11:15:33.0483 0x0a28  Force sending object to P2P due to detect: C:\Windows\system32\drivers\ASPI32.sys
11:15:52.0999 0x0a28  Object send P2P result: true
11:16:13.0154 0x0a28  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:16:13.0201 0x0a28  aspnet_state - ok
11:16:13.0248 0x0a28  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
11:16:13.0341 0x0a28  AsyncMac - ok
11:16:13.0404 0x0a28  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
11:16:13.0435 0x0a28  atapi - ok
11:16:13.0497 0x0a28  [ FB2162AFF83D519CD77431A1BC5EE0ED, D4077CC8F72A8B52EC61CFD85531FD53492F5650B23A2F4C9CC3F0390CA4E284 ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys
11:16:13.0560 0x0a28  ATSWPDRV - ok
11:16:13.0638 0x0a28  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:16:13.0731 0x0a28  AudioEndpointBuilder - ok
11:16:13.0778 0x0a28  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
11:16:13.0872 0x0a28  Audiosrv - ok
11:16:13.0950 0x0a28  [ 9C7C45DE9E167F6268D32D6D10133F7D, 58005B49AE6D5CABB3ECEFF0D800F53D6E81A67B5EFE25E9374EC061FEC5601F ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
11:16:13.0997 0x0a28  Avgdiskx - ok
11:16:14.0371 0x0a28  [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files\AVG\AVG2014\avgidsagent.exe
11:16:14.0902 0x0a28  AVGIDSAgent - ok
11:16:15.0121 0x0a28  [ C66B17D93F94622293608C2FB91C5806, 5BA6948A5328D73B1BAF6DACC7B2A842FD0072246DD416DE39F6993EAABC2997 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:16:15.0183 0x0a28  AVGIDSDriver - ok
11:16:15.0230 0x0a28  [ 0C70FAB4B08DC1FF6612AA3F352CFCA9, 6991B6A9E5063611C280968F758E6B0F431E19EB8539808531C6293A0F313C47 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
11:16:15.0277 0x0a28  AVGIDSHX - ok
11:16:15.0308 0x0a28  [ 4118A9D326A76D485713A36988102C3E, 10C494165258D091AB31533C37FA05C29013471D5B2D6BDA60F731715FA02248 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:16:15.0339 0x0a28  AVGIDSShim - ok
11:16:15.0386 0x0a28  [ 578ECC3D911897B2C5B760EDAF8ED6CA, 99CAACB349C8629D4BE6070BDBFB0BDB4A13ABFFF738F04D723D2AFE7EA58894 ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
11:16:15.0433 0x0a28  Avgldx86 - ok
11:16:15.0480 0x0a28  [ BD1A440B9F126AFE52978A44952B0018, 83577249AACC3F0C655C27A471739113B2086BFC1FF15D0ED7E64B0215B739DB ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
11:16:15.0542 0x0a28  Avglogx - ok
11:16:15.0573 0x0a28  [ 7DC192EC714342E7C020C7CF42E394D8, 09F4CFFD93067E62B09C550A7A0588E90CAD190E49E1B7082FC5A949AF389781 ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
11:16:15.0604 0x0a28  Avgmfx86 - ok
11:16:15.0636 0x0a28  [ E6322DF686CE1C59D7797FAEF0732454, 03534F19568B421F9BE9C99A7A5302D38FCABA26E95C49A492DA49E58A918B55 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
11:16:15.0667 0x0a28  Avgrkx86 - ok
11:16:15.0745 0x0a28  [ E98603F9D1F412F38ADF2F76053F9E5A, 1CE4668E0202ADD8C4C3D7D883DC837F7888F5D6E3B6FEE8338E15A86FE6AC22 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
11:16:15.0792 0x0a28  Avgtdix - ok
11:16:15.0854 0x0a28  [ 15ACA2AD17ACECA4814F249783E63AD3, AB8E74A5B8FC2FD04BA2B495610A8BE76408E9362A447D7069D5AAB8F3512F33 ] avgtp           C:\Windows\system32\drivers\avgtpx86.sys
11:16:15.0901 0x0a28  avgtp - ok
11:16:15.0963 0x0a28  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files\AVG\AVG2014\avgwdsvc.exe
11:16:16.0041 0x0a28  avgwd - ok
11:16:16.0135 0x0a28  [ CF6A67C90951E3E763D2135DEDE44B85, DD31F105665C6980D4CEF5C5C0F29590CF1DC0B4AEB3809C8659915E5E95931B ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
11:16:16.0322 0x0a28  BCM43XV - ok
11:16:16.0384 0x0a28  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
11:16:16.0478 0x0a28  Beep - ok
11:16:16.0556 0x0a28  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
11:16:16.0681 0x0a28  BFE - ok
11:16:16.0790 0x0a28  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\System32\qmgr.dll
11:16:16.0977 0x0a28  BITS - ok
11:16:17.0149 0x0a28  [ 686045905787B68D829CE647A6DFAD2B, 09B925A3E02B3BA45D5D408B59A279D3255AC854B3B696E243DCD14EF18CEC92 ] Blackberry Device Manager C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
11:16:17.0227 0x0a28  Blackberry Device Manager - detected UnsignedFile.Multi.Generic ( 1 )
11:16:27.0242 0x0a28  Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - warning
11:16:27.0242 0x0a28  Force sending object to P2P due to detect: C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
11:16:47.0257 0x0a28  Object send P2P result: false
11:17:01.0968 0x0a28  blbdrive - ok
11:17:02.0092 0x0a28  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
11:17:02.0155 0x0a28  Bonjour Service - ok
11:17:02.0217 0x0a28  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
11:17:02.0280 0x0a28  bowser - ok
11:17:02.0326 0x0a28  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
11:17:02.0389 0x0a28  BrFiltLo - ok
11:17:02.0420 0x0a28  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
11:17:02.0482 0x0a28  BrFiltUp - ok
11:17:02.0545 0x0a28  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
11:17:02.0638 0x0a28  Browser - ok
11:17:02.0685 0x0a28  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
11:17:02.0826 0x0a28  Brserid - ok
11:17:02.0857 0x0a28  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
11:17:02.0997 0x0a28  BrSerWdm - ok
11:17:03.0013 0x0a28  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
11:17:03.0138 0x0a28  BrUsbMdm - ok
11:17:03.0169 0x0a28  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
11:17:03.0309 0x0a28  BrUsbSer - ok
11:17:03.0356 0x0a28  [ 3472331B9D460212965B51A8D38E8BEC, FE68C9D1A94D945EE74E8C29366E6AACEF38A1C7E02FBFB0728F205E6381E32D ] BthAvrcp        C:\Windows\system32\DRIVERS\BthAvrcp.sys
11:17:03.0418 0x0a28  BthAvrcp - ok
11:17:03.0481 0x0a28  [ 6D39C954799B63BA866910234CF7D726, 1D807C3410C01C76E5810D626F23C1CCED3C9C5A65F39267B770C494C8D64114 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
11:17:03.0559 0x0a28  BthEnum - ok
11:17:03.0606 0x0a28  [ 9A966A8E86D1771911AE34A20D11BFF3, FBD5F621A47A3530B325816E71F0C4BCE5CCE731C57DEBD42ACFC8BCAA258656 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
11:17:03.0699 0x0a28  BTHMODEM - ok
11:17:03.0746 0x0a28  [ 5904EFA25F829BF84EA6FB045134A1D8, 66E4160CC404744576BA6E9DD606B533F42B3D4A3E2FDD457DAA016CC72A81CC ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
11:17:03.0824 0x0a28  BthPan - ok
11:17:03.0933 0x0a28  [ 611FF3F2F095C8D4A6D4CFD9DCC09793, 2F27A1287ABCDB9C316EB720D1855100666240959CF969D5B2679C9ABCBD6050 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
11:17:04.0027 0x0a28  BTHPORT - ok
11:17:04.0074 0x0a28  [ A4C8377FA4A994E07075107DBE2E3DCE, C3CDAA7B83D130100044341C23897CC6C257FA075A8D08B8551F4A28AE8CE6C4 ] BthServ         C:\Windows\System32\bthserv.dll
11:17:04.0136 0x0a28  BthServ - ok
11:17:04.0167 0x0a28  [ D330803EAB2A15CAEC7F011F1D4CB30E, 240FFF317C90AD8966DA9666F2748F98CEC3CB99C486F399D1C68FE0E393EE68 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
11:17:04.0214 0x0a28  BTHUSB - ok
11:17:04.0276 0x0a28  [ 27798380A88FFEDB4A99EA805FCFD20E, DF11077B74175A02BC337749616AF8B91D3B9B908CE62E2264347A51BB15888F ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
11:17:04.0308 0x0a28  btwaudio - ok
11:17:04.0370 0x0a28  [ 751CBE2EDC33C58A6278E2EBBC7D964A, 91AFAADF4918CE7FE24A094CC69D5FDA8FA765B3B1F1549FFCBF59AB23B2E652 ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
11:17:04.0401 0x0a28  btwavdt - ok
11:17:04.0432 0x0a28  [ 01CE69AB974BBA289755AE8C87F4079C, D200CDCA9E14A4F7AC946AB204BAD85587161CDCD5F76A2A481FF6481AA81DD3 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
11:17:04.0464 0x0a28  btwrchid - ok
11:17:04.0510 0x0a28  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
11:17:04.0588 0x0a28  cdfs - ok
11:17:04.0651 0x0a28  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
11:17:04.0729 0x0a28  cdrom - ok
11:17:04.0807 0x0a28  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
11:17:04.0869 0x0a28  CertPropSvc - ok
11:17:04.0900 0x0a28  [ DA8E0AFC7BAA226C538EF53AC2F90897, 2BBB9966671A3B8325D215DBC29FBD7D912C13ADC562A0D4521D1FF9A6F445C0 ] circlass        C:\Windows\system32\drivers\circlass.sys
11:17:05.0041 0x0a28  circlass - ok
11:17:05.0150 0x0a28  [ DBAFC6734C054FEEF9087754BD80F847, 96E72640DE42602D78CD4ECB56AFF756309A98ADFDB1A132A93E14ED73C39EB7 ] CLCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
11:17:05.0212 0x0a28  CLCapSvc - detected UnsignedFile.Multi.Generic ( 1 )
11:17:15.0228 0x0a28  CLCapSvc ( UnsignedFile.Multi.Generic ) - warning
11:17:31.0124 0x0a28  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
11:17:31.0186 0x0a28  CLFS - ok
11:17:31.0249 0x0a28  [ 8EE772032E2FE80A924F3B8DD5082194, B743DF91563A22CC15D9B44105804B5866A29D3DFC156DBE88DFAFEF903B94C0 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:17:31.0280 0x0a28  clr_optimization_v2.0.50727_32 - ok
11:17:31.0342 0x0a28  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:17:31.0420 0x0a28  clr_optimization_v4.0.30319_32 - ok
11:17:31.0483 0x0a28  [ E67F8F036FD882E4AB62501C0D45B536, A65E39C61E918EFEC1EBF5D8B456D6383B2B15A09A4BC98B45D793C879287898 ] CLSched         C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
11:17:31.0530 0x0a28  CLSched - detected UnsignedFile.Multi.Generic ( 1 )
11:17:41.0545 0x0a28  CLSched ( UnsignedFile.Multi.Generic ) - warning
11:18:01.0606 0x0a28  [ 99AFC3795B58CC478FBBBCDC658FCB56, 0D1B27C42A058C5D56A0157B5ECA9A054254F6B9C8015D0321021A7EFCE10CE2 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
11:18:01.0684 0x0a28  CmBatt - ok
11:18:01.0731 0x0a28  [ 45201046C776FFDAF3FC8A0029C581C8, 68A68CF2B76598BC8610EB5B2D3FD5BDC9D51CFC6F51FB7A0B0C92A2BE910FC6 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
11:18:01.0762 0x0a28  cmdide - ok
11:18:01.0840 0x0a28  [ B6E7991E3D6146C04C85CD31AF22A381, 808393C7C5E59F273D03C62745A2AF759F588C102EDB6A2B8DD94C9A6AAF3F10 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
11:18:01.0903 0x0a28  CnxtHdAudService - ok
11:18:02.0012 0x0a28  [ C7A0E61D5714AC20DE52D4F66EC773B8, 53F0C91FD62E6787221EFB4BFDB087C2087CACD6B0C0605F58FC391F546EBA7A ] Com4QLBEx       C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:18:02.0059 0x0a28  Com4QLBEx - ok
11:18:02.0106 0x0a28  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
11:18:02.0152 0x0a28  Compbatt - ok
11:18:02.0168 0x0a28  COMSysApp - ok
11:18:02.0184 0x0a28  [ 2A213AE086BBEC5E937553C7D9A2B22C, 1F91ACC0426E0ED1717555B282F65629EF15021375B24A63C29C89ADE916EE2A ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
11:18:02.0230 0x0a28  crcdisk - ok
11:18:02.0246 0x0a28  [ 22A7F883508176489F559EE745B5BF5D, D6341E3FBC8A46D2D1F0477FA60EC4828B585D35B14609CD02868FD04ECD14DB ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
11:18:02.0371 0x0a28  Crusoe - ok
11:18:02.0433 0x0a28  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
11:18:02.0511 0x0a28  CryptSvc - ok
11:18:02.0589 0x0a28  [ 1EA279E858EC0B17C0F426009951E373, C2A4DE4293CB5E8E8B2C26B690A972E643D28991CF8561C069854E166733A91C ] csr_a2dp        C:\Windows\system32\drivers\bthav.sys
11:18:02.0652 0x0a28  csr_a2dp - ok
11:18:02.0745 0x0a28  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
11:18:02.0901 0x0a28  DcomLaunch - ok
11:18:02.0948 0x0a28  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
11:18:03.0026 0x0a28  DfsC - ok
11:18:03.0260 0x0a28  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
11:18:03.0603 0x0a28  DFSR - ok
11:18:03.0712 0x0a28  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
11:18:03.0806 0x0a28  Dhcp - ok
11:18:03.0837 0x0a28  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
11:18:03.0884 0x0a28  disk - ok
11:18:03.0931 0x0a28  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
11:18:03.0993 0x0a28  Dnscache - ok
11:18:04.0040 0x0a28  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
11:18:04.0134 0x0a28  dot3svc - ok
11:18:04.0180 0x0a28  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
11:18:04.0290 0x0a28  DPS - ok
11:18:04.0368 0x0a28  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
11:18:04.0446 0x0a28  drmkaud - ok
11:18:04.0602 0x0a28  [ 988670D8343EF9835FB3659DB71B2EFA, 5F5370FDD08C4BFF0828341952E98E95F722CB779EEC08C9DD6212C4DF3CD33B ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
11:18:04.0711 0x0a28  DXGKrnl - ok
11:18:04.0773 0x0a28  [ C0B00E55CF82D122D25983C7A6A53DEA, 88C7A1A4907DD03F025A0E523887ADBDEB5AE0AFF7CD726FE00CDD0380BA93D7 ] E100B           C:\Windows\system32\DRIVERS\e100b325.sys
11:18:04.0914 0x0a28  E100B - ok
11:18:04.0945 0x0a28  [ F88FB26547FD2CE6D0A5AF2985892C48, F02E06E16830F5D3FAF61991F5A91E54BB3461F58AFE3BFB7A9066CD302B879F ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
11:18:05.0085 0x0a28  E1G60 - ok
11:18:05.0163 0x0a28  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
11:18:05.0241 0x0a28  EapHost - ok
11:18:05.0319 0x0a28  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
11:18:05.0382 0x0a28  Ecache - ok
11:18:05.0460 0x0a28  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
11:18:05.0553 0x0a28  ehRecvr - ok
11:18:05.0600 0x0a28  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
11:18:05.0678 0x0a28  ehSched - ok
11:18:05.0694 0x0a28  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
11:18:05.0740 0x0a28  ehstart - ok
11:18:05.0803 0x0a28  [ D71233D7CCC2E64F8715A20428D5A33B, ECCF5820CFFFC083EA6A5D310E2E09CA61C0DCFEE1E58AD94D2A565CA86A87F3 ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
11:18:05.0850 0x0a28  ElbyCDIO - ok
11:18:05.0928 0x0a28  [ E8F3F21A71720C84BCF423B80028359F, 63114E6120F634224A0E83A5047B37C7D6F26CF99FE3C01CFC0AB8B1763BB084 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
11:18:06.0021 0x0a28  elxstor - ok
11:18:06.0115 0x0a28  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
11:18:06.0302 0x0a28  EMDMgmt - ok
11:18:06.0411 0x0a28  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
11:18:06.0536 0x0a28  EventSystem - ok
11:18:06.0598 0x0a28  [ E1556AF3FB0284C32896B9AC8494D9C2, 9DB34E517F88B8727ABBE2ADDD723714B3AD94A8D13A3A0FD7F05F19F715D37E ] ewusbnet        C:\Windows\system32\DRIVERS\ewusbnet.sys
11:18:06.0676 0x0a28  ewusbnet - ok
11:18:06.0723 0x0a28  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7, 9AAF39AA22372FB8582C1422581C08E61444BF843E1CE2E199EB00FBEA6F9C06 ] ew_hwusbdev     C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
11:18:06.0801 0x0a28  ew_hwusbdev - ok
11:18:06.0895 0x0a28  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
11:18:06.0957 0x0a28  exfat - ok
11:18:07.0004 0x0a28  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
11:18:07.0066 0x0a28  fastfat - ok
11:18:07.0113 0x0a28  [ 63BDADA84951B9C03E641800E176898A, AD3EA20CAD0E0C438422D5D39AEA9E0AAD9E1DC866A696AE503C76F5FAC4BE6E ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
11:18:07.0238 0x0a28  fdc - ok
11:18:07.0285 0x0a28  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
11:18:07.0363 0x0a28  fdPHost - ok
11:18:07.0410 0x0a28  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
11:18:07.0550 0x0a28  FDResPub - ok
11:18:07.0597 0x0a28  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
11:18:07.0644 0x0a28  FileInfo - ok
11:18:07.0690 0x0a28  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
11:18:07.0784 0x0a28  Filetrace - ok
11:18:07.0800 0x0a28  [ 6603957EFF5EC62D25075EA8AC27DE68, B52D112301A6BFBD60959D7D2502AB2E1EB6BB7F5DCED46899F1F006C7F1E887 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
11:18:07.0940 0x0a28  flpydisk - ok
11:18:07.0987 0x0a28  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
11:18:08.0049 0x0a28  FltMgr - ok
11:18:08.0190 0x0a28  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
11:18:08.0361 0x0a28  FontCache - ok
11:18:08.0455 0x0a28  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:18:08.0486 0x0a28  FontCache3.0.0.0 - ok
11:18:08.0533 0x0a28  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
11:18:08.0611 0x0a28  Fs_Rec - ok
11:18:08.0642 0x0a28  [ 4E1CD0A45C50A8882616CAE5BF82F3C5, 1B909AF150F7119A5685999451A85012F4A92F15F38390A281EA507E2D247BAE ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
11:18:08.0673 0x0a28  gagp30kx - ok
11:18:08.0736 0x0a28  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:18:08.0767 0x0a28  GEARAspiWDM - ok
11:18:08.0860 0x0a28  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
11:18:09.0001 0x0a28  gpsvc - ok
11:18:09.0141 0x0a28  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:09.0188 0x0a28  gupdate - ok
11:18:09.0204 0x0a28  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:09.0235 0x0a28  gupdatem - ok
11:18:09.0297 0x0a28  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
11:18:09.0344 0x0a28  gusvc - ok
11:18:09.0375 0x0a28  [ 93AEE3434935FC2F805FEFD8DC5ED1B4, EF4A76725B76FFB9EA14E6274A1FDE8482DA907A9B967E3D7EDD365BF132AD42 ] HBtnKey         C:\Windows\system32\DRIVERS\cpqbttn.sys
11:18:09.0422 0x0a28  HBtnKey - ok
11:18:09.0484 0x0a28  [ 07EEE11D6E2B78122E17DB3878B4C687, 1CBBDEB81705AFE1DC94A933274C0FE6F6AF708947C0DC23A063BD5DDFCA8080 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys
11:18:09.0547 0x0a28  HdAudAddService - ok
11:18:09.0640 0x0a28  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
11:18:09.0781 0x0a28  HDAudBus - ok
11:18:09.0828 0x0a28  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
11:18:09.0952 0x0a28  HidBth - ok
11:18:09.0984 0x0a28  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
11:18:10.0108 0x0a28  HidIr - ok
11:18:10.0155 0x0a28  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\system32\hidserv.dll
11:18:10.0218 0x0a28  hidserv - ok
11:18:10.0264 0x0a28  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
11:18:10.0342 0x0a28  HidUsb - ok
11:18:10.0389 0x0a28  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
11:18:10.0483 0x0a28  hkmsvc - ok
11:18:10.0561 0x0a28  [ A19B0BB5A7EB6DF2DD4A0711D36955EE, 307648CAFB3DDCD76FD730CA623945ED71D4276715A38D8CBB203C157C45F691 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
11:18:10.0592 0x0a28  HP Health Check Service - detected UnsignedFile.Multi.Generic ( 1 )
11:18:20.0607 0x0a28  HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
11:18:20.0607 0x0a28  Force sending object to P2P due to detect: c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
11:18:40.0622 0x0a28  Object send P2P result: false
11:18:55.0426 0x0a28  [ DF353B401001246853763C4B7AAA6F50, 05C043493BDD99DEFBB0F5C3D8C475B06C2BF5629565ACF6F3B754002519B836 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
11:18:55.0458 0x0a28  HpCISSs - ok
11:18:55.0520 0x0a28  [ 1210960FF8928950D2A786895B0C424A, 22C8785E024CFDD3A43FAEAAA96B8332C37E9B6C765AB7AFBCD3DAA2DC9EFFC7 ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:18:55.0598 0x0a28  HpqKbFiltr - ok
11:18:55.0629 0x0a28  [ FDF273A845F1FFCCEADF363AAF47582F, 9BB99346A977225EF77261CD3CF4219A238EB06FFE2DB91D00A0037BDCFECEF1 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
11:18:55.0692 0x0a28  hpqwmiex - ok
11:18:55.0801 0x0a28  [ 46D67209550973257601A533E2AC5785, 3C0D97781947BA8532344AA5D9F3B684761B5B3263A0A294F4593E76EE41DB0C ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:18:55.0910 0x0a28  HSFHWAZL - ok
11:18:56.0035 0x0a28  [ 1882827F41DEE51C70E24C567C35BFB5, C3508BDB045F0CB2205733D9F0CF7A2BEE03C4E4A8690B7D305EBEE887E588C6 ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:18:56.0269 0x0a28  HSF_DPV - ok
11:18:56.0331 0x0a28  [ A44DDF3BA83E4664BF4DE9220097578C, 1EF22D06F6954F8E46241E8D7F231DC4BC2F78D898A9515D95BDEB4A0D372194 ] HSXHWAZL        C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:18:56.0394 0x0a28  HSXHWAZL - ok
11:18:56.0456 0x0a28  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
11:18:56.0612 0x0a28  HTTP - ok
11:18:56.0659 0x0a28  [ BED3A9F86A637CC6C2C5296CD82423D8, 1D42C7131F477336C24A676D1B366713FF045169FE3815D9B5928EB2C2DD2ED9 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
11:18:56.0737 0x0a28  huawei_enumerator - ok
11:18:56.0784 0x0a28  [ A89423D0132C8AB69BA621B6CE191714, 6C3DD1B115411014F7B0B33817A53F09CCF4B2956C4C152AD59C4E24636BE79E ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
11:18:56.0862 0x0a28  hwdatacard - ok
11:18:56.0971 0x0a28  HWDeviceService.exe - ok
11:18:57.0033 0x0a28  [ 27B3069AC45315F307514F5D1A155FA5, 434BC218E8CEF9FC7D1D294E7049C74252C752F2C2BBD274B1238BFB04B0778F ] hwmobile        C:\Windows\system32\DRIVERS\hwusbser.sys
11:18:57.0096 0x0a28  hwmobile - ok
11:18:57.0142 0x0a28  [ 9A47EB8F3EAC3643F5D7FE407874B301, D436043F6C5CBCC4595BD1A4E6F425D6B86489DB49106F6D1A1F1D119163B19F ] hwmobilehsn     C:\Windows\system32\DRIVERS\hwmob01.sys
11:18:57.0220 0x0a28  hwmobilehsn - ok
11:18:57.0283 0x0a28  [ 324C2152FF2C61ABAE92D09F3CCA4D63, 2D09964C8003277F7DB1FFAA0DAEF15B205F3C4100FF601950BC9E544DC0B91F ] i2omp           C:\Windows\system32\drivers\i2omp.sys
11:18:57.0330 0x0a28  i2omp - ok
11:18:57.0423 0x0a28  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
11:18:57.0501 0x0a28  i8042prt - ok
11:18:57.0595 0x0a28  [ F79525634B192F5A18DE503568F94EF3, B02CAF3D03F813F78F2D0C2E24777AF64A59BD79D86AC1BE30825E5B95231E3E ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
11:18:57.0657 0x0a28  IAANTMON - ok
11:18:57.0938 0x0a28  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] ialm            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:18:58.0375 0x0a28  ialm - ok
11:18:58.0453 0x0a28  [ BAABB0301949774A66B955C65319635A, EEFF6FA5A09CD4FF40E404C9B52EC7DC9EA444B9810D4318B66216B18E6F1F10 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
11:18:58.0515 0x0a28  iaStor - ok
11:18:58.0624 0x0a28  [ C957BF4B5D80B46C5017BF0101E6C906, 6B9186335E50E7E0DBAF574A224E524EC526B57AA02F509E4A8D0F905C9CE880 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
11:18:58.0671 0x0a28  iaStorV - ok
11:18:58.0718 0x0a28  [ 16E441DC4DAF703FB0B0FE474830FF53, 8B49778108010EFF872315799ED3C00BB5945A695134E0025568876C348E9338 ] IcRecUsb        C:\Windows\system32\Drivers\IcRecUsb.sys
11:18:58.0796 0x0a28  IcRecUsb - ok
11:18:58.0843 0x0a28  [ 6F95324909B502E2651442C1548AB12F, FF1B104990FE186C6100ED229A45345FF695323AC778688EC11AA8F5A87B141E ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:18:58.0905 0x0a28  IDriverT - detected UnsignedFile.Multi.Generic ( 1 )
11:19:08.0920 0x0a28  IDriverT ( UnsignedFile.Multi.Generic ) - warning
11:19:23.0772 0x0a28  [ 98477B08E61945F974ED9FDC4CB6BDAB, C7E8F661F6FBF6AB493E950D2E70363496E155B1838CE7B490B981BD840B04FC ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:19:23.0959 0x0a28  idsvc - ok
11:19:24.0177 0x0a28  [ 9378D57E2B96C0A185D844770AD49948, AED244DDF125C867091D0A926B275EC1C60C89844C69595B1D1FC586F60F118A ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
11:19:24.0474 0x0a28  igfx - ok
11:19:24.0536 0x0a28  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
11:19:24.0583 0x0a28  iirsp - ok
11:19:24.0676 0x0a28  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
11:19:24.0801 0x0a28  IKEEXT - ok
11:19:24.0848 0x0a28  [ 97469037714070E45194ED318D636401, DDB5AE39BE0BD37ECB44969A5FA740E5B1169342347D0DB3E5DF0353A6708271 ] intelide        C:\Windows\system32\drivers\intelide.sys
11:19:24.0879 0x0a28  intelide - ok
11:19:24.0942 0x0a28  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
11:19:25.0020 0x0a28  intelppm - ok
11:19:25.0082 0x0a28  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
11:19:25.0176 0x0a28  IPBusEnum - ok
11:19:25.0222 0x0a28  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:19:25.0300 0x0a28  IpFilterDriver - ok
11:19:25.0363 0x0a28  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
11:19:25.0441 0x0a28  iphlpsvc - ok
11:19:25.0456 0x0a28  IpInIp - ok
11:19:25.0519 0x0a28  [ 40F34F8ABA2A015D780E4B09138B6C17, 22F86888C6B4F76836E863A90730D8F0DBD518305D87A399A159387E79E9D2F7 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
11:19:25.0659 0x0a28  IPMIDRV - ok
11:19:25.0722 0x0a28  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
11:19:25.0800 0x0a28  IPNAT - ok
11:19:25.0893 0x0a28  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
11:19:25.0971 0x0a28  iPod Service - ok
11:19:26.0018 0x0a28  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
11:19:26.0096 0x0a28  IRENUM - ok
11:19:26.0112 0x0a28  [ 350FCA7E73CF65BCEF43FAE1E4E91293, 68403FE3F4DC40919CD26A2CC42BE4386AE6874F47DD382348FFD79080721A13 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
11:19:26.0158 0x0a28  isapnp - ok
11:19:26.0236 0x0a28  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
11:19:26.0283 0x0a28  iScsiPrt - ok
11:19:26.0314 0x0a28  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
11:19:26.0361 0x0a28  iteatapi - ok
11:19:26.0377 0x0a28  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
11:19:26.0408 0x0a28  iteraid - ok
11:19:26.0470 0x0a28  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
11:19:26.0517 0x0a28  kbdclass - ok
11:19:26.0564 0x0a28  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
11:19:26.0626 0x0a28  kbdhid - ok
11:19:26.0658 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
11:19:26.0736 0x0a28  KeyIso - ok
11:19:26.0798 0x0a28  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
11:19:26.0892 0x0a28  KSecDD - ok
11:19:26.0970 0x0a28  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
11:19:27.0110 0x0a28  KtmRm - ok
11:19:27.0157 0x0a28  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\system32\srvsvc.dll
11:19:27.0235 0x0a28  LanmanServer - ok
11:19:27.0282 0x0a28  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:19:27.0375 0x0a28  LanmanWorkstation - ok
11:19:27.0484 0x0a28  [ FF9E074CCC950398C7D293E1D4D003B3, 542104549F47BB99E9B93503485E7FDA50CAECB6B8C05D00752446DBE69A006B ] LBTServ         C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
11:19:27.0547 0x0a28  LBTServ - ok
11:19:27.0625 0x0a28  [ 59CED2543392EB10B2E8FEAE87A5D248, 3C412D8CB95AF1591D97884B6E3A1761C9EBC8FB66FC44820B47AB7AAEDB195F ] LEqdUsb         C:\Windows\system32\Drivers\LEqdUsb.Sys
11:19:27.0656 0x0a28  LEqdUsb - ok
11:19:27.0687 0x0a28  [ 26163F0F1C2636AE3FFF7C54600204A5, ED0BC7A1B70706896E2CF4909ECE472C3F28D515ECA8251CE907129CBAEE678B ] LHidEqd         C:\Windows\system32\Drivers\LHidEqd.Sys
11:19:27.0718 0x0a28  LHidEqd - ok
11:19:27.0781 0x0a28  [ 74EA099C3D9DAD3A657BD89ED4A81C6D, AE0AED792857458CBBEDAD02462FDB5B687D06F5A33547A3EBB39812513BCEDA ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
11:19:27.0812 0x0a28  LHidFilt - ok
11:19:27.0859 0x0a28  [ 559C9B7800FAC92FC515CD0003D7C631, 1A2C2C3C8E1B862224267462EA3A3BE5A02FE3D0626B292A663CB1EBC8A1B2C5 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:19:27.0890 0x0a28  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
11:19:37.0905 0x0a28  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
11:19:57.0982 0x0a28  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
11:19:58.0060 0x0a28  lltdio - ok
11:19:58.0123 0x0a28  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
11:19:58.0232 0x0a28  lltdsvc - ok
11:19:58.0263 0x0a28  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
11:19:58.0372 0x0a28  lmhosts - ok
11:19:58.0419 0x0a28  [ E9D42CDD5BD22BE28247B77953735650, A3CB9B62278830A40150C079370431B71BF5D04240CCE48D116D467D94006402 ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
11:19:58.0450 0x0a28  LMouFilt - ok
11:19:58.0497 0x0a28  [ A2262FB9F28935E862B4DB46438C80D2, 792684A68726BC007ACABB584682FDF4F059AE60888FB5B47ED68A97EA0BB5E6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
11:19:58.0544 0x0a28  LSI_FC - ok
11:19:58.0575 0x0a28  [ 30D73327D390F72A62F32C103DAF1D6D, 7BB5BFB0DCF33AF9907539B52DF7BA1943C1E75A17715B58DBC702ACA6D406EA ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
11:19:58.0606 0x0a28  LSI_SAS - ok
11:19:58.0638 0x0a28  [ E1E36FEFD45849A95F1AB81DE0159FE3, DA02B23A881D156A02D3874B41E6D042F84AD558B434280A6A6AC6B619668647 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
11:19:58.0669 0x0a28  LSI_SCSI - ok
11:19:58.0716 0x0a28  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
11:19:58.0825 0x0a28  luafv - ok
11:19:58.0887 0x0a28  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
11:19:58.0934 0x0a28  MBAMProtector - ok
11:19:59.0012 0x0a28  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:19:59.0106 0x0a28  MBAMScheduler - ok
11:19:59.0199 0x0a28  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:19:59.0308 0x0a28  MBAMService - ok
11:19:59.0464 0x0a28  [ 8566E3E7E14517C3142F9EBAF68C3CF4, 1E7A279B8EF1FA8C4D7DB0B72E031DDC39D82FC694A22808BD6C76EF98BB7BF1 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
11:19:59.0527 0x0a28  McComponentHostService - ok
11:19:59.0574 0x0a28  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
11:19:59.0652 0x0a28  Mcx2Svc - ok
11:19:59.0683 0x0a28  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:19:59.0745 0x0a28  mdmxsdk - ok
11:19:59.0792 0x0a28  [ D153B14FC6598EAE8422A2037553ADCE, D5408B07B6EBA0146A605F11106497DC3DF8EC72E0DCC44BE1366A2A58ABE478 ] megasas         C:\Windows\system32\drivers\megasas.sys
11:19:59.0823 0x0a28  megasas - ok
11:19:59.0964 0x0a28  [ 123271BD5237AB991DC5C21FDF8835EB, 004F8F9228EE291A0E36CE33078D572D61733516F9AA5CFC832AF204C6869E89 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
11:19:59.0995 0x0a28  Microsoft Office Groove Audit Service - ok
11:20:00.0057 0x0a28  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
11:20:00.0151 0x0a28  MMCSS - ok
11:20:00.0198 0x0a28  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
11:20:00.0276 0x0a28  Modem - ok
11:20:00.0322 0x0a28  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
11:20:00.0400 0x0a28  monitor - ok
11:20:00.0447 0x0a28  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
11:20:00.0494 0x0a28  mouclass - ok
11:20:00.0541 0x0a28  [ BAA4ED3C323BEE7EBC144C7D232220A8, 139A2CDB6CDA02EE255862EF63971907DC4E8DDF7050F09C4093DEF02C7484E6 ] moufiltr        C:\Windows\system32\DRIVERS\moufiltr.sys
11:20:00.0588 0x0a28  moufiltr - ok
11:20:00.0619 0x0a28  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
11:20:00.0697 0x0a28  mouhid - ok
11:20:00.0759 0x0a28  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
11:20:00.0806 0x0a28  MountMgr - ok
11:20:00.0868 0x0a28  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:20:00.0915 0x0a28  MozillaMaintenance - ok
11:20:01.0009 0x0a28  [ 583A41F26278D9E0EA548163D6139397, 1F09D2FEEE1A8D4F1D9E53596158154099FD436A408F7E72E40F50778A3838A1 ] mpio            C:\Windows\system32\drivers\mpio.sys
11:20:01.0056 0x0a28  mpio - ok
11:20:01.0102 0x0a28  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
11:20:01.0180 0x0a28  mpsdrv - ok
11:20:01.0258 0x0a28  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
11:20:01.0368 0x0a28  MpsSvc - ok
11:20:01.0399 0x0a28  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
11:20:01.0446 0x0a28  Mraid35x - ok
11:20:01.0492 0x0a28  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
11:20:01.0555 0x0a28  MRxDAV - ok
11:20:01.0633 0x0a28  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
11:20:01.0711 0x0a28  mrxsmb - ok
11:20:01.0773 0x0a28  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:20:01.0851 0x0a28  mrxsmb10 - ok
11:20:01.0882 0x0a28  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:20:01.0945 0x0a28  mrxsmb20 - ok
11:20:02.0007 0x0a28  [ 742AED7939E734C36B7E8D6228CE26B7, 6F727144BBD42C9C5555087CA51DE8D501B5CBEFB9967866CC578733E3C5E681 ] msahci          C:\Windows\system32\drivers\msahci.sys
11:20:02.0054 0x0a28  msahci - ok
11:20:02.0085 0x0a28  [ 3FC82A2AE4CC149165A94699183D3028, 8575BE62A209672A5D8C68D75BBBB4FF06220CA73A939B0793442DAD2272598C ] msdsm           C:\Windows\system32\drivers\msdsm.sys
11:20:02.0132 0x0a28  msdsm - ok
11:20:02.0179 0x0a28  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
11:20:02.0272 0x0a28  MSDTC - ok
11:20:02.0335 0x0a28  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
11:20:02.0413 0x0a28  Msfs - ok
11:20:02.0460 0x0a28  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
11:20:02.0506 0x0a28  msisadrv - ok
11:20:02.0553 0x0a28  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
11:20:02.0647 0x0a28  MSiSCSI - ok
11:20:02.0662 0x0a28  msiserver - ok
11:20:02.0725 0x0a28  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
11:20:02.0818 0x0a28  MSKSSRV - ok
11:20:02.0865 0x0a28  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
11:20:02.0959 0x0a28  MSPCLOCK - ok
11:20:02.0974 0x0a28  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
11:20:03.0068 0x0a28  MSPQM - ok
11:20:03.0115 0x0a28  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
11:20:03.0177 0x0a28  MsRPC - ok
11:20:03.0193 0x0a28  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
11:20:03.0240 0x0a28  mssmbios - ok
11:20:03.0255 0x0a28  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
11:20:03.0333 0x0a28  MSTEE - ok
11:20:03.0349 0x0a28  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
11:20:03.0396 0x0a28  Mup - ok
11:20:03.0474 0x0a28  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
11:20:03.0614 0x0a28  napagent - ok
11:20:03.0676 0x0a28  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
11:20:03.0754 0x0a28  NativeWifiP - ok
11:20:03.0942 0x0a28  [ E0E4A1F81A7D69C595A8A9DDAD084C19, 8F55F3637AE8BFFB0ACE37AFC5122026525137E0B2923899B779C1BD08DF0E22 ] NAUpdate        C:\Program Files\Nero\Update\NASvc.exe
11:20:04.0051 0x0a28  NAUpdate - ok
11:20:04.0160 0x0a28  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
11:20:04.0254 0x0a28  NDIS - ok
11:20:04.0300 0x0a28  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
11:20:04.0378 0x0a28  NdisTapi - ok
11:20:04.0425 0x0a28  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
11:20:04.0519 0x0a28  Ndisuio - ok
11:20:04.0581 0x0a28  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
11:20:04.0644 0x0a28  NdisWan - ok
11:20:04.0706 0x0a28  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
11:20:04.0768 0x0a28  NDProxy - ok
11:20:04.0784 0x0a28  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
11:20:04.0878 0x0a28  NetBIOS - ok
11:20:04.0924 0x0a28  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
11:20:05.0018 0x0a28  netbt - ok
11:20:05.0034 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
11:20:05.0080 0x0a28  Netlogon - ok
11:20:05.0143 0x0a28  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
11:20:05.0268 0x0a28  Netman - ok
11:20:05.0392 0x0a28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:20:05.0455 0x0a28  NetMsmqActivator - ok
11:20:05.0470 0x0a28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:20:05.0533 0x0a28  NetPipeActivator - ok
11:20:05.0595 0x0a28  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
11:20:05.0704 0x0a28  netprofm - ok
11:20:05.0720 0x0a28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:20:05.0767 0x0a28  NetTcpActivator - ok
11:20:05.0798 0x0a28  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:20:05.0845 0x0a28  NetTcpPortSharing - ok
11:20:06.0032 0x0a28  [ A15F219208843A5A210C8CB391384453, E333018B7A841F1E1E6E4A56BA05B4A4FDF46866B3697747ADCF4CA0F43D8A1D ] NETw3v32        C:\Windows\system32\DRIVERS\NETw3v32.sys
11:20:06.0422 0x0a28  NETw3v32 - ok
11:20:06.0640 0x0a28  [ 1D73499A6664B4DA05D750FF83FDB274, 8A299843DFF7DEEFB639440074C63FC88548FE4EE897FBA9F3B0FE65D17C45FA ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
11:20:07.0046 0x0a28  NETw4v32 - ok
11:20:07.0374 0x0a28  [ 8DE67BD902095A13329FD82C85A1FA09, 7F0B058D0C306A845F7BF14B24B0BDBCE6F152A054331072549F46284E75A367 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
11:20:07.0904 0x0a28  NETw5v32 - ok
11:20:07.0966 0x0a28  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
11:20:08.0013 0x0a28  nfrd960 - ok
11:20:08.0060 0x0a28  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
11:20:08.0154 0x0a28  NlaSvc - ok
11:20:08.0216 0x0a28  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
11:20:08.0294 0x0a28  Npfs - ok
11:20:08.0356 0x0a28  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
11:20:08.0434 0x0a28  nsi - ok
11:20:08.0481 0x0a28  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
11:20:08.0575 0x0a28  nsiproxy - ok
11:20:08.0715 0x0a28  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
11:20:08.0918 0x0a28  Ntfs - ok
11:20:08.0980 0x0a28  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
11:20:09.0105 0x0a28  ntrigdigi - ok
11:20:09.0136 0x0a28  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
11:20:09.0230 0x0a28  Null - ok
11:20:09.0261 0x0a28  [ E69E946F80C1C31C53003BFBF50CBB7C, A0A4BC57822B2CBC75602A969E28DCEDE04B41CC084E1EF1532B1BCDAEAA43BB ] nvraid          C:\Windows\system32\drivers\nvraid.sys
11:20:09.0292 0x0a28  nvraid - ok
11:20:09.0324 0x0a28  [ 9E0BA19A28C498A6D323D065DB76DFFC, EA9E33ED2820ED39932FAE114A9CF1D87780ED6605D0260A6F22F920B48F34E9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
11:20:09.0370 0x0a28  nvstor - ok
11:20:09.0417 0x0a28  [ 07C186427EB8FCC3D8D7927187F260F7, 9AFDE1CB7B7232BD019804BFC691580B9CC2E51A5BC0E5584B23907D532600D8 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
11:20:09.0464 0x0a28  nv_agp - ok
11:20:09.0480 0x0a28  NwlnkFlt - ok
11:20:09.0495 0x0a28  NwlnkFwd - ok
11:20:09.0620 0x0a28  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:20:09.0714 0x0a28  odserv - ok
11:20:09.0776 0x0a28  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
11:20:09.0838 0x0a28  ohci1394 - ok
11:20:09.0916 0x0a28  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:20:09.0963 0x0a28  ose - ok
11:20:10.0072 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
11:20:10.0244 0x0a28  p2pimsvc - ok
11:20:10.0306 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
11:20:10.0400 0x0a28  p2psvc - ok
11:20:10.0462 0x0a28  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
11:20:10.0587 0x0a28  Parport - ok
11:20:10.0634 0x0a28  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
11:20:10.0681 0x0a28  partmgr - ok
11:20:10.0696 0x0a28  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
11:20:10.0837 0x0a28  Parvdm - ok
11:20:10.0884 0x0a28  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
11:20:10.0946 0x0a28  PcaSvc - ok
11:20:11.0008 0x0a28  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
11:20:11.0071 0x0a28  pci - ok
11:20:11.0118 0x0a28  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
11:20:11.0164 0x0a28  pciide - ok
11:20:11.0196 0x0a28  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
11:20:11.0242 0x0a28  pcmcia - ok
11:20:11.0367 0x0a28  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
11:20:11.0632 0x0a28  PEAUTH - ok
11:20:11.0820 0x0a28  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
11:20:12.0116 0x0a28  pla - ok
11:20:12.0194 0x0a28  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
11:20:12.0288 0x0a28  PlugPlay - ok
11:20:12.0366 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
11:20:12.0490 0x0a28  PNRPAutoReg - ok
11:20:12.0568 0x0a28  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
11:20:12.0678 0x0a28  PNRPsvc - ok
11:20:12.0740 0x0a28  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
11:20:12.0849 0x0a28  PolicyAgent - ok
11:20:12.0896 0x0a28  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
11:20:13.0005 0x0a28  PptpMiniport - ok
11:20:13.0068 0x0a28  [ 0E3CEF5D28B40CF273281D620C50700A, 8ADA99B4563AE2129B95136295EE92A94102B035EBBC83D4C8587ECE8B0DEE60 ] Processor       C:\Windows\system32\drivers\processr.sys
11:20:13.0192 0x0a28  Processor - ok
11:20:13.0239 0x0a28  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
11:20:13.0333 0x0a28  ProfSvc - ok
11:20:13.0364 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
11:20:13.0411 0x0a28  ProtectedStorage - ok
11:20:13.0473 0x0a28  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
11:20:13.0551 0x0a28  PSched - ok
11:20:13.0567 0x0a28  [ D86B4A68565E444D76457F14172C875A, 06B1CF81A62B3DAA8D0C5A8B88C56A504DE8E9278C520F754AF363A6676C58B0 ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
11:20:13.0614 0x0a28  PxHelp20 - ok
11:20:13.0723 0x0a28  [ CCDAC889326317792480C0A67156A1EC, 3D3B561B6D4E12DE442C98993C929765F002AF5CFB5A00EFACE6ABE957F7E8AF ] ql2300          C:\Windows\system32\drivers\ql2300.sys
11:20:13.0848 0x0a28  ql2300 - ok
11:20:13.0894 0x0a28  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
11:20:13.0941 0x0a28  ql40xx - ok
11:20:13.0988 0x0a28  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
11:20:14.0082 0x0a28  QWAVE - ok
11:20:14.0113 0x0a28  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
11:20:14.0175 0x0a28  QWAVEdrv - ok
11:20:14.0206 0x0a28  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
11:20:14.0300 0x0a28  RasAcd - ok
11:20:14.0331 0x0a28  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
11:20:14.0425 0x0a28  RasAuto - ok
11:20:14.0487 0x0a28  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
11:20:14.0565 0x0a28  Rasl2tp - ok
11:20:14.0643 0x0a28  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
11:20:14.0737 0x0a28  RasMan - ok
11:20:14.0799 0x0a28  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
11:20:14.0862 0x0a28  RasPppoe - ok
11:20:14.0940 0x0a28  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
11:20:15.0002 0x0a28  RasSstp - ok
11:20:15.0064 0x0a28  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
11:20:15.0174 0x0a28  rdbss - ok
11:20:15.0220 0x0a28  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
11:20:15.0298 0x0a28  RDPCDD - ok
11:20:15.0361 0x0a28  [ E8BD98D46F2ED77132BA927FCCB47D8B, 5187CF8F00AD67EDDF27DF675F3210C0D72E552578A89C58DF6953B1D5BEBCB8 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
11:20:15.0501 0x0a28  rdpdr - ok
11:20:15.0517 0x0a28  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
11:20:15.0642 0x0a28  RDPENCDD - ok
11:20:15.0720 0x0a28  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
11:20:15.0798 0x0a28  RDPWD - ok
11:20:15.0860 0x0a28  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
11:20:15.0954 0x0a28  RemoteAccess - ok
11:20:16.0000 0x0a28  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
11:20:16.0110 0x0a28  RemoteRegistry - ok
11:20:16.0172 0x0a28  [ 6482707F9F4DA0ECBAB43B2E0398A101, 7D57FC36577121D7E26A4F2D46DCA8725D55EC9F75B91DF994DB742BC4FB89C2 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
11:20:16.0250 0x0a28  RFCOMM - ok
11:20:16.0344 0x0a28  [ C35CA13D3627EBD9DD12A23CE781BC3D, 2EFB90D13A0203CA7680ABC45618A0F6FD89DA49913D689C88C5EF5D7A0E2B45 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
11:20:16.0406 0x0a28  rimmptsk - ok
11:20:16.0437 0x0a28  [ C398BCA91216755B098679A8DA8A2300, 1FDDC3D927509AB10C3B0B7900DCE78DEC6B1C3CAE80F78EFCFBB628673B2143 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
11:20:16.0515 0x0a28  rimsptsk - ok
11:20:16.0578 0x0a28  [ BBCE96557881586683611C561FB06269, BB0DA582B2135EC589037D61597DB79F264F579D464DCE5B7D65A3D36CADEB86 ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys
11:20:16.0718 0x0a28  RimUsb - ok
11:20:16.0749 0x0a28  [ C4F4FCD5AE48BDD31648981DDF8EF993, B2C8586D5F09AB2FBCE8BBACC9B1C74D6E1A25A8264A4218E80354C4470C750F ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys
11:20:16.0843 0x0a28  RimVSerPort - ok
11:20:16.0874 0x0a28  [ 2A2554CB24506E0A0508FC395C4A1B42, B989AE65727C971D508E7284707258FCCC9213B510F4C2A257D3069A3DABE20B ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
11:20:16.0952 0x0a28  rismxdp - ok
11:20:16.0999 0x0a28  [ 75E8A6BFA7374ABA833AE92BF41AE4E6, 5A4CF4CDEFFCC4892D01FF4A5918D91193AA44AA29469B52E83824E6BCC877A5 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
11:20:17.0077 0x0a28  ROOTMODEM - ok
11:20:17.0202 0x0a28  [ 08FB7D968805001C7ADCBB14B0651FA2, 1339832EA9DB66678C524AE6BAD6C5C412AD2B77BA5ED45E64B85536DA9836CA ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
11:20:17.0436 0x0a28  RoxMediaDB9 - detected UnsignedFile.Multi.Generic ( 1 )
11:20:27.0451 0x0a28  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - warning
11:20:42.0240 0x0a28  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
11:20:42.0286 0x0a28  RpcLocator - ok
11:20:42.0364 0x0a28  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
11:20:42.0474 0x0a28  RpcSs - ok
11:20:42.0536 0x0a28  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
11:20:42.0614 0x0a28  rspndr - ok
11:20:42.0630 0x0a28  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
11:20:42.0676 0x0a28  SamSs - ok
11:20:42.0754 0x0a28  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
11:20:42.0786 0x0a28  SASDIFSV - ok
11:20:42.0801 0x0a28  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
11:20:42.0848 0x0a28  SASKUTIL - ok
11:20:42.0864 0x0a28  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
11:20:42.0910 0x0a28  sbp2port - ok
11:20:43.0004 0x0a28  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
11:20:43.0082 0x0a28  SCardSvr - ok
11:20:43.0160 0x0a28  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
11:20:43.0300 0x0a28  Schedule - ok
11:20:43.0332 0x0a28  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
11:20:43.0394 0x0a28  SCPolicySvc - ok
11:20:43.0488 0x0a28  [ 8F36B54688C31EED4580129040C6A3D3, DC150689CBAEEC94B9DE0CA6A633FAD16CDDDC452521232E0C2A44BAE61E08D9 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
11:20:43.0550 0x0a28  sdbus - ok
11:20:43.0597 0x0a28  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
11:20:43.0675 0x0a28  SDRSVC - ok
11:20:43.0706 0x0a28  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
11:20:43.0831 0x0a28  secdrv - ok
11:20:43.0893 0x0a28  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
11:20:43.0971 0x0a28  seclogon - ok
11:20:44.0002 0x0a28  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
11:20:44.0080 0x0a28  SENS - ok
11:20:44.0127 0x0a28  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
11:20:44.0252 0x0a28  Serenum - ok
11:20:44.0283 0x0a28  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
11:20:44.0424 0x0a28  Serial - ok
11:20:44.0439 0x0a28  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
11:20:44.0517 0x0a28  sermouse - ok
11:20:44.0595 0x0a28  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
11:20:44.0689 0x0a28  SessionEnv - ok
11:20:44.0736 0x0a28  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
11:20:44.0814 0x0a28  sffdisk - ok
11:20:44.0845 0x0a28  [ 8FD08A310645FE872EEEC6E08C6BF3EE, 702A148C9DE172E7B5E331F057487255E0729FD42F949BB0FF2D5A01775933CF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
11:20:44.0985 0x0a28  sffp_mmc - ok
11:20:45.0032 0x0a28  [ 9F66A46C55D6F1CCABC79BB7AFCCC545, 029115C69315D2298F7FC944A53EF7F120FF74919208EB5ABC190022176D9B16 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
11:20:45.0094 0x0a28  sffp_sd - ok
11:20:45.0141 0x0a28  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
11:20:45.0266 0x0a28  sfloppy - ok
11:20:45.0313 0x0a28  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
11:20:45.0422 0x0a28  SharedAccess - ok
11:20:45.0484 0x0a28  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:20:45.0562 0x0a28  ShellHWDetection - ok
11:20:45.0594 0x0a28  [ D2A595D6EEBEEAF4334F8E50EFBC9931, 851B8205C657BF806C4D815DC75356E99B4246016B6E1C1F51BAF8AD1E6D5299 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
11:20:45.0640 0x0a28  sisagp - ok
11:20:45.0672 0x0a28  [ CEDD6F4E7D84E9F98B34B3FE988373AA, E102977E6FAC30B5ABEEC0B412A9F2A10C5C42F4D9C3AD69296BF9E1E88B6141 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
11:20:45.0703 0x0a28  SiSRaid2 - ok
11:20:45.0734 0x0a28  [ DF843C528C4F69D12CE41CE462E973A7, A2BEC74FCB8D8B6B9D8DD4746C013DFDF1DD662AEFE9B88CA495E5B83B4A76F9 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
11:20:45.0781 0x0a28  SiSRaid4 - ok
11:20:45.0843 0x0a28  [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
11:20:45.0890 0x0a28  SkypeUpdate - ok
11:20:46.0202 0x0a28  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
11:20:46.0732 0x0a28  slsvc - ok
11:20:46.0826 0x0a28  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
11:20:46.0904 0x0a28  SLUINotify - ok
11:20:46.0966 0x0a28  [ 46B40982AF166BF89C3F51FB13E60D6D, C95C4EEF37D270BFB59B8A706AF76EE5859E14030C7F042C9D8C1101A672DB8E ] SmartDefragDriver C:\Windows\system32\Drivers\SmartDefragDriver.sys
11:20:46.0998 0x0a28  SmartDefragDriver - ok
11:20:47.0044 0x0a28  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
11:20:47.0122 0x0a28  Smb - ok
11:20:47.0169 0x0a28  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
11:20:47.0216 0x0a28  SNMPTRAP - ok
11:20:47.0247 0x0a28  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
11:20:47.0278 0x0a28  spldr - ok
11:20:47.0325 0x0a28  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
11:20:47.0388 0x0a28  Spooler - ok
11:20:47.0450 0x0a28  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
11:20:47.0528 0x0a28  srv - ok
11:20:47.0590 0x0a28  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
11:20:47.0653 0x0a28  srv2 - ok
11:20:47.0684 0x0a28  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
11:20:47.0746 0x0a28  srvnet - ok
11:20:47.0778 0x0a28  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
11:20:47.0887 0x0a28  SSDPSRV - ok
11:20:47.0934 0x0a28  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
11:20:47.0996 0x0a28  SstpSvc - ok
11:20:48.0074 0x0a28  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
11:20:48.0214 0x0a28  stisvc - ok
11:20:48.0261 0x0a28  [ A9A23C8AF361F7A93FD632E91A8C346F, A353E69B60E2A904E4079D05B2DF25354B2A590ECA843822E3FA3B7923012142 ] stllssvr        C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
11:20:48.0308 0x0a28  stllssvr - ok
11:20:48.0355 0x0a28  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
11:20:48.0386 0x0a28  swenum - ok
11:20:48.0448 0x0a28  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
11:20:48.0558 0x0a28  swprv - ok
11:20:48.0589 0x0a28  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
11:20:48.0636 0x0a28  Symc8xx - ok
11:20:48.0651 0x0a28  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
11:20:48.0698 0x0a28  Sym_hi - ok
11:20:48.0729 0x0a28  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
11:20:48.0760 0x0a28  Sym_u3 - ok
11:20:48.0854 0x0a28  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
11:20:49.0010 0x0a28  SysMain - ok
11:20:49.0057 0x0a28  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:20:49.0119 0x0a28  TabletInputService - ok
11:20:49.0182 0x0a28  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
11:20:49.0260 0x0a28  TapiSrv - ok
11:20:49.0306 0x0a28  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
11:20:49.0384 0x0a28  TBS - ok
11:20:49.0509 0x0a28  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
11:20:49.0665 0x0a28  Tcpip - ok
11:20:49.0774 0x0a28  [ D18D53974FD715D50FC76F9FFE1C830D, 50424BD5950D8FC7724A6E48AE5A39D6E727FAF326C31657C69F1DE13C1450E3 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
11:20:49.0868 0x0a28  Tcpip6 - ok
11:20:49.0930 0x0a28  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
11:20:50.0008 0x0a28  tcpipreg - ok
11:20:50.0040 0x0a28  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
11:20:50.0118 0x0a28  TDPIPE - ok
11:20:50.0164 0x0a28  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
11:20:50.0258 0x0a28  TDTCP - ok
11:20:50.0289 0x0a28  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
11:20:50.0367 0x0a28  tdx - ok
11:20:50.0398 0x0a28  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
11:20:50.0445 0x0a28  TermDD - ok
11:20:50.0508 0x0a28  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
11:20:50.0648 0x0a28  TermService - ok
11:20:50.0695 0x0a28  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
11:20:50.0757 0x0a28  Themes - ok
11:20:50.0773 0x0a28  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
11:20:50.0851 0x0a28  THREADORDER - ok
11:20:50.0913 0x0a28  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
11:20:50.0991 0x0a28  TrkWks - ok
11:20:51.0054 0x0a28  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:20:51.0116 0x0a28  TrustedInstaller - ok
11:20:51.0178 0x0a28  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
11:20:51.0241 0x0a28  tssecsrv - ok
11:20:51.0490 0x0a28  [ C2FE5A61B36A961C96703AB17B1C403A, 493C47260996CF40E28EA5E29E70333C1F1284A3E5DCDC95546721FCDC066B06 ] TuneUp.UtilitiesSvc C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
11:20:51.0756 0x0a28  TuneUp.UtilitiesSvc - ok
11:20:51.0865 0x0a28  [ 94C4CD2D19B8C4137A46261F229FEC24, 8D04198DF5E080DC28C137D6FAAD47EC7386DA0CA968EEA2D9D3A5BD7690DA88 ] TuneUpUtilitiesDrv C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver32.sys
11:20:51.0896 0x0a28  TuneUpUtilitiesDrv - ok
11:20:51.0958 0x0a28  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
11:20:52.0021 0x0a28  tunmp - ok
11:20:52.0052 0x0a28  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
11:20:52.0083 0x0a28  tunnel - ok
11:20:52.0130 0x0a28  [ C3ADE15414120033A36C0F293D4A4121, 74A002C4B5EBD94E33EDEACB6639AF44ED72A8DDE3083C6DE71C1EE937EF1A9C ] uagp35          C:\Windows\system32\drivers\uagp35.sys
11:20:52.0177 0x0a28  uagp35 - ok
11:20:52.0239 0x0a28  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
11:20:52.0333 0x0a28  udfs - ok
11:20:52.0395 0x0a28  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
11:20:52.0489 0x0a28  UI0Detect - ok
11:20:52.0520 0x0a28  UIUSys - ok
11:20:52.0551 0x0a28  [ 75E6890EBFCE0841D3291B02E7A8BDB0, FDF9CDCCCCC0AA2A52623C5A67AC5F5224557EE4C8F6487CB13CAEB012575E2A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
11:20:52.0582 0x0a28  uliagpkx - ok
11:20:52.0629 0x0a28  [ 3CD4EA35A6221B85DCC25DAA46313F8D, 100A7E12B8EA395F70A00874328E87B930CE88FF442F3576FE88B105A22E04C5 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
11:20:52.0676 0x0a28  uliahci - ok
11:20:52.0707 0x0a28  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
11:20:52.0754 0x0a28  UlSata - ok
11:20:52.0785 0x0a28  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
11:20:52.0816 0x0a28  ulsata2 - ok
11:20:52.0879 0x0a28  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
11:20:52.0957 0x0a28  umbus - ok
11:20:53.0019 0x0a28  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
11:20:53.0128 0x0a28  upnphost - ok
11:20:53.0175 0x0a28  [ 6E421CCC57059B0186C6259CA3B6DFC9, E348BF23CCD6C14FD10C1689BBDC77E125245331F97BFE60D4C8FD9A8711CB59 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
11:20:53.0316 0x0a28  USBAAPL - ok
11:20:53.0394 0x0a28  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
11:20:53.0472 0x0a28  usbccgp - ok
11:20:53.0518 0x0a28  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
11:20:53.0659 0x0a28  usbcir - ok
11:20:53.0721 0x0a28  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
11:20:53.0768 0x0a28  usbehci - ok
11:20:53.0815 0x0a28  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
11:20:53.0877 0x0a28  usbhub - ok
11:20:53.0908 0x0a28  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
11:20:54.0033 0x0a28  usbohci - ok
11:20:54.0080 0x0a28  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
11:20:54.0174 0x0a28  usbprint - ok
11:20:54.0236 0x0a28  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
11:20:54.0283 0x0a28  usbscan - ok
11:20:54.0314 0x0a28  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:20:54.0392 0x0a28  USBSTOR - ok
11:20:54.0454 0x0a28  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
11:20:54.0501 0x0a28  usbuhci - ok
11:20:54.0579 0x0a28  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
11:20:54.0657 0x0a28  usbvideo - ok
11:20:54.0720 0x0a28  [ 228F444F9AF0D3B9ECA9FC3F4FEB12F2, D29C9A0ED5602BCD529A0D7F538DFA8771B1CAC6F433AA686C3A4917DC596369 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
11:20:54.0798 0x0a28  usb_rndisx - ok
11:20:54.0844 0x0a28  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
11:20:54.0907 0x0a28  UxSms - ok
11:20:54.0985 0x0a28  [ E610BA756B8F556C808EEC8BCBCF722E, F1D3B791B18A494162BEC3A9A8AE5BEB9E7294AA67E22B3FE23F85CEC986804D ] UxTuneUp        C:\Windows\System32\uxtuneup.dll
11:20:55.0016 0x0a28  UxTuneUp - ok
11:20:55.0094 0x0a28  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
11:20:55.0203 0x0a28  vds - ok
11:20:55.0266 0x0a28  [ 7D92BE0028ECDEDEC74617009084B5EF, D0749CE6FA3415BA4364299F8D6D53F133E8D2F44C6F1057996243415A540A53 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
11:20:55.0390 0x0a28  vga - ok
11:20:55.0437 0x0a28  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
11:20:55.0531 0x0a28  VgaSave - ok
11:20:55.0578 0x0a28  [ 045D9961E591CF0674A920B6BA3BA5CB, EBF498A0424CEA0F7ECBAAE144A8669CE6B5DD67115DE22CEC5A46AED26CD90B ] viaagp          C:\Windows\system32\drivers\viaagp.sys
11:20:55.0624 0x0a28  viaagp - ok
11:20:55.0656 0x0a28  [ 56A4DE5F02F2E88182B0981119B4DD98, 36FC94BCFD41907838DBCB02E6EA24065FDED4224239CD19E90D14433BE9108B ] ViaC7           C:\Windows\system32\drivers\viac7.sys
11:20:55.0796 0x0a28  ViaC7 - ok
11:20:55.0812 0x0a28  [ FD2E3175FCADA350C7AB4521DCA187EC, 1C914B184478611A27E0141F90EBC34FC63DFB2A83441DD36DFA43D945FB1C52 ] viaide          C:\Windows\system32\drivers\viaide.sys
11:20:55.0858 0x0a28  viaide - ok
11:20:55.0874 0x0a28  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
11:20:55.0921 0x0a28  volmgr - ok
11:20:55.0983 0x0a28  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
11:20:56.0061 0x0a28  volmgrx - ok
11:20:56.0124 0x0a28  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
11:20:56.0170 0x0a28  volsnap - ok
11:20:56.0233 0x0a28  [ D984439746D42B30FC65A4C3546C6829, B134A9890638C2B4964A9C30812A2828A3E0CC641690CBF22D9FCE65EE3C2385 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
11:20:56.0280 0x0a28  vsmraid - ok
11:20:56.0404 0x0a28  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
11:20:56.0638 0x0a28  VSS - ok
11:20:56.0919 0x0a28  [ 9237CDFF7D7185510A7DDB3666691D0D, D19A08253F08C2151ACD2096C5D1F27E713475EFE3895EB846A1F28E791D83DC ] vToolbarUpdater17.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
11:20:57.0169 0x0a28  vToolbarUpdater17.3.0 - ok
11:20:57.0247 0x0a28  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
11:20:57.0372 0x0a28  W32Time - ok
11:20:57.0418 0x0a28  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
11:20:57.0543 0x0a28  WacomPen - ok
11:20:57.0606 0x0a28  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
11:20:57.0684 0x0a28  Wanarp - ok
11:20:57.0684 0x0a28  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
11:20:57.0762 0x0a28  Wanarpv6 - ok
11:20:57.0808 0x0a28  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
11:20:57.0933 0x0a28  wcncsvc - ok
11:20:57.0980 0x0a28  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:20:58.0058 0x0a28  WcsPlugInService - ok
11:20:58.0089 0x0a28  [ AFC5AD65B991C1E205CF25CFDBF7A6F4, 544173AE85A11B99B9221DB30B6803DAEB3EB7FCA57FE62F0D13EF70B9C69A89 ] Wd              C:\Windows\system32\drivers\wd.sys
11:20:58.0120 0x0a28  Wd - ok
11:20:58.0230 0x0a28  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
11:20:58.0323 0x0a28  Wdf01000 - ok
11:20:58.0370 0x0a28  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
11:20:58.0464 0x0a28  WdiServiceHost - ok
11:20:58.0479 0x0a28  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
11:20:58.0557 0x0a28  WdiSystemHost - ok
11:20:58.0651 0x0a28  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
11:20:58.0713 0x0a28  WebClient - ok
11:20:58.0791 0x0a28  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
11:20:58.0885 0x0a28  Wecsvc - ok
11:20:58.0932 0x0a28  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
11:20:58.0994 0x0a28  wercplsupport - ok
11:20:59.0056 0x0a28  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
11:20:59.0134 0x0a28  WerSvc - ok
11:20:59.0244 0x0a28  [ E096FFB754F1E45AE1BDDAC1275AE2C5, DB88308520805EB9EE1FC70C057C75A1928DBAB00F8DDE7908FE79B964259CB3 ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:20:59.0384 0x0a28  winachsf - ok
11:20:59.0509 0x0a28  [ 38106C7BD34EAE89D2769AC0BA2E846B, 8A33C138C84ED3E6C9408BB66FDEA65E35DD3600AF3ED2C967B8C3D5D54EC3C4 ] WIND. RunOuc    C:\Program Files\WIND\UpdateDog\ouc.exe
11:20:59.0540 0x0a28  WIND. RunOuc - detected UnsignedFile.Multi.Generic ( 1 )
11:21:09.0555 0x0a28  WIND. RunOuc ( UnsignedFile.Multi.Generic ) - warning
11:21:25.0592 0x0a28  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
11:21:25.0654 0x0a28  WinDefend - ok
11:21:25.0686 0x0a28  WinHttpAutoProxySvc - ok
11:21:25.0748 0x0a28  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
11:21:25.0842 0x0a28  Winmgmt - ok
11:21:25.0982 0x0a28  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
11:21:26.0185 0x0a28  WinRM - ok
11:21:26.0278 0x0a28  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
11:21:26.0450 0x0a28  Wlansvc - ok
11:21:26.0653 0x0a28  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:21:26.0902 0x0a28  wlidsvc - ok
11:21:26.0965 0x0a28  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
11:21:27.0027 0x0a28  WmiAcpi - ok
11:21:27.0090 0x0a28  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
11:21:27.0168 0x0a28  wmiApSrv - ok
11:21:27.0308 0x0a28  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
11:21:27.0511 0x0a28  WMPNetworkSvc - ok
11:21:27.0542 0x0a28  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
11:21:27.0636 0x0a28  WPCSvc - ok
11:21:27.0698 0x0a28  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
11:21:27.0776 0x0a28  WPDBusEnum - ok
11:21:27.0838 0x0a28  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
11:21:27.0901 0x0a28  WpdUsb - ok
11:21:28.0119 0x0a28  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:21:28.0244 0x0a28  WPFFontCache_v0400 - ok
11:21:28.0322 0x0a28  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
11:21:28.0431 0x0a28  ws2ifsl - ok
11:21:28.0478 0x0a28  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\System32\wscsvc.dll
11:21:28.0540 0x0a28  wscsvc - ok
11:21:28.0556 0x0a28  WSearch - ok
11:21:28.0759 0x0a28  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
11:21:29.0071 0x0a28  wuauserv - ok
11:21:29.0149 0x0a28  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
11:21:29.0258 0x0a28  WudfPf - ok
11:21:29.0289 0x0a28  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
11:21:29.0367 0x0a28  WUDFRd - ok
11:21:29.0398 0x0a28  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
11:21:29.0461 0x0a28  wudfsvc - ok
11:21:29.0492 0x0a28  [ 19E7C173B6242AD7521E537AE54768BF, AC2D2B3BD94B8EAADC54E18110F5291FFDF0F365880C2CAF80D497BE5609AC7F ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
11:21:29.0539 0x0a28  XAudio - ok
11:21:29.0617 0x0a28  [ CDA0BC78672B50C43649FF34E1FD0FF8, 7FDAA363E17E0EC391C014166051C952722CEA01E0552E574EF7C146BFCC856F ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
11:21:29.0710 0x0a28  XAudioService - ok
11:21:29.0804 0x0a28  [ 04E268ADFC81964C49DC0C082D520F7E, 7D2574E366636AB1D59A08FE3038268095D627C39636C6ED6BCE1D5ACB44A179 ] yukonwlh        C:\Windows\system32\DRIVERS\yk60x86.sys
11:21:29.0913 0x0a28  yukonwlh - ok
11:21:30.0007 0x0a28  [ A6F089400F1FF12B2561902358213782, D9A447D10531FF2E7AD32D5939DCBA5DC9FA60AB742CCF1CEDD6B276D293A8EA ] zghsdiag        C:\Windows\system32\DRIVERS\zghsdiag.sys
11:21:30.0038 0x0a28  zghsdiag - ok
11:21:30.0132 0x0a28  [ FA4E89DECD2AC99E0E83CE368ECE60D9, D1F5FE53C722A31414857B9BE255D0AFC5DB69EB70399A54C2C5F2A989943C63 ] zghsmdm         C:\Windows\system32\DRIVERS\zghsmdm.sys
11:21:30.0163 0x0a28  zghsmdm - ok
11:21:30.0241 0x0a28  [ 3527D0FA8887D689923D991B38715E0D, 5D0E1CA101F67D9A8087345FB4D3E1915BB9074D98E01EF9AA72F2192E73CE86 ] zghsnmea        C:\Windows\system32\DRIVERS\zghsnmea.sys
11:21:30.0288 0x0a28  zghsnmea - ok
11:21:30.0381 0x0a28  ================ Scan global ===============================
11:21:30.0428 0x0a28  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
11:21:30.0506 0x0a28  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
11:21:30.0600 0x0a28  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
11:21:30.0678 0x0a28  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
11:21:30.0709 0x0a28  [ Global ] - ok
11:21:30.0709 0x0a28  ================ Scan MBR ==================================
11:21:30.0724 0x0a28  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
11:21:31.0785 0x0a28  \Device\Harddisk0\DR0 - ok
11:21:31.0785 0x0a28  ================ Scan VBR ==================================
11:21:31.0801 0x0a28  [ B42EC3C6F55C162E2BB229B4C84ACE0B ] \Device\Harddisk0\DR0\Partition1
11:21:31.0848 0x0a28  \Device\Harddisk0\DR0\Partition1 - ok
11:21:31.0879 0x0a28  [ B74582F5AAB978AA14D8BCAE9F59EB63 ] \Device\Harddisk0\DR0\Partition2
11:21:31.0894 0x0a28  \Device\Harddisk0\DR0\Partition2 - ok
11:21:31.0894 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:32.0908 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:33.0922 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:34.0936 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:35.0950 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:36.0964 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:37.0978 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:38.0992 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:40.0006 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:41.0020 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:42.0034 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:43.0048 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:44.0062 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:45.0076 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:46.0090 0x0a28  Waiting for KSN requests completion. In queue: 24
11:21:47.0151 0x0a28  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files\AVG\AVG2014\avgwsc.exe ( 14.0.0.4110 ), 0x41000 ( enabled : updated )
11:21:47.0167 0x0a28  Win FW state via NFP2: enabled
11:22:01.0909 0x0a28  ============================================================
11:22:01.0909 0x0a28  Scan finished
11:22:01.0909 0x0a28  ============================================================
11:22:01.0924 0x1214  Detected object count: 12
11:22:01.0924 0x1214  Actual detected object count: 12
20:28:53.0269 0x1214  !SASCORE ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0292 0x1214  !SASCORE ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0293 0x1214  ASBroker ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0293 0x1214  ASBroker ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0299 0x1214  ASChannel ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0300 0x1214  ASChannel ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0303 0x1214  ASPI32 ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0304 0x1214  ASPI32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0308 0x1214  Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0308 0x1214  Blackberry Device Manager ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0314 0x1214  CLCapSvc ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0315 0x1214  CLCapSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0320 0x1214  CLSched ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0320 0x1214  CLSched ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0325 0x1214  HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0325 0x1214  HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0330 0x1214  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0330 0x1214  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0334 0x1214  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0334 0x1214  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0338 0x1214  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0338 0x1214  RoxMediaDB9 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:28:53.0342 0x1214  WIND. RunOuc ( UnsignedFile.Multi.Generic ) - skipped by user
20:28:53.0343 0x1214  WIND. RunOuc ( UnsignedFile.Multi.Generic ) - User select action: Skip
 



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 26 February 2014 - 04:07 AM

Ok we need a fresh FRST log.
The redirects are still there?


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#7 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 27 February 2014 - 03:24 AM

Oh no, its hard to tell?  Yes, there still here. and many "Ads not by this site" and "Options ?" and pop-ups - one just displayed when I was logging in saying "bleepingcomputer....by Download Keeper"

 

They did seem to taper off but maybe it was that we weren't using it as much.  Are these apps cleaning or just scanning?  How bad does the problem look?

 

Here's the FRST report:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by user (administrator) on USER-PC on 27-02-2014 02:55:35
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
() C:\ProgramData\WIND\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cognizance Corporation) C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\Apple Software Update\SoftwareUpdate.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [176128 2007-04-23] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [162912 2009-06-11] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [85600 2013-11-20] (Nullsoft, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2552856 2014-02-04] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\user\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d /CMPID=1113a
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: G - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {029bc325-daa0-11e1-8b65-a92df7aa7872} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {04bd9823-6665-11e2-b65c-c98ddc825755} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {04bd9824-6665-11e2-b65c-cf0532beacb6} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {13bb4805-6e44-11e2-8119-d53de5caef49} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {1901448c-63f3-11e2-a596-869a1cee0eac} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {27b2948a-68e8-11e2-96d8-b9abbe2c6474} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {27b2948b-68e8-11e2-96d8-b9abbe2c6474} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {2df6d67b-80e7-11e2-89dd-df8989abd099} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {43e38373-8719-11e1-9a13-d81738c747d8} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {43e88849-6663-11e2-8350-9b6b8ed10d65} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {462cd8f5-d21d-11e1-8e71-f8077c945026} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {46b5d7af-30db-11e1-9828-001e101f4da1} - K:\PMBP_Win.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {4c73a2a0-23e0-11e1-a9ca-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {4cbd3b2a-10c3-11e1-a91b-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {59dbc9bc-0271-11e1-92cc-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {59dbca76-0271-11e1-92cc-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {5e92a683-2588-11e1-a10e-806e6f6e6963} - F:\HWPcAssistant.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {8f5627aa-1071-11e1-ad6e-001e101fea31} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {8f5627b9-1071-11e1-ad6e-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {954c068f-12cb-11e1-ab6c-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {99d4e753-5ffc-11e2-8eaa-e0043eccb7fd} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {99d4e75f-5ffc-11e2-8eaa-e0043eccb7fd} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {acfd723c-0e5a-11e1-a37c-806e6f6e6963} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {acfd73d1-0e5a-11e1-a37c-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {b201e36b-02e8-11e1-a538-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {bbb5ac02-8721-11e1-90a7-dbe957be3fcd} - G:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {ce49ad00-21e1-11e1-bd6a-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {ce49ad05-21e1-11e1-bd6a-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {e1fbce93-73b3-11e2-abcf-fb5852bd5dea} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {e1fbce94-73b3-11e2-abcf-fb5852bd5dea} - G:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca4780-6065-11e2-823d-87bb6093de0e} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca4791-6065-11e2-823d-87bb6093de0e} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca47a4-6065-11e2-823d-b5bbb03e5f53} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f27d5aca-0de0-11e1-9f25-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f5b763dd-7204-11e2-9533-ec16fd67e11b} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f5b763e4-7204-11e2-9533-ca03315b92c6} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\Run: [Advanced SystemCare 6] - C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [491840 2013-01-15] (IObit)
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\fc65b9ad-f476-4e82-afdf-6b4bb1ad7b11.com [5706480 2013-10-07] (SUPERAntiSpyware)
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-21] (Google Inc.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {2df6d67b-80e7-11e2-89dd-df8989abd099} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {5e92a683-2588-11e1-a10e-806e6f6e6963} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {6756f510-5a51-11e1-b727-9820ad2926e1} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1001\...\MountPoints2: {e1fbce94-73b3-11e2-abcf-fb5852bd5dea} - F:\Setup.exe
AppInit_DLLs: apshook.dll => C:\Windows\system32\apshook.dll [56832 2006-07-13] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/video_and_audio/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {640B7C8C-2E18-42C5-B660-31FAB716F443} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {640B7C8C-2E18-42C5-B660-31FAB716F443} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.2.0.38&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.3.0.49\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://mysearch.avg.com?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default\searchplugins\safeguard-secure-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.0.49 [2013-12-29]
 
Chrome: 
=======
CHR HomePage: homepage_is_newtabpage
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.1.2.1&pid=safeguard&sg=&sap=dsp&q={searchTerms}
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-26]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-26]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
CHR Extension: (McAfee Security Scan+) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-02-25]
CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
CHR Extension: (Downloadu  keepper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha [2013-10-02]
CHR Extension: (AVG SafeGuard) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-12-10]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-11]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-04-26]
CHR HKLM\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.0.49\avg.crx [2013-12-29]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
R2 ASBroker; C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] ()
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532728 2013-10-31] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [30008 2013-10-31] (AVG)
R2 vToolbarUpdater17.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2013-12-29] (AVG Secure Search)
S2 WIND. RunOuc; C:\Program Files\WIND\UpdateDog\ouc.exe [218624 2011-10-29] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-27 02:55 - 2014-02-27 02:55 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-02-25 11:09 - 2014-02-25 11:11 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2014-02-24 10:24 - 2014-02-24 10:24 - 00001898 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-24 10:23 - 2014-02-24 10:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-13 03:02 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:02 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 03:01 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:01 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:01 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:01 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:01 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:01 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:01 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:01 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:01 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:01 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:05 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-09 01:11 - 2014-02-09 01:17 - 00000501 _____ () C:\Users\user\Desktop\feb8 2014 BYJ notes research housing grants.txt
2014-02-09 00:44 - 2014-02-09 00:44 - 00069812 _____ () C:\Users\user\Desktop\The faces remaking black Toronto _ NOW Magazine.htm
2014-02-09 00:27 - 2014-02-09 01:28 - 00000000 ____D () C:\Users\user\Desktop\Housing Discrimination & Grant Types BYJ Research Feb8 2014 --final
2014-02-08 22:14 - 2014-02-08 22:15 - 00030652 _____ () C:\Users\user\Desktop\Addition.txt
2014-02-08 22:12 - 2014-02-27 02:56 - 00029276 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-08 22:12 - 2014-02-27 02:55 - 00000000 ____D () C:\FRST
2014-02-08 22:11 - 2014-02-27 02:55 - 01143808 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-02-08 09:21 - 2014-02-08 09:21 - 00000068 _____ () C:\Users\M\Downloads\listen.pls
2014-02-07 01:28 - 2011-03-25 21:49 - 00001849 _____ () C:\Users\user\Desktop\BlackYouthJobs w BADC.txt
2014-02-07 00:13 - 2014-02-07 00:16 - 00016891 _____ () C:\Users\user\Desktop\dds.txt
2014-02-07 00:13 - 2014-02-07 00:16 - 00008054 _____ () C:\Users\user\Desktop\attach.txt
2014-02-07 00:01 - 2014-02-07 00:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-06 00:48 - 2014-02-06 00:48 - 00069238 _____ () C:\Users\user\Desktop\TO REGISTER A BUSINESS - All Ontario.htm
2014-02-06 00:48 - 2014-02-06 00:48 - 00000439 _____ () C:\Users\user\Desktop\FEB 6 NOTES TODO 2014 G.txt
2014-02-04 12:41 - 2014-02-04 12:41 - 00019054 _____ () C:\Users\user\Desktop\Hire Police Rates (Paid Duty Officer) Toronto Police Service   To Serve and Protect.htm
2014-02-04 07:53 - 2014-02-04 07:53 - 00292086 _____ () C:\Users\user\Desktop\CUQ331Ok.htm
2014-02-04 02:45 - 2014-02-04 02:45 - 00164030 _____ () C:\Users\user\Desktop\Common causes and solutions to Backup, System Restore, and Complete PC Backup problems - updated! - The Storage Team at Microsoft - File Cabinet Blog - Site Home - TechNet Blogs.htm
2014-02-04 02:08 - 2014-02-04 02:08 - 00000818 _____ () C:\Users\user\Desktop\Internet Firefox.lnk
 
==================== One Month Modified Files and Folders =======
 
2014-02-27 02:57 - 2014-02-08 22:12 - 00029276 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-27 02:55 - 2014-02-27 02:55 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-02-27 02:55 - 2014-02-08 22:12 - 00000000 ____D () C:\FRST
2014-02-27 02:55 - 2014-02-08 22:11 - 01143808 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-02-27 02:42 - 2007-10-19 17:52 - 01243680 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 02:38 - 2011-10-21 18:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 02:06 - 2012-04-05 23:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 01:46 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 01:46 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-26 20:27 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-02-26 17:42 - 2013-03-08 23:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-26 16:15 - 2011-10-21 18:06 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 16:15 - 2007-10-19 17:08 - 00000149 _____ () C:\Users\Public\Documents\hpqp.ini
2014-02-25 16:00 - 2011-10-20 12:04 - 00000318 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-02-25 11:11 - 2014-02-25 11:09 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2014-02-25 09:46 - 2013-01-16 18:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-25 09:46 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-24 23:31 - 2006-11-02 08:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-24 23:30 - 2007-10-19 15:55 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-02-24 10:24 - 2014-02-24 10:24 - 00001898 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-24 10:23 - 2014-02-24 10:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-22 13:02 - 2006-11-02 05:33 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-22 12:57 - 2013-10-11 23:19 - 00003670 _____ () C:\Windows\setupact.log
2014-02-20 19:07 - 2012-04-05 23:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 19:07 - 2011-10-21 18:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 18:46 - 2012-05-31 15:07 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-02-18 15:09 - 2012-06-15 00:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 19:18 - 2013-11-16 12:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 13:30 - 2013-03-16 13:23 - 00000000 ____D () C:\Users\M\AppData\Roaming\HpUpdate
2014-02-13 03:52 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 03:19 - 2013-08-15 02:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 03:12 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-09 01:28 - 2014-02-09 00:27 - 00000000 ____D () C:\Users\user\Desktop\Housing Discrimination & Grant Types BYJ Research Feb8 2014 --final
2014-02-09 01:17 - 2014-02-09 01:11 - 00000501 _____ () C:\Users\user\Desktop\feb8 2014 BYJ notes research housing grants.txt
2014-02-09 00:44 - 2014-02-09 00:44 - 00069812 _____ () C:\Users\user\Desktop\The faces remaking black Toronto _ NOW Magazine.htm
2014-02-08 23:29 - 2011-10-21 12:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\HpUpdate
2014-02-08 22:15 - 2014-02-08 22:14 - 00030652 _____ () C:\Users\user\Desktop\Addition.txt
2014-02-08 09:21 - 2014-02-08 09:21 - 00000068 _____ () C:\Users\M\Downloads\listen.pls
2014-02-07 00:16 - 2014-02-07 00:13 - 00016891 _____ () C:\Users\user\Desktop\dds.txt
2014-02-07 00:16 - 2014-02-07 00:13 - 00008054 _____ () C:\Users\user\Desktop\attach.txt
2014-02-07 00:01 - 2014-02-07 00:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-06 23:21 - 2012-07-13 02:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-02-06 00:48 - 2014-02-06 00:48 - 00069238 _____ () C:\Users\user\Desktop\TO REGISTER A BUSINESS - All Ontario.htm
2014-02-06 00:48 - 2014-02-06 00:48 - 00000439 _____ () C:\Users\user\Desktop\FEB 6 NOTES TODO 2014 G.txt
2014-02-05 12:47 - 2013-12-10 19:01 - 00000000 ____D () C:\Program Files\AVG SafeGuard toolbar
2014-02-05 03:58 - 2014-02-13 03:01 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-13 03:01 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-13 03:01 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-13 03:01 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-13 03:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-13 03:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-13 03:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-13 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:47 - 2014-02-13 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-13 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:47 - 2014-02-13 03:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:46 - 2014-02-13 03:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 12:41 - 2014-02-04 12:41 - 00019054 _____ () C:\Users\user\Desktop\Hire Police Rates (Paid Duty Officer) Toronto Police Service   To Serve and Protect.htm
2014-02-04 07:53 - 2014-02-04 07:53 - 00292086 _____ () C:\Users\user\Desktop\CUQ331Ok.htm
2014-02-04 02:45 - 2014-02-04 02:45 - 00164030 _____ () C:\Users\user\Desktop\Common causes and solutions to Backup, System Restore, and Complete PC Backup problems - updated! - The Storage Team at Microsoft - File Cabinet Blog - Site Home - TechNet Blogs.htm
2014-02-04 02:08 - 2014-02-04 02:08 - 00000818 _____ () C:\Users\user\Desktop\Internet Firefox.lnk
2014-02-03 15:01 - 2013-11-05 22:53 - 00001749 _____ () C:\Windows\LkmdfCoInst.log
2014-02-03 15:00 - 2013-03-09 09:55 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
 
Files to move or delete:
====================
C:\Users\user\BOIE9_ENCA_VIS (1).EXE
C:\Users\user\BOIE9_ENCA_VIS.EXE
 
 
Some content of TEMP:
====================
C:\Users\G\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\M\AppData\Local\Temp\SP37614.exe
C:\Users\M\AppData\Local\Temp\SP39868.exe
C:\Users\M\AppData\Local\Temp\vlc-2.1.2-win32.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-26 22:07
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 27 February 2014 - 03:36 AM

Don't worry, it's not too bad. :)
The apps were just scanning but now we start deleting:


Step 1

Please download this attached Attached File  fixlist.txt   259bytes   4 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.

 

 

 

Step 3

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 27 February 2014 - 11:28 PM

Ok thanks. Here are the posts below.  I forgot to mention in my first post that I'd appreciate some advice about which programs to keep/upgrade/uninstall out of: AVG antivirus, AVG PC Tune up, McAfee, Malwarebytes, Spybot...I think thats it.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-02-2014 02
Ran by user at 2014-02-27 22:51:49 Run:1
Running from C:\Users\user\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CHR Extension: (Downloadu  keepper) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha [2013-10-02]
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha
*****************

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha => Moved successfully.
"C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha" => File/Directory not found.

==== End of Fixlog ====

 

 

# AdwCleaner v3.020 - Report created 27/02/2014 at 22:56:24
# Updated 27/02/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : user - USER-PC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater17.3.0

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[!] Folder Deleted : C:\users\user\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\users\user\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Deleted : C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16533


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default\prefs.js ]

Line Deleted : user_pref("extensions.Wnwprk4.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};(function(){if(window.self==window.top&&!document.getElementById('shk85shssma'))[...]

*************************

AdwCleaner[R0].txt - [2558 octets] - [24/11/2013 23:27:22]
AdwCleaner[R1].txt - [1435 octets] - [10/12/2013 00:48:24]
AdwCleaner[R2].txt - [7087 octets] - [27/02/2014 22:52:58]
AdwCleaner[S0].txt - [2653 octets] - [24/11/2013 23:31:09]
AdwCleaner[S1].txt - [1498 octets] - [10/12/2013 00:55:56]
AdwCleaner[S2].txt - [6317 octets] - [27/02/2014 22:56:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [6377 octets] ##########
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by user (administrator) on USER-PC on 27-02-2014 23:10:44
Running from C:\Users\user\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
() C:\ProgramData\DatacardService\HWDeviceService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe
() C:\ProgramData\WIND\OnlineUpdate\ouc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Cognizance Corporation) C:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(AVG) C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesApp32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winampa.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apntex.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
(Hewlett-Packard) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 6\DelayLoad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-19] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint2K\Apoint.exe [159744 2007-03-11] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2008-12-04] (Intel Corporation)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [176128 2007-04-23] (CyberLink Corp.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472776 2007-03-01] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [CognizanceTS] - C:\Program Files\Bioscrypt\VeriSoft\Bin\ASTSVCC.dll [17920 2003-12-22] (Cognizance Corporation)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [YouCam Mirror Tray icon] - C:\Program Files\CyberLink\YouCam\YouCamTray.exe [162912 2009-06-11] (CyberLink Corp.)
HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\winampa.exe [85600 2013-11-20] (Nullsoft, Inc.)
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [Facebook Update] - "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [Messenger (Yahoo!)] - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\user\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d /CMPID=1113a
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: F - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: G - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {029bc325-daa0-11e1-8b65-a92df7aa7872} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {04bd9823-6665-11e2-b65c-c98ddc825755} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {04bd9824-6665-11e2-b65c-cf0532beacb6} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {13bb4805-6e44-11e2-8119-d53de5caef49} - G:\AutoRun.exe {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {1901448c-63f3-11e2-a596-869a1cee0eac} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {27b2948a-68e8-11e2-96d8-b9abbe2c6474} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {27b2948b-68e8-11e2-96d8-b9abbe2c6474} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {2df6d67b-80e7-11e2-89dd-df8989abd099} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {43e38373-8719-11e1-9a13-d81738c747d8} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {43e88849-6663-11e2-8350-9b6b8ed10d65} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {462cd8f5-d21d-11e1-8e71-f8077c945026} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {46b5d7af-30db-11e1-9828-001e101f4da1} - K:\PMBP_Win.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {4c73a2a0-23e0-11e1-a9ca-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {4cbd3b2a-10c3-11e1-a91b-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {59dbc9bc-0271-11e1-92cc-806e6f6e6963} - G:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {59dbca76-0271-11e1-92cc-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {5e92a683-2588-11e1-a10e-806e6f6e6963} - F:\HWPcAssistant.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {8f5627aa-1071-11e1-ad6e-001e101fea31} - G:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {8f5627b9-1071-11e1-ad6e-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {954c068f-12cb-11e1-ab6c-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {99d4e753-5ffc-11e2-8eaa-e0043eccb7fd} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {99d4e75f-5ffc-11e2-8eaa-e0043eccb7fd} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {acfd723c-0e5a-11e1-a37c-806e6f6e6963} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {acfd73d1-0e5a-11e1-a37c-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {b201e36b-02e8-11e1-a538-0016d3f69c15} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {bbb5ac02-8721-11e1-90a7-dbe957be3fcd} - G:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {ce49ad00-21e1-11e1-bd6a-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {ce49ad05-21e1-11e1-bd6a-001e37044547} - F:\PcOptions.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {e1fbce93-73b3-11e2-abcf-fb5852bd5dea} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {e1fbce94-73b3-11e2-abcf-fb5852bd5dea} - G:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca4780-6065-11e2-823d-87bb6093de0e} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca4791-6065-11e2-823d-87bb6093de0e} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {edca47a4-6065-11e2-823d-b5bbb03e5f53} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f27d5aca-0de0-11e1-9f25-001e37044547} - F:\AutoRun.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f5b763dd-7204-11e2-9533-ec16fd67e11b} - F:\Setup.exe
HKU\S-1-5-21-2631014117-1809133405-886358177-1000\...\MountPoints2: {f5b763e4-7204-11e2-9533-ca03315b92c6} - F:\Setup.exe
AppInit_DLLs: apshook.dll => C:\Windows\system32\apshook.dll [56832 2006-07-13] (Cognizance Corporation)
Lsa: [Notification Packages] scecli ASWLNPkg
Startup: C:\Users\M\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
ShortcutTarget: Picture Motion Browser Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files\ZooskMessenger\ZooskMessenger.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/news/video_and_audio/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {640B7C8C-2E18-42C5-B660-31FAB716F443} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
SearchScopes: HKCU - {640B7C8C-2E18-42C5-B660-31FAB716F443} URL = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\qhl4hxby.default
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF Homepage: hxxp://mysearch.avg.com?cid={1B25B8C8-19C2-4721-94CB-F9CE7ED716CB}&mid=d5ea4668be8c47d396ef54ffc1d344b8-4fc89cdf7611f0e3169a6cbbdbf5eb883d28ce5d&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-10 19:01:27&v=17.1.2.1&pid=safeguard&sg=0&sap=hp
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com)
R2 AdvancedSystemCareService6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [465216 2013-01-15] (IObit)
R2 ASBroker; C:\Program Files\Bioscrypt\VeriSoft\Bin\ASWLNPkg.dll [74240 2007-02-07] (Cognizance Corporation)
R2 ASChannel; C:\Program Files\Bioscrypt\VeriSoft\Bin\AsChnl.dll [131584 2006-06-22] (Cognizance Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 CLCapSvc; C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe [262243 2007-04-23] ()
S2 CLSched; C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe [106593 2007-04-23] ()
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-09] (Hewlett-Packard)
R2 HWDeviceService.exe; C:\ProgramData\DatacardService\HWDeviceService.exe [264704 2010-11-16] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [235696 2014-01-15] (McAfee, Inc.)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 TuneUp.UtilitiesSvc; C:\Program Files\AVG\AVG PC TuneUp\TuneUpUtilitiesService32.exe [1532728 2013-10-31] (AVG)
R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [30008 2013-10-31] (AVG)
S2 WIND. RunOuc; C:\Program Files\WIND\UpdateDog\ouc.exe [218624 2011-10-29] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-27 23:02 - 2014-02-27 23:02 - 00000860 _____ () C:\Users\user\Desktop\final feb virus 2014.txt
2014-02-27 22:50 - 2014-02-27 22:51 - 01244192 _____ () C:\Users\user\Desktop\AdwCleaner.exe
2014-02-27 22:47 - 2014-02-27 22:51 - 00041469 _____ () C:\Users\user\Desktop\virus feb 27 2014.txt
2014-02-27 08:06 - 2014-02-27 08:06 - 00000000 ____D () C:\Users\M\Downloads\Prodigy - The Most Infamous [1]
2014-02-27 07:44 - 2014-02-27 07:56 - 199175280 _____ () C:\Users\M\Downloads\Prodigy - The Most Infamous [1].zip
2014-02-27 02:55 - 2014-02-27 02:55 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-02-25 11:09 - 2014-02-25 11:11 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2014-02-24 10:24 - 2014-02-24 10:24 - 00001898 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-24 10:23 - 2014-02-24 10:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-13 03:02 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-13 03:02 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-13 03:01 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-13 03:01 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-13 03:01 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-13 03:01 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-13 03:01 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-13 03:01 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-13 03:01 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 03:01 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-13 03:01 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-13 03:01 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-13 03:01 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 15:05 - 2013-12-04 21:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-09 01:11 - 2014-02-09 01:17 - 00000501 _____ () C:\Users\user\Desktop\feb8 2014 BYJ notes research housing grants.txt
2014-02-09 00:44 - 2014-02-09 00:44 - 00069812 _____ () C:\Users\user\Desktop\The faces remaking black Toronto _ NOW Magazine.htm
2014-02-09 00:27 - 2014-02-09 01:28 - 00000000 ____D () C:\Users\user\Desktop\Housing Discrimination & Grant Types BYJ Research Feb8 2014 --final
2014-02-08 22:14 - 2014-02-08 22:15 - 00030652 _____ () C:\Users\user\Desktop\Addition.txt
2014-02-08 22:12 - 2014-02-27 23:12 - 00024020 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-08 22:12 - 2014-02-27 23:10 - 00000000 ____D () C:\FRST
2014-02-08 22:11 - 2014-02-27 02:55 - 01143808 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-02-08 09:21 - 2014-02-08 09:21 - 00000068 _____ () C:\Users\M\Downloads\listen.pls
2014-02-07 01:28 - 2011-03-25 21:49 - 00001849 _____ () C:\Users\user\Desktop\BlackYouthJobs w BADC.txt
2014-02-07 00:13 - 2014-02-07 00:16 - 00016891 _____ () C:\Users\user\Desktop\dds.txt
2014-02-07 00:13 - 2014-02-07 00:16 - 00008054 _____ () C:\Users\user\Desktop\attach.txt
2014-02-07 00:01 - 2014-02-07 00:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-06 00:48 - 2014-02-06 00:48 - 00069238 _____ () C:\Users\user\Desktop\TO REGISTER A BUSINESS - All Ontario.htm
2014-02-06 00:48 - 2014-02-06 00:48 - 00000439 _____ () C:\Users\user\Desktop\FEB 6 NOTES TODO 2014 G.txt
2014-02-04 12:41 - 2014-02-04 12:41 - 00019054 _____ () C:\Users\user\Desktop\Hire Police Rates (Paid Duty Officer) Toronto Police Service   To Serve and Protect.htm
2014-02-04 07:53 - 2014-02-04 07:53 - 00292086 _____ () C:\Users\user\Desktop\CUQ331Ok.htm
2014-02-04 02:45 - 2014-02-04 02:45 - 00164030 _____ () C:\Users\user\Desktop\Common causes and solutions to Backup, System Restore, and Complete PC Backup problems - updated! - The Storage Team at Microsoft - File Cabinet Blog - Site Home - TechNet Blogs.htm
2014-02-04 02:08 - 2014-02-04 02:08 - 00000818 _____ () C:\Users\user\Desktop\Internet Firefox.lnk

==================== One Month Modified Files and Folders =======

2014-02-27 23:12 - 2014-02-08 22:12 - 00024020 _____ () C:\Users\user\Desktop\FRST.txt
2014-02-27 23:10 - 2014-02-08 22:12 - 00000000 ____D () C:\FRST
2014-02-27 23:07 - 2007-10-19 17:08 - 00000149 _____ () C:\Users\Public\Documents\hpqp.ini
2014-02-27 23:06 - 2012-04-05 23:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-27 23:06 - 2011-10-21 18:06 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-27 23:05 - 2013-01-16 18:46 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-02-27 23:04 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 23:04 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-27 23:04 - 2006-11-02 07:47 - 00003168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-27 23:03 - 2007-10-19 17:52 - 01280048 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 23:03 - 2007-10-19 15:55 - 00001076 _____ () C:\Windows\bthservsdp.dat
2014-02-27 23:03 - 2006-11-02 08:01 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-27 23:02 - 2014-02-27 23:02 - 00000860 _____ () C:\Users\user\Desktop\final feb virus 2014.txt
2014-02-27 23:01 - 2013-11-24 23:27 - 00000000 ____D () C:\AdwCleaner
2014-02-27 22:51 - 2014-02-27 22:50 - 01244192 _____ () C:\Users\user\Desktop\AdwCleaner.exe
2014-02-27 22:51 - 2014-02-27 22:47 - 00041469 _____ () C:\Users\user\Desktop\virus feb 27 2014.txt
2014-02-27 22:48 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\tracing
2014-02-27 22:38 - 2011-10-21 18:06 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-27 18:55 - 2013-03-08 23:55 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-27 08:06 - 2014-02-27 08:06 - 00000000 ____D () C:\Users\M\Downloads\Prodigy - The Most Infamous [1]
2014-02-27 07:56 - 2014-02-27 07:44 - 199175280 _____ () C:\Users\M\Downloads\Prodigy - The Most Infamous [1].zip
2014-02-27 02:55 - 2014-02-27 02:55 - 00000000 ____D () C:\Users\user\Desktop\FRST-OlderVersion
2014-02-27 02:55 - 2014-02-08 22:11 - 01143808 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-02-25 16:00 - 2011-10-20 12:04 - 00000318 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-02-25 11:11 - 2014-02-25 11:09 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\user\Desktop\tdsskiller.exe
2014-02-24 10:24 - 2014-02-24 10:24 - 00001898 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-02-24 10:23 - 2014-02-24 10:23 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-02-22 13:02 - 2006-11-02 05:33 - 00759082 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-22 12:57 - 2013-10-11 23:19 - 00003670 _____ () C:\Windows\setupact.log
2014-02-20 19:07 - 2012-04-05 23:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-20 19:07 - 2011-10-21 18:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-20 18:46 - 2012-05-31 15:07 - 00000052 _____ () C:\Windows\system32\DOErrors.log
2014-02-18 15:09 - 2012-06-15 00:32 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-02-16 19:18 - 2013-11-16 12:48 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-02-14 13:30 - 2013-03-16 13:23 - 00000000 ____D () C:\Users\M\AppData\Roaming\HpUpdate
2014-02-13 03:52 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-13 03:19 - 2013-08-15 02:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 03:12 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-09 01:28 - 2014-02-09 00:27 - 00000000 ____D () C:\Users\user\Desktop\Housing Discrimination & Grant Types BYJ Research Feb8 2014 --final
2014-02-09 01:17 - 2014-02-09 01:11 - 00000501 _____ () C:\Users\user\Desktop\feb8 2014 BYJ notes research housing grants.txt
2014-02-09 00:44 - 2014-02-09 00:44 - 00069812 _____ () C:\Users\user\Desktop\The faces remaking black Toronto _ NOW Magazine.htm
2014-02-08 23:29 - 2011-10-21 12:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\HpUpdate
2014-02-08 22:15 - 2014-02-08 22:14 - 00030652 _____ () C:\Users\user\Desktop\Addition.txt
2014-02-08 09:21 - 2014-02-08 09:21 - 00000068 _____ () C:\Users\M\Downloads\listen.pls
2014-02-07 00:16 - 2014-02-07 00:13 - 00016891 _____ () C:\Users\user\Desktop\dds.txt
2014-02-07 00:16 - 2014-02-07 00:13 - 00008054 _____ () C:\Users\user\Desktop\attach.txt
2014-02-07 00:01 - 2014-02-07 00:01 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.com
2014-02-06 23:21 - 2012-07-13 02:01 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-02-06 00:48 - 2014-02-06 00:48 - 00069238 _____ () C:\Users\user\Desktop\TO REGISTER A BUSINESS - All Ontario.htm
2014-02-06 00:48 - 2014-02-06 00:48 - 00000439 _____ () C:\Users\user\Desktop\FEB 6 NOTES TODO 2014 G.txt
2014-02-05 03:58 - 2014-02-13 03:01 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 03:56 - 2014-02-13 03:01 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 03:53 - 2014-02-13 03:01 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 03:51 - 2014-02-13 03:01 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 03:50 - 2014-02-13 03:01 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 03:49 - 2014-02-13 03:01 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 03:49 - 2014-02-13 03:01 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 03:48 - 2014-02-13 03:01 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 03:48 - 2014-02-13 03:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 03:47 - 2014-02-13 03:02 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 03:47 - 2014-02-13 03:02 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:47 - 2014-02-13 03:01 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 03:46 - 2014-02-13 03:01 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 12:41 - 2014-02-04 12:41 - 00019054 _____ () C:\Users\user\Desktop\Hire Police Rates (Paid Duty Officer) Toronto Police Service   To Serve and Protect.htm
2014-02-04 07:53 - 2014-02-04 07:53 - 00292086 _____ () C:\Users\user\Desktop\CUQ331Ok.htm
2014-02-04 02:45 - 2014-02-04 02:45 - 00164030 _____ () C:\Users\user\Desktop\Common causes and solutions to Backup, System Restore, and Complete PC Backup problems - updated! - The Storage Team at Microsoft - File Cabinet Blog - Site Home - TechNet Blogs.htm
2014-02-04 02:08 - 2014-02-04 02:08 - 00000818 _____ () C:\Users\user\Desktop\Internet Firefox.lnk
2014-02-03 15:01 - 2013-11-05 22:53 - 00001749 _____ () C:\Windows\LkmdfCoInst.log
2014-02-03 15:00 - 2013-03-09 09:55 - 00016400 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys

Files to move or delete:
====================
C:\Users\user\BOIE9_ENCA_VIS (1).EXE
C:\Users\user\BOIE9_ENCA_VIS.EXE


Some content of TEMP:
====================
C:\Users\G\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\M\AppData\Local\Temp\SP37614.exe
C:\Users\M\AppData\Local\Temp\SP39868.exe
C:\Users\M\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-27 23:13

==================== End Of Log ============================



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 28 February 2014 - 04:06 AM

I'd appreciate some advice about which programs to keep/upgrade/uninstall out of: AVG antivirus, AVG PC Tune up, McAfee, Malwarebytes, Spybot

Keep one antivirus-program (AVG is fine if you like it) and Malwarebytes and uninstall the rest!

How is the situation now? Are there still inappropriate ads and redirects?


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#11 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 02 March 2014 - 02:54 PM

Cant find Avast to disable it.  ESET has detected it.



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 02 March 2014 - 05:54 PM

I don't see a running component from Avast. Just skip this.

#13 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 04 March 2014 - 02:07 AM

In case it may prevent confusion when helping others, it may be useful to include a step before "uninstall" and "finished" that lets people know to find "copy to clipboard"/"export file" by clicking "list threats".

 

I forgot to mention, SuperAntispyware and AdvancedSystem Care IoBit are also installed.  You recommend uninstalling them as well?

 

Also, would USB previously used on this computer likely be infected and likely reinfect computer if inputted again?

 

EDIT: Forgot to also mention, I uninstalled McAffee, AVG PC TuneUp, and something else I cant remember - in case it matters.

 

ESET Log:

 

C:\FRST\Quarantine\fcgklhcllcpddjmdlkenncdoklhomhha27-02-2014_22-51-49\1.6\GGay7G.js    Win32/Adware.MultiPlug.H application
C:\Program Files\Ss.Helper\uninstall.exe    Win32/SProtector.B potentially unwanted application
C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha\1.6\GGay7G.js    Win32/Adware.MultiPlug.H application
C:\Users\G\Documents\CCleaner Install 2013Sept.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\G\Documents\Desktop\RDE.rar.exe    Win32/InstalleRex.I potentially unwanted application
C:\Users\G\Downloads\asc-setup.exe    a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\M\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcgklhcllcpddjmdlkenncdoklhomhha\1.6\GGay7G.js    Win32/Adware.MultiPlug.H application
C:\Users\user\Documents\Desktop\setup.exe    Win32/Toolbar.Conduit potentially unwanted application
C:\Users\user\Documents\Noel's BB photos\FileDownloader.exe    Win32/InstalleRex.E potentially unwanted application
C:\Users\user\Downloads\cbsidlm-cbsi134-Junkware_Removal_Tool-ORG-75910255.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\user\Downloads\cbsidlm-cbsi145-AdwCleaner-ORG-75851221.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\user\Downloads\cbsidlm-cbsi145-HitmanPro_3_64bit-SEO-75110395.exe    a variant of Win32/CNETInstaller.B potentially unwanted application
 


Edited by wierdsci, 04 March 2014 - 02:11 AM.


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:40 PM

Posted 13 March 2014 - 03:19 AM

Sorry again.

I forgot to mention, SuperAntispyware and AdvancedSystem Care IoBit are also installed. You recommend uninstalling them as well?

Yes, I'd recommend to uninstall them both.

Also, would USB previously used on this computer likely be infected and likely reinfect computer if inputted again?

I haven't seen any indication that the computer is infected with a worm that spreads via USB sticks, no.

Can you please tell me what the remaining problems and symptoms are right now?

#15 wierdsci

wierdsci
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:40 PM

Posted 14 March 2014 - 12:05 AM

Thanks.

I haven't noticed further problems.  I guessed it's cleaned.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users