Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Systweak Removal help


  • This topic is locked This topic is locked
27 replies to this topic

#1 EastNasty

EastNasty

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 February 2014 - 08:46 AM

Hi all, I posted to Cnet where the users directed me to helpful tips on bleepingcomputer for removal of Systweak.  In trying to follow the instructions for removal, the first thing mentioned for success is the identification and removal of a DLL such as:

 

O20 - Winlogon Notify: aeefaaeeafcbba - C:\WINDOWS\system32\aeefaaeeafcbba.dll

 

I searched through the windows\system32 folder to see if i could find any dll like that above, and I haven't had luck, though that file is jam packed with thousands of entries.  Any advice on where and how to start a more directed/successful search?  I already have malwarebytes and process explorer on my machine, just waiting to get that dll removed so I can run process explorer successfully.   Just as an attempt, lsass.exe in process explorer denied me access to end the process, i assume that is standard unless i have found and ended the dll?

 

Thanks all!

Joe

 

PS - i am attaching my log from malwarebytes as advised in Cnet forums to post here.

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 13 February 2014 - 09:08 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 February 2014 - 09:12 AM

here's the copy and pasted text of the log:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
cavasinj :: CAVASINJ-PC [administrator]

2/12/2014 11:00:04 AM
MBAM-log-2014-02-12 (13-26-12).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421699
Time elapsed: 1 hour(s), 54 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\SOFTWARE\SEARCHPROTECTINT2 (PUP.Optional.SearchProtect.A) -> No action taken.
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.

Registry Values Detected: 2
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> No action taken.
HKCU\Software\SearchProtectINT2|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 17
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Quarantine (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Temp (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Temp\Temp (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0 (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0 (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages (PUP.Optional.SnapDo.A) -> No action taken.

Files Detected: 73
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RS3Y7RN.exe (PUP.Optional.NextLive.A) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RX98NCC.part (PUP.Optional.RegCleanPro) -> No action taken.
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$R6XLOAM\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.36.zip (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> No action taken.
C:\Users\cavasinj\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe (PUP.Optional.RegCleanPro) -> No action taken.
C:\Users\cavasinj\Downloads\Setup (1).exe (PUP.Optional.Outbrowse) -> No action taken.
C:\Users\cavasinj\Downloads\Setup.exe (PUP.Optional.Outbrowse) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\laststatus.lic (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\status.lic (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1636mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1636update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1637update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1638update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1639update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1640update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1641update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1642update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1643update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1644update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1650mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1651update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1652update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1653update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1654update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1655update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1656update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1657update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1658update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1659update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1660update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1661update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1662update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1663update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1664update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1665update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1666update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1667update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1668update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1669update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1670update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1671update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1672update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\ProgramData\Systweak\Advanced System Protector\updates\1673update.zip (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_08-01-14_03-36-16.xml (PUP.Optional.AdvancedSystemProtector.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\background.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\cs.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\header.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\info.js (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\manifest.json (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\PBShopop.png (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop.png (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop128.png (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop16.png (PUP.Optional.SnapDo.A) -> No action taken.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop48.png (PUP.Optional.SnapDo.A) -> No action taken.

(end)
 



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 13 February 2014 - 11:15 AM

 

-> No action taken.

The entries have to be removed. Please rescan:

 

  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 13 February 2014 - 01:40 PM

one more time:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.12.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
cavasinj :: CAVASINJ-PC [administrator]

2/13/2014 10:17:44 AM
mbam-log-2014-02-13 (10-17-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 421488
Time elapsed: 2 hour(s), 5 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECTINT (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\SEARCHPROTECTINT2 (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKCU\Software\SearchProtectINT|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> Quarantined and deleted successfully.
HKCU\Software\SearchProtectINT2|Install (PUP.Optional.SearchProtect.A) -> Data: 1 -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 18
C:\ProgramData\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Logs (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Quarantine (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Temp (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Temp\Temp (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Mysearchdial (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0 (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\WeatherAlerts (PUP.Optional.WeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0 (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.

Files Detected: 73
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RS3Y7RN.exe (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RX98NCC.part (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$R6XLOAM\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\genienext\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.36.zip (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\Downloads\rcpsetup_dcomnew_sec_300_pd_dcomnew_sec_300_pd.exe (PUP.Optional.RegCleanPro) -> Quarantined and deleted successfully.
C:\Users\cavasinj\Downloads\Setup (1).exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
C:\Users\cavasinj\Downloads\Setup.exe (PUP.Optional.Outbrowse) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\laststatus.lic (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\log.xslt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\status.lic (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1636mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1636update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1637update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1638update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1639update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1640update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1641update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1642update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1643update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1644update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1650mupdate.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1651update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1652update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1653update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1654update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1655update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1656update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1657update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1658update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1659update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1660update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1661update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1662update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1663update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1664update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1665update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1666update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1667update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1668update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1669update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1670update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1671update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1672update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates\1673update.zip (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\ASPLog.txt (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\QDetail.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Settings.db (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Update.ini (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Systweak\Advanced System Protector\Logs\log_08-01-14_03-36-16.xml (PUP.Optional.AdvancedSystemProtector.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\background.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\cs.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\header.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\icon.png (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\info.js (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.1_0\manifest.json (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\PBShopop.png (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop.png (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop128.png (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop16.png (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.
C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\Shopop48.png (PUP.Optional.SnapDo.A) -> Quarantined and deleted successfully.

(end)
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 14 February 2014 - 03:00 AM

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt


Please post the contents of that log in your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 February 2014 - 05:33 PM

as requested; first the FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by cavasinj (administrator) on CAVASINJ-PC on 14-02-2014 16:16:21
Running from C:\Users\cavasinj\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(AMD) C:\windows\system32\atiesrxx.exe
(AMD) C:\windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Google Inc.) C:\Users\cavasinj\AppData\Local\Google\Update\GoogleUpdate.exe
(Facebook Inc.) C:\Users\cavasinj\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Google Inc.) C:\Users\cavasinj\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(AWS Convergence Technologies, Inc.) C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
(Google Inc.) C:\Users\cavasinj\AppData\Local\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Samsung Electronics Co. Ltd.) C:\Users\cavasinj\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\windows\splwow64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [517176 2010-01-29] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1483776 2010-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [300400 2010-03-10] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2552856 2014-02-04] ()
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-06] (AVAST Software)
HKLM-x32\...\Run: [PSUAMain] - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe [32736 2013-10-18] (Panda Security, S.L.)
HKLM-x32\...\Run: [Panda Security URL Filtering] - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe [235072 2013-09-26] (Visicom Media Inc.)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-23] (Google Inc.)
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\Run: [Google Update] - C:\Users\cavasinj\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-19] (Google Inc.)
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\Run: [Facebook Update] - C:\Users\cavasinj\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-09-18] (Facebook Inc.)
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\Run: [Weather] - C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [1653760 2012-11-20] (AWS Convergence Technologies, Inc.)
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\MountPoints2: G - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\MountPoints2: {57e24316-25b1-11e0-bb17-c80aa9a8bceb} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\MountPoints2: {57e24326-25b1-11e0-bb17-c80aa9a8bceb} - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\MountPoints2: {76e0a14e-07a4-11e2-b4b3-806e6f6e6963} - F:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\MountPoints2: {cf18bd98-63cf-11e0-aab9-c80aa9a8bceb} - F:\LaunchU3.exe -a
HKU\S-1-5-21-4247545617-1322224138-1498987710-1000\...\MountPoints2: {d9e673fa-73e5-11e2-a3aa-f1204ff61d86} - G:\ToolLauncher-Bootstrap.exe
Startup: C:\Users\cavasinj\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> C:\Users\cavasinj\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir=
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {CBA4BB39-2608-41AB-BC68-DBE4D604D41B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM - {CBA4BB39-2608-41AB-BC68-DBE4D604D41B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - DefaultScope {DA5B0022-5F03-4D8A-ADE3-F8F3458A6FC5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {DA5B0022-5F03-4D8A-ADE3-F8F3458A6FC5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAA992FBD-DE8E-4C82-9D8C-D0779F173880&q={searchTerms}&SSPV=
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAA992FBD-DE8E-4C82-9D8C-D0779F173880&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CBA4BB39-2608-41AB-BC68-DBE4D604D41B} URL =
SearchScopes: HKCU - {DA5B0022-5F03-4D8A-ADE3-F8F3458A6FC5} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS395
SearchScopes: HKCU - {F712FA51-A019-4DFD-AFF6-BBB7AF80481B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll No File
BHO: Shopop WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
BHO-x32: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
Toolbar: HKLM-x32 - No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll ()
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.3.0\ViProtocol.dll (AVG Secure Search)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default
FF user.js: detected! => C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\user.js
FF Homepage: hxxp://pandasecurity.mystart.com/?pr=vmn&id=pandasecuritytb&v=4_1&utm_campaign=653&ent=hp_653&u=92ADF1CD2100392FBF535552F90CD8C5
FF Keyword.URL: hxxp://www.mystart.com/results.php?pr=vmn&id=pandasecuritytb&v=4_1&ent=bs____campaignID___&u=92ADF1CD2100392FBF535552F90CD8C5&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.3.0\\npsitesafety.dll (AVG Technologies)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\cavasinj\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\cavasinj\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\cavasinj\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\cavasinj\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\cavasinj\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\cavasinj\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\cavasinj\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\cavasinj\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\cavasinj\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Koala Personal Search - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\a6d5f3ea-8d29-452c-94c0-878cb1985d57@b1e2f4a0-21fc-44c4-8d96-96e463afd762.com [2014-01-27]
FF Extension: mysearchdial.com - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\ffxtlbr@mysearchdial.com [2014-01-02]
FF Extension: MySearchDial NewTab - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-02]
FF Extension: Panda Security Toolbar - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [2014-02-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\
FF Extension: Norton IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2014-02-12]
FF HKLM-x32\...\Firefox\Extensions: [crossriderapp498@crossrider.com] - C:\Users\cavasinj\AppData\Local\RewardsArcade\498\Firefox
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-06]

Chrome:
=======
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir=
CHR DefaultSearchKeyword: pandasecurity.mystart.com
CHR DefaultSearchProvider: Search The Web
CHR DefaultSearchURL: http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\cavasinj\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\cavasinj\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\cavasinj\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (AVG Internet Security) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-22]
CHR Extension: (Bazaar Friend) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2013-07-30]
CHR Extension: (Google Search) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-22]
CHR Extension: (Boston MarketOne) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2013-08-16]
CHR Extension: (Panda Security New Tab) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\fknfdieimobmimhdkfkheeejenmdjhoe [2014-02-10]
CHR Extension: (avast! Online Security) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-06]
CHR Extension: (InfoBird Pro) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\icanoneicgaahjbilcgdmnhoocddknbl [2013-08-19]
CHR Extension: (AVG Security Toolbar) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Gmail) - C:\Users\cavasinj\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-22]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\cavasinj\AppData\Local\mysearchdial-speeddial.crx [2011-12-22]
CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\cavasinj\AppData\Local\BazaarFriend.crx [2013-07-30]
CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\cavasinj\AppData\Local\BostonMarketOne.crx [2013-08-15]
CHR HKCU\...\Chrome\Extension: [icanoneicgaahjbilcgdmnhoocddknbl] - C:\Users\cavasinj\AppData\Local\InfoBirdPro.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\cavasinj\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [fknfdieimobmimhdkfkheeejenmdjhoe] - C:\Program Files (x86)\pandasecuritytb\chrome-newtab-search.crx [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2014-01-06]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [2014-01-08]
CHR StartMenuInternet: Google Chrome - C:\Users\cavasinj\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ASO3DiskOptimizer; C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [264488 2013-12-19] (Systweak Software, (www.systweak.com))
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-06] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-01-06] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [140768 2013-10-03] (Panda Security, S.L.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [126400 2011-08-03] (Symantec Corporation)
R2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [37344 2013-10-18] (Panda Security, S.L.)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 vToolbarUpdater17.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe [1771544 2014-01-08] (AVG Secure Search)
S2 VuuPCConnectivity; C:\Program Files (x86)\VuuPC\Connectivity.exe [X]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
R1 aswKbd; C:\windows\system32\drivers\aswKbd.sys [28184 2014-01-06] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [78648 2014-01-06] (AVAST Software)
R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [439648 2014-01-08] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2014-01-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-01-06] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1034464 2014-01-06] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [422216 2014-01-06] (AVAST Software)
R3 aswStm; C:\windows\system32\drivers\aswStm.sys [79672 2014-01-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-06] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-11-25] (AVG Technologies)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [953904 2010-11-23] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [593544 2011-08-03] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-12-15] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R1 HBtnKey; C:\Windows\System32\DRIVERS\wstbtndb.sys [9856 2007-09-14] (Lenovo)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110112.001\IDSvia64.sys [476792 2010-12-01] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110113.018\ENG64.SYS [117880 2010-12-16] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110113.018\EX64.SYS [1791096 2010-12-16] (Symantec Corporation)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [91368 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [122088 2013-05-28] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [109288 2013-05-28] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [114920 2013-05-28] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95464 2013-05-28] (Panda Security, S.L.)
S4 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [69864 2013-05-28] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [119016 2013-05-28] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [305896 2013-05-28] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [118504 2013-05-28] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [114920 2013-05-28] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [246504 2013-05-28] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [106216 2013-05-28] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [169192 2013-10-17] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [122600 2013-10-11] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [206056 2013-10-11] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [124648 2013-10-11] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [137960 2013-10-11] (Panda Security, S.L.)
S3 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [105704 2013-10-11] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [58808 2013-04-29] (Panda Security, S.L.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS [505392 2010-04-21] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS [32304 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMDS64.SYS [433200 2009-10-14] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [221304 2011-08-21] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [173104 2010-12-13] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [150064 2010-04-28] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [451704 2011-08-21] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 16:17 - 2014-02-14 16:17 - 01704106 _____ () C:\Users\cavasinj\Downloads\tdsskiller.zip.part
2014-02-14 16:17 - 2014-02-14 16:17 - 00000000 _____ () C:\Users\cavasinj\Downloads\tdsskiller.zip
2014-02-14 16:16 - 2014-02-14 16:17 - 00042563 _____ () C:\Users\cavasinj\Downloads\FRST.txt
2014-02-14 16:15 - 2014-02-14 16:16 - 00000000 ____D () C:\FRST
2014-02-14 16:12 - 2014-02-14 16:12 - 02152960 _____ (Farbar) C:\Users\cavasinj\Downloads\FRST64.exe
2014-02-13 07:31 - 2014-02-13 07:31 - 00000000 ____D () C:\Users\cavasinj\Downloads\ProcessExplorer
2014-02-13 07:30 - 2014-02-13 07:31 - 01243588 _____ () C:\Users\cavasinj\Downloads\ProcessExplorer.zip
2014-02-12 10:56 - 2014-02-12 10:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\cavasinj\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-02-12 03:03 - 2013-12-21 03:53 - 00548864 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-02-12 03:03 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-02-12 03:01 - 2014-02-06 06:16 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-12 03:01 - 2014-02-06 05:30 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-12 03:01 - 2014-02-06 05:30 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-12 03:01 - 2014-02-06 05:12 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-12 03:01 - 2014-02-06 05:07 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-12 03:01 - 2014-02-06 05:06 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-12 03:01 - 2014-02-06 04:57 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-12 03:01 - 2014-02-06 04:56 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-12 03:01 - 2014-02-06 04:52 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-12 03:01 - 2014-02-06 04:49 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-12 03:01 - 2014-02-06 04:48 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-12 03:01 - 2014-02-06 04:48 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-12 03:01 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-12 03:01 - 2014-02-06 04:32 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-12 03:01 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-12 03:01 - 2014-02-06 04:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-12 03:01 - 2014-02-06 04:11 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-12 03:01 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-12 03:01 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-12 03:01 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-12 03:01 - 2014-02-06 03:57 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-12 03:01 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-12 03:01 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-12 03:01 - 2014-02-06 03:50 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-12 03:01 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-12 03:01 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-12 03:01 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-12 03:01 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-12 03:01 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-12 03:01 - 2014-02-06 03:24 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-12 03:01 - 2014-02-06 03:22 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-12 03:01 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-12 03:01 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-12 03:01 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-12 03:01 - 2014-02-06 02:55 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-12 03:01 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-12 03:01 - 2014-02-06 02:40 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-12 03:01 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-12 03:01 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-11 20:00 - 2013-12-31 17:05 - 00420008 _____ () C:\windows\SysWOW64\locale.nls
2014-02-11 20:00 - 2013-12-31 17:04 - 00420008 _____ () C:\windows\system32\locale.nls
2014-02-11 19:59 - 2013-12-05 20:30 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-02-11 19:59 - 2013-12-05 20:30 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-02-11 19:59 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-02-11 19:59 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-02-11 19:59 - 2013-12-03 20:16 - 00658432 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_isv.exe
2014-02-11 19:59 - 2013-12-03 20:16 - 00626176 _____ (Microsoft Corporation) C:\windows\system32\RMActivate.exe
2014-02-11 19:59 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_isv.exe
2014-02-11 19:59 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate.exe
2014-02-11 19:59 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-11 19:58 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-02-11 19:58 - 2013-12-24 16:48 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-02-11 19:58 - 2013-12-03 20:27 - 00488448 _____ (Microsoft Corporation) C:\windows\system32\secproc.dll
2014-02-11 19:58 - 2013-12-03 20:27 - 00485888 _____ (Microsoft Corporation) C:\windows\system32\secproc_isv.dll
2014-02-11 19:58 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp_isv.dll
2014-02-11 19:58 - 2013-12-03 20:27 - 00123392 _____ (Microsoft Corporation) C:\windows\system32\secproc_ssp.dll
2014-02-11 19:58 - 2013-12-03 20:26 - 00528384 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-02-11 19:58 - 2013-12-03 20:16 - 00553984 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp.exe
2014-02-11 19:58 - 2013-12-03 20:16 - 00552960 _____ (Microsoft Corporation) C:\windows\system32\RMActivate_ssp_isv.exe
2014-02-11 19:58 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc.dll
2014-02-11 19:58 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_isv.dll
2014-02-11 19:58 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp_isv.dll
2014-02-11 19:58 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\secproc_ssp.dll
2014-02-11 19:58 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-02-11 19:58 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RMActivate_ssp.exe
2014-02-11 19:58 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-02-11 19:58 - 2013-11-22 16:48 - 03928064 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-02-10 11:33 - 2014-02-10 11:34 - 00000000 ____D () C:\Users\cavasinj\AppData\Local\panda4_1dn
2014-02-10 11:33 - 2014-02-10 11:33 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2014-02-10 11:33 - 2014-02-10 11:33 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-02-10 11:31 - 2014-02-10 11:34 - 00000000 ____D () C:\Program Files (x86)\pandasecuritytb
2014-02-10 11:31 - 2013-04-29 01:17 - 00058808 _____ (Panda Security, S.L.) C:\windows\system32\Drivers\PSKMAD.sys
2014-02-10 11:30 - 2014-02-10 11:30 - 00000000 ____D () C:\Users\cavasinj\AppData\Roaming\Panda Security
2014-02-10 11:29 - 2014-02-10 11:29 - 00000000 ____D () C:\ProgramData\Panda Security
2014-02-10 11:29 - 2014-02-10 11:29 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-10 11:24 - 2014-02-10 11:24 - 00845944 _____ () C:\Users\cavasinj\Downloads\PandaCloudAntivirus(1).exe
2014-02-10 11:23 - 2014-02-10 11:23 - 00845944 _____ () C:\Users\cavasinj\Downloads\PandaCloudAntivirus.exe
2014-02-06 16:02 - 2014-02-06 16:02 - 05556104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-01-24 09:23 - 2014-01-24 09:23 - 00807952 _____ () C:\Users\cavasinj\Downloads\Joe BS.jpeg
2014-01-21 13:54 - 2014-01-21 13:54 - 00819136 _____ (Google Inc.) C:\Users\cavasinj\Downloads\googledrivesync.exe
2014-01-17 10:27 - 2013-11-26 19:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-17 10:27 - 2013-11-26 19:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-17 10:27 - 2013-11-26 19:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-17 10:27 - 2013-11-26 19:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-17 10:27 - 2013-11-26 19:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-17 10:27 - 2013-11-26 19:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-17 10:27 - 2013-11-26 19:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-17 10:27 - 2013-11-26 05:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-17 10:27 - 2013-11-26 04:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

2014-02-14 16:18 - 2010-09-06 06:15 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 16:17 - 2014-02-14 16:17 - 01704106 _____ () C:\Users\cavasinj\Downloads\tdsskiller.zip.part
2014-02-14 16:17 - 2014-02-14 16:17 - 00000000 _____ () C:\Users\cavasinj\Downloads\tdsskiller.zip
2014-02-14 16:17 - 2014-02-14 16:16 - 00042563 _____ () C:\Users\cavasinj\Downloads\FRST.txt
2014-02-14 16:16 - 2014-02-14 16:15 - 00000000 ____D () C:\FRST
2014-02-14 16:12 - 2014-02-14 16:12 - 02152960 _____ (Farbar) C:\Users\cavasinj\Downloads\FRST64.exe
2014-02-14 16:11 - 2012-09-18 06:37 - 00000940 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000UA.job
2014-02-14 16:11 - 2012-07-12 13:25 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 16:11 - 2011-12-22 06:57 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000UA.job
2014-02-14 16:11 - 2010-06-02 22:59 - 01971594 _____ () C:\windows\WindowsUpdate.log
2014-02-14 13:03 - 2009-07-13 22:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 13:03 - 2009-07-13 22:45 - 00015792 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 08:42 - 2012-09-18 06:37 - 00000918 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000Core.job
2014-02-14 08:34 - 2011-12-22 08:32 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-14 07:07 - 2014-01-06 10:30 - 00000000 ____D () C:\Users\cavasinj\AppData\Local\WeatherBug
2014-02-13 18:18 - 2010-09-06 06:15 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-13 17:47 - 2011-12-22 06:57 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000Core.job
2014-02-13 15:30 - 2009-07-13 23:13 - 00726444 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-13 12:37 - 2014-01-01 17:16 - 00000000 ____D () C:\ProgramData\Systweak
2014-02-13 12:37 - 2011-12-22 09:15 - 00000000 ____D () C:\Users\cavasinj\AppData\Roaming\Systweak
2014-02-13 12:36 - 2014-01-01 19:16 - 00000000 ____D () C:\Users\cavasinj\AppData\Local\genienext
2014-02-13 07:31 - 2014-02-13 07:31 - 00000000 ____D () C:\Users\cavasinj\Downloads\ProcessExplorer
2014-02-13 07:31 - 2014-02-13 07:30 - 01243588 _____ () C:\Users\cavasinj\Downloads\ProcessExplorer.zip
2014-02-13 07:08 - 2010-12-18 10:59 - 00000000 ____D () C:\Users\cavasinj\AppData\Local\CrashDumps
2014-02-12 13:57 - 2012-10-14 08:41 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-02-12 13:52 - 2014-01-08 15:08 - 00000728 _____ () C:\windows\setupact.log
2014-02-12 13:52 - 2014-01-08 15:07 - 00030768 _____ () C:\windows\PFRO.log
2014-02-12 13:52 - 2012-03-18 16:14 - 00000000 ____D () C:\ProgramData\Kodak
2014-02-12 13:52 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-12 10:58 - 2014-01-08 08:22 - 00001124 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-12 10:58 - 2014-01-08 08:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 10:56 - 2014-02-12 10:56 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\cavasinj\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-02-12 10:38 - 2014-01-08 10:36 - 00000466 _____ () C:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
2014-02-12 03:45 - 2012-05-10 11:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-11 12:49 - 2011-12-28 18:05 - 00000000 ____D () C:\Users\cavasinj\AppData\Roaming\Mozilla
2014-02-11 12:47 - 2014-01-02 18:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-11 12:42 - 2009-07-13 22:45 - 00415400 _____ () C:\windows\system32\FNTCACHE.DAT
2014-02-10 11:34 - 2014-02-10 11:33 - 00000000 ____D () C:\Users\cavasinj\AppData\Local\panda4_1dn
2014-02-10 11:34 - 2014-02-10 11:31 - 00000000 ____D () C:\Program Files (x86)\pandasecuritytb
2014-02-10 11:33 - 2014-02-10 11:33 - 00000000 ____D () C:\ProgramData\Panda Security URL Filtering
2014-02-10 11:33 - 2014-02-10 11:33 - 00000000 ____D () C:\Program Files (x86)\Toolbar Cleaner
2014-02-10 11:30 - 2014-02-10 11:30 - 00000000 ____D () C:\Users\cavasinj\AppData\Roaming\Panda Security
2014-02-10 11:30 - 2010-09-05 14:41 - 00094112 _____ () C:\Users\cavasinj\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-10 11:29 - 2014-02-10 11:29 - 00000000 ____D () C:\ProgramData\Panda Security
2014-02-10 11:29 - 2014-02-10 11:29 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-02-10 11:24 - 2014-02-10 11:24 - 00845944 _____ () C:\Users\cavasinj\Downloads\PandaCloudAntivirus(1).exe
2014-02-10 11:23 - 2014-02-10 11:23 - 00845944 _____ () C:\Users\cavasinj\Downloads\PandaCloudAntivirus.exe
2014-02-06 16:02 - 2014-02-06 16:02 - 05556104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-06 16:02 - 2012-07-12 13:25 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 16:02 - 2011-11-27 15:38 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 06:16 - 2014-02-12 03:01 - 23170048 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-02-06 05:30 - 2014-02-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-02-06 05:30 - 2014-02-12 03:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-02-06 05:12 - 2014-02-12 03:01 - 02765824 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-02-06 05:07 - 2014-02-12 03:01 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-02-06 05:06 - 2014-02-12 03:01 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-12 03:01 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-02-06 04:56 - 2014-02-12 03:01 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-02-06 04:52 - 2014-02-12 03:01 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-02-06 04:49 - 2014-02-12 03:01 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-02-06 04:48 - 2014-02-12 03:01 - 00708608 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-02-06 04:48 - 2014-02-12 03:01 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-02-06 04:38 - 2014-02-12 03:01 - 17103872 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-02-06 04:32 - 2014-02-12 03:01 - 00218624 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-02-06 04:20 - 2014-02-12 03:01 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-02-06 04:17 - 2014-02-12 03:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-02-06 04:11 - 2014-02-12 03:01 - 05768704 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-02-06 04:01 - 2014-02-12 03:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-02-06 04:00 - 2014-02-12 03:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 03:01 - 02168320 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-02-06 03:57 - 2014-02-12 03:01 - 00627200 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-02-06 03:52 - 2014-02-12 03:01 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 03:01 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-02-06 03:50 - 2014-02-12 03:01 - 02041856 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-02-06 03:49 - 2014-02-12 03:01 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-02-06 03:47 - 2014-02-12 03:01 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-02-06 03:46 - 2014-02-12 03:01 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-02-06 03:25 - 2014-02-12 03:01 - 04244480 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-02-06 03:25 - 2014-02-12 03:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-02-06 03:24 - 2014-02-12 03:01 - 02334208 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-02-06 03:22 - 2014-02-12 03:01 - 13051392 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-02-06 03:13 - 2014-02-12 03:01 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 03:01 - 01964032 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 03:01 - 11266048 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-02-06 02:55 - 2014-02-12 03:01 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-02-06 02:41 - 2014-02-12 03:01 - 01820160 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-02-06 02:40 - 2014-02-12 03:01 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-02-06 02:36 - 2014-02-12 03:01 - 01156096 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-02-06 02:34 - 2014-02-12 03:01 - 00703488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-02-04 16:54 - 2011-12-22 07:01 - 00002356 _____ () C:\Users\cavasinj\Desktop\Google Chrome.lnk
2014-02-04 11:01 - 2013-11-25 08:59 - 00000000 ____D () C:\Users\cavasinj\AppData\Local\AVG Secure Search
2014-02-04 11:00 - 2013-11-25 08:58 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2014-01-24 09:23 - 2014-01-24 09:23 - 00807952 _____ () C:\Users\cavasinj\Downloads\Joe BS.jpeg
2014-01-21 13:54 - 2014-01-21 13:54 - 00819136 _____ (Google Inc.) C:\Users\cavasinj\Downloads\googledrivesync.exe
2014-01-18 03:09 - 2010-06-02 22:59 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-18 03:06 - 2013-08-15 15:59 - 00000000 ____D () C:\windows\system32\MRT
2014-01-18 03:02 - 2011-12-17 07:35 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

Files to move or delete:
====================
C:\ProgramData\cwes.exe
C:\ProgramData\dfvg.exe
C:\ProgramData\kfvg.exe
C:\ProgramData\ojfp.exe
C:\Users\cavasinj\CadStd_Pro_V3_Install.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-11 21:04

==================== End Of Log ============================

 

Now the "Additional" log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by cavasinj at 2014-02-14 16:20:49
Running from C:\Users\cavasinj\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security (Disabled - Out of date) {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Up to date) {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security (Disabled) {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader 9.3 (x32 Version: 9.3.0 - Adobe Systems Incorporated)
Advanced System Optimizer (x32 Version: 3.5.1000.15646 - Systweak Software)
aiofw (x32 Version: 4.2.6.0 - Eastman Kodak Company) Hidden
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 4.2.6.0 - Your Company Name) Hidden
Amazon MP3 Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (x32 Version: 2.3 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (x32 Version: 1.6.9.0 - Ask.com) <==== ATTENTION
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.26 - Atheros Communications Inc.)
ATI Catalyst Install Manager (Version: 3.0.765.0 - ATI Technologies, Inc.)
avast! Internet Security (x32 Version: 9.0.2011 - Avast Software)
Avery Template (x32 Version: 2.0.0.0 - Avery)
AVG 2014 (Version: 14.0.3705 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2014 (Version: 2014.0.4259 - AVG Technologies)
AVG Security Toolbar (x32 Version: 17.3.0.49 - AVG Technologies)
Best Buy Software Installer (Version: 2.3.0.1 - Best Buy) Hidden
Best Buy Software Installer (x32 Version: 2.3.0.1 - Best Buy)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
Bonjour (Version: 1.0.106 - Apple Inc.)
CadStd (x32 Version: 3.7.2 - Apperson & Daughters)
Canon MP620 series MP Drivers (Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0315.1050.17562 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility64 (Version: 2010.0315.1050.17562 - ATI) Hidden
center (x32 Version: 5.0.0.0 - Eastman Kodak Company) Hidden
Cisco Connect (x32 Version: 1.4.12263.1 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.)
Citrix online plug-in - web (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.0.0.6410 - Citrix Systems, Inc.) Hidden
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant HD Audio (Version: 4.112.0.61 - Conexant)
Facebook Video Calling 2.0.0.447 (x32 Version: 2.0.447 - Skype Limited)
Google Chrome (HKCU Version: 32.0.1700.107 - Google Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google SketchUp 8 (x32 Version: 3.0.11752 - Google, Inc.)
Google Talk Plugin (x32 Version: 5.1.4.17398 - Google)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
H&R Block Deluxe + Efile + State 2010 (x32 Version: 10.04.5301 - HRB Technology, LLC.)
H&R Block Michigan 2010 (x32 Version: 1.10.3101 - HRB Technology, LLC.)
HP FWUpdateEDO2 (x32 Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (x32 Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (x32 Version: 5.003.001.001 - Hewlett-Packard)
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
Java 7 Update 21 (x32 Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 29 (x32 Version: 6.0.290 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KODAK AiO Home Center (x32 Version: 5.3.4.0 - Eastman Kodak Company)
ksDIP (x32 Version: 3.20.0000.0001 - Eastman Kodak Company) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft IntelliPoint 8.0 (Version: 8.0.225.0 - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (x32 Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)
Mozilla Firefox 27.0 (x86 en-US) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
Nero BurnLite 10 (x32 Version: 10.0.10100.1.100 - Nero AG)
Nero BurnLite 10 (x32 Version: 10.0.10500 - Nero AG)
Nero Control Center 10 (x32 Version: 10.0.13100.3.1 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.15100.0.1 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.0018 - Nero AG)
Norton Internet Security (x32 Version: 17.9.0.12 - Symantec Corporation)
Panda Cloud Antivirus (Version: 6.06.00.0000 - Panda Security) Hidden
Panda Cloud Antivirus (x32 Version: 02.03.00.0000 - Panda Security)
Panda Security Toolbar (x32 Version: 4.1.0.5 - Panda Security and Visicom Media Inc.)
PC Speed Up (Version: 3.4.5.0 - Speedchecker Limited)
Picasa 3 (x32 Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PreReq (x32 Version: 6.0.5.2 - Eastman Kodak Company) Hidden
Qtrax Player (HKCU Version:  - portal.qtrax.com)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (x32 Version: 2.00.0011 - Realtek)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Shopop (x32 Version: 10.203.68.14274 - My Pop Shop Ltd.) <==== ATTENTION
Sibelius Scorch (Firefox, Opera, Netscape only) (x32 Version: 6.2.0 - Sibelius Software)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
SpyHunter (Version: 4.16.5.4290 - Enigma Software Group USA, LLC)
Synaptics Pointing Device Driver (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (x32 Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (x32 Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Bulletin Board (x32 Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.7.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.7.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (x32 Version: 1.2.7.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (x32 Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (Version: 4.03.02.00 - TOSHIBA) Hidden
TOSHIBA Hardware Setup (x32 Version: 4.03.02.00 - )
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (x32 Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.4.9 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA ReelTime (x32 Version: 1.6.05.64 - TOSHIBA Corporation)
TOSHIBA Service Station (x32 Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 4.03.02.00 - TOSHIBA) Hidden
TOSHIBA Supervisor Password (x32 Version: 4.03.02.00 - )
TOSHIBA Value Added Package (Version: 1.3.2.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.2.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (x32 Version: 1.3.2.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (x32 Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (x32 Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Verizon Mobile Broadband Drivers (x32 Version: 3.02.002.002 - Novatel Wireless)
Verizon Wireless MiFi-2200 Firmware Updates (x32 Version: 1.0.3 - Smith Micro Software, Inc.)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (x32 Version: 2.13.0273 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (x32 Version: 2.13.0246 - Samsung Electronics Co., Ltd.)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VZAccess Manager (x32 Version: 7.3.11.1 - Smith Micro Software Inc.)
WeatherBug (x32 Version: 7.0.0.11 - Earth Networks, Inc.)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

28-01-2014 01:21:57 Scheduled Checkpoint
29-01-2014 09:00:13 Windows Update
01-02-2014 20:27:29 Windows Update
12-02-2014 03:12:22 Scheduled Checkpoint
12-02-2014 09:00:22 Windows Update
12-02-2014 16:51:28 Removed WeatherBug
12-02-2014 16:53:26 Removed WeatherBug

==================== Hosts content: ==========================

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0EEC98EF-91C4-46E1-BC69-674EB93CB519} - \Scheduled Update for Ask Toolbar No Task File
Task: {127471E6-9635-4E84-8516-EBE8B67E0E0F} - \GoogleUpdateTaskMachineUA No Task File
Task: {1A5FA380-0A74-4170-8BF0-A4E6DF55E355} - \{C6182C84-8589-4FA2-A7C0-D7E0117260C1} No Task File
Task: {2F0599CB-76DF-4846-BC1B-9A86B3B15644} - \FacebookUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000Core No Task File
Task: {3292339E-1153-49BF-9127-60861174656E} - \{B0A4F93E-5AAF-418E-9E4C-D0F9F9743E8D} No Task File
Task: {51B32370-F368-40E6-957F-CC7E9DCE18D4} - \GoogleUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000Core No Task File
Task: {570E21CF-BFA7-4896-AA26-DACDDA6178B9} - \Adobe Flash Player Updater No Task File
Task: {66D3FE19-96D0-4649-A0E0-778715D2BEE4} - \DSite No Task File
Task: {6EC51E32-C2FA-42E0-8860-B339EA7ACFF8} - \SidebarExecute No Task File
Task: {7580A7E2-EF1C-4661-8125-CBFE2F88C196} - System32\Tasks\Symantec\Symantec Error Analyzer 17.9.0.12 => C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {7ADED3A2-6289-41DE-996F-4EA830C92387} - \HPCustParticipation HP Officejet 6700 No Task File
Task: {7EB50D1B-9731-4B90-BAE2-11F54D09B4DC} - \Microsoft_Hardware_Launch_IPoint_exe No Task File
Task: {82A86D4E-697F-4B4A-AFB6-C0071D227BDE} - \{94BBE573-0C89-4207-89E4-D56BBC087E83} No Task File
Task: {8CA1CF9D-12BE-4292-B494-884D4110A2D3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {94A83EAA-317E-4A7D-B7A1-69069F8DDE94} - System32\Tasks\Symantec\Symantec Error Processor 17.9.0.12 => C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\SymErr.exe [2011-09-19] (Symantec Corporation)
Task: {9F5519E5-0347-4194-A796-B91E8F81A635} - \avast! Emergency Update No Task File
Task: {B2210470-6757-446A-96F7-2FFD3325DDF9} - \GoogleUpdateTaskMachineCore No Task File
Task: {BA67DDF3-5E8A-4C8F-9E08-8B65B7189524} - \GoogleUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000UA No Task File
Task: {BCCC78E6-4ECD-4F6F-BBC9-3A6641EC6351} - \RegClean Pro No Task File
Task: {D71A5AFE-6749-47DF-860C-B24496003B05} - \Advanced System Protector_startup No Task File
Task: {DCAE1A49-433E-40FE-93B5-BA1857B9FA0B} - \FacebookUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000UA No Task File
Task: {E8F9A360-E54C-415C-B51D-A0D85F0E0F9E} - \ASO-AutoCheckUpdate7Days No Task File
Task: {E9C6C56C-FD9A-4F9C-BB6A-9C3C4D125FA3} - \ASO-System Protector_startup No Task File
Task: {F95520E8-9863-40B0-A5D9-6829E6978A6A} - \SpyHunter4Startup No Task File
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\ASO-AutoCheckUpdate7Days.job => C:\Program Files (x86)\Advanced System Optimizer 3\CheckUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000Core.job => C:\Users\cavasinj\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000UA.job => C:\Users\cavasinj\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000Core.job => C:\Users\cavasinj\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4247545617-1322224138-1498987710-1000UA.job => C:\Users\cavasinj\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-03-03 15:15 - 2010-03-03 15:15 - 08762680 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-03-23 19:06 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2013-11-25 08:58 - 2014-02-04 11:00 - 02552856 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2009-10-13 11:00 - 2009-10-13 11:00 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-06-02 23:11 - 2010-06-02 23:11 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\cavasinj\Downloads\Re.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: Canon MP620 ser Network
Description: Canon MP620 ser Network
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Canon
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2014 07:09:41 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/13/2014 00:35:32 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (02/13/2014 07:08:06 AM) (Source: Application Error) (User: )
Description: Faulting application name: Panda_URL_Filtering.exe, version: 1.0.1.108, time stamp: 0x51bb60f8
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x1978
Faulting application start time: 0xPanda_URL_Filtering.exe0
Faulting application path: Panda_URL_Filtering.exe1
Faulting module path: Panda_URL_Filtering.exe2
Report Id: Panda_URL_Filtering.exe3

Error: (02/13/2014 07:07:41 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/11/2014 10:27:47 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (02/11/2014 09:09:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (02/11/2014 00:05:31 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108

Error: (02/10/2014 04:45:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: NWHelper_001.exe, version: 1.0.0.8, time stamp: 0x4c166e4f
Faulting module name: NWHelper_001.exe, version: 1.0.0.8, time stamp: 0x4c166e4f
Exception code: 0xc0000005
Fault offset: 0x000000000000b696
Faulting process id: 0x8c8
Faulting application start time: 0xNWHelper_001.exe0
Faulting application path: NWHelper_001.exe1
Faulting module path: NWHelper_001.exe2
Report Id: NWHelper_001.exe3

Error: (02/10/2014 00:45:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: Panda_URL_Filtering.exe, version: 1.0.1.108, time stamp: 0x51bb60f8
Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f
Exception code: 0xc0000005
Fault offset: 0x00039342
Faulting process id: 0x1d3c
Faulting application start time: 0xPanda_URL_Filtering.exe0
Faulting application path: Panda_URL_Filtering.exe1
Faulting module path: Panda_URL_Filtering.exe2
Report Id: Panda_URL_Filtering.exe3

Error: (02/10/2014 11:39:00 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005


System errors:
=============
Error: (02/12/2014 05:11:26 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (02/12/2014 01:53:56 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

Error: (02/12/2014 01:53:33 PM) (Source: Service Control Manager) (User: )
Description: The VuuPC Connectivity service failed to start due to the following error:
%%2

Error: (02/12/2014 03:47:10 AM) (Source: Service Control Manager) (User: )
Description: The VuuPC Connectivity service failed to start due to the following error:
%%2

Error: (02/12/2014 03:46:35 AM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%1053

Error: (02/12/2014 03:46:35 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.

Error: (02/11/2014 07:41:46 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PSUAService service.

Error: (02/11/2014 00:44:17 PM) (Source: Service Control Manager) (User: )
Description: The VuuPC Connectivity service failed to start due to the following error:
%%2

Error: (02/11/2014 00:43:05 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%1053

Error: (02/11/2014 00:43:05 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Norton Internet Security service to connect.


Microsoft Office Sessions:
=========================
Error: (12/26/2013 08:29:47 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2158 seconds with 360 seconds of active time.  This session ended with a crash.


==================== Memory info ===========================

Percentage of memory in use: 87%
Total physical RAM: 2810.9 MB
Available physical RAM: 349.33 MB
Total Pagefile: 5919.98 MB
Available Pagefile: 1801.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI105828W0G) (Fixed) (Total:286.55 GB) (Free:219.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 99540982)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10 GB) - (Type=17)

==================== End Of Log ============================

 

 



#8 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 14 February 2014 - 05:34 PM

and the final log requested: Kaspersky Antirootkit:

 

16:26:04.0237 0x0794  TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
16:26:09.0732 0x0794  ============================================================
16:26:09.0732 0x0794  Current date / time: 2014/02/14 16:26:09.0732
16:26:09.0732 0x0794  SystemInfo:
16:26:09.0732 0x0794  
16:26:09.0732 0x0794  OS Version: 6.1.7601 ServicePack: 1.0
16:26:09.0732 0x0794  Product type: Workstation
16:26:09.0732 0x0794  ComputerName: CAVASINJ-PC
16:26:09.0732 0x0794  UserName: cavasinj
16:26:09.0732 0x0794  Windows directory: C:\windows
16:26:09.0732 0x0794  System windows directory: C:\windows
16:26:09.0732 0x0794  Running under WOW64
16:26:09.0732 0x0794  Processor architecture: Intel x64
16:26:09.0732 0x0794  Number of processors: 2
16:26:09.0733 0x0794  Page size: 0x1000
16:26:09.0733 0x0794  Boot type: Normal boot
16:26:09.0733 0x0794  ============================================================
16:26:12.0496 0x0794  KLMD registered as C:\windows\system32\drivers\07801328.sys
16:26:13.0360 0x0794  System UUID: {2466DE35-DB48-A072-4FBB-67DEDF0DDBC6}
16:26:15.0646 0x0794  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:26:15.0662 0x0794  ============================================================
16:26:15.0662 0x0794  \Device\Harddisk0\DR0:
16:26:15.0663 0x0794  MBR partitions:
16:26:15.0663 0x0794  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D1B800
16:26:15.0663 0x0794  ============================================================
16:26:15.0692 0x0794  C: <-> \Device\Harddisk0\DR0\Partition1
16:26:15.0693 0x0794  ============================================================
16:26:15.0693 0x0794  Initialize success
16:26:15.0693 0x0794  ============================================================
16:26:17.0759 0x09f8  ============================================================
16:26:17.0759 0x09f8  Scan started
16:26:17.0759 0x09f8  Mode: Manual;
16:26:17.0759 0x09f8  ============================================================
16:26:17.0759 0x09f8  KSN ping started
16:26:41.0013 0x09f8  KSN ping finished: true
16:26:41.0780 0x09f8  ================ Scan system memory ========================
16:26:41.0781 0x09f8  System memory - ok
16:26:41.0782 0x09f8  ================ Scan services =============================
16:26:42.0042 0x09f8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
16:26:42.0053 0x09f8  1394ohci - ok
16:26:42.0127 0x09f8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\windows\system32\drivers\ACPI.sys
16:26:42.0138 0x09f8  ACPI - ok
16:26:42.0175 0x09f8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
16:26:42.0178 0x09f8  AcpiPmi - ok
16:26:42.0295 0x09f8  [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:26:42.0314 0x09f8  AdobeFlashPlayerUpdateSvc - ok
16:26:42.0365 0x09f8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\windows\system32\DRIVERS\adp94xx.sys
16:26:42.0386 0x09f8  adp94xx - ok
16:26:42.0406 0x09f8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\windows\system32\DRIVERS\adpahci.sys
16:26:42.0418 0x09f8  adpahci - ok
16:26:42.0431 0x09f8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\windows\system32\DRIVERS\adpu320.sys
16:26:42.0438 0x09f8  adpu320 - ok
16:26:42.0469 0x09f8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
16:26:42.0473 0x09f8  AeLookupSvc - ok
16:26:42.0531 0x09f8  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\windows\system32\drivers\afd.sys
16:26:42.0546 0x09f8  AFD - ok
16:26:42.0588 0x09f8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\windows\system32\drivers\agp440.sys
16:26:42.0592 0x09f8  agp440 - ok
16:26:42.0614 0x09f8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\windows\System32\alg.exe
16:26:42.0618 0x09f8  ALG - ok
16:26:42.0665 0x09f8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\windows\system32\drivers\aliide.sys
16:26:42.0668 0x09f8  aliide - ok
16:26:42.0700 0x09f8  [ 57B773D82E8CC3C6D7E02CC8A6632043, 8E3BEF76976E884E9E68BEC34963E4C6C0D523630D5FB1325B3A622B6369FF4E ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
16:26:42.0708 0x09f8  AMD External Events Utility - ok
16:26:42.0714 0x09f8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\windows\system32\drivers\amdide.sys
16:26:42.0718 0x09f8  amdide - ok
16:26:42.0749 0x09f8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\windows\system32\DRIVERS\amdk8.sys
16:26:42.0799 0x09f8  AmdK8 - ok
16:26:43.0152 0x09f8  [ AEFAF27F1B7E52C705DF4FB6C96732F6, 83F8A4EB3B0EA02E4F6F648F93014A3BC10A25CB0557DE2D50A26F338B278165 ] amdkmdag        C:\windows\system32\DRIVERS\atipmdag.sys
16:26:43.0510 0x09f8  amdkmdag - ok
16:26:43.0596 0x09f8  [ 8149DB73BE27950EC72767A1193153A6, 2EE3E241695C6EEE0C013E6E5DC2C0D71B0474032D138E9958E6A191C691B481 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
16:26:43.0603 0x09f8  amdkmdap - ok
16:26:43.0644 0x09f8  [ 8A375CB3B6D1A56A2AEEE72A5F1D0926, 03D6EA77B141675B719E66DA09D1DACC7137B19F9918C303DD6870B3F36ADEBB ] amdkmpfd        C:\windows\system32\DRIVERS\amdkmpfd.sys
16:26:43.0647 0x09f8  amdkmpfd - ok
16:26:43.0664 0x09f8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
16:26:43.0668 0x09f8  AmdPPM - ok
16:26:43.0707 0x09f8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\windows\system32\drivers\amdsata.sys
16:26:43.0713 0x09f8  amdsata - ok
16:26:43.0749 0x09f8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\windows\system32\DRIVERS\amdsbs.sys
16:26:43.0756 0x09f8  amdsbs - ok
16:26:43.0780 0x09f8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\windows\system32\drivers\amdxata.sys
16:26:43.0782 0x09f8  amdxata - ok
16:26:43.0825 0x09f8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\windows\system32\drivers\appid.sys
16:26:43.0829 0x09f8  AppID - ok
16:26:43.0849 0x09f8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\windows\System32\appidsvc.dll
16:26:43.0852 0x09f8  AppIDSvc - ok
16:26:43.0894 0x09f8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\windows\System32\appinfo.dll
16:26:43.0898 0x09f8  Appinfo - ok
16:26:43.0910 0x09f8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\windows\system32\DRIVERS\arc.sys
16:26:43.0914 0x09f8  arc - ok
16:26:43.0933 0x09f8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\windows\system32\DRIVERS\arcsas.sys
16:26:43.0938 0x09f8  arcsas - ok
16:26:44.0047 0x09f8  [ 9DCEA2CB3E41962C780883B0277D1324, 1AA7198B94F17556C7E299FCCA6A50BB4F102119D6D8DBE62BEA7813C366AF1B ] ASO3DiskOptimizer C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
16:26:44.0060 0x09f8  ASO3DiskOptimizer - ok
16:26:44.0089 0x09f8  [ 57483E691D635510533E081EC4CB81EC, 5A963D1A51EAE53271820824522DD0372789035FEC8EEDA7B03A5049E0F85AF8 ] aswKbd          C:\windows\system32\drivers\aswKbd.sys
16:26:44.0093 0x09f8  aswKbd - ok
16:26:44.0130 0x09f8  [ 9C2BEA3957EFFD45F352F0938DFB3721, 7006CC604C480CF512A29AD03BA17FFA564FDDF34CE768ACBD805611503D5012 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
16:26:44.0134 0x09f8  aswMonFlt - ok
16:26:44.0180 0x09f8  [ 0E27000220635C2D831B0A4689AFF6E9, 2617D748122353ED29F1CD7084BE475E853CD20A4746CBBCC3D48E64E8CE5217 ] aswNdisFlt      C:\windows\system32\DRIVERS\aswNdisFlt.sys
16:26:44.0194 0x09f8  aswNdisFlt - ok
16:26:44.0244 0x09f8  [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr          C:\windows\system32\drivers\aswRdr2.sys
16:26:44.0254 0x09f8  aswRdr - ok
16:26:44.0291 0x09f8  [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
16:26:44.0296 0x09f8  aswRvrt - ok
16:26:44.0350 0x09f8  [ 52B5F8FAF7E78C02D26B0B6E3A05F596, 7C45BA507529F822D4397BD5F001EC861C85E9CBB1F75927E48843B15D5C0B8E ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
16:26:44.0381 0x09f8  aswSnx - ok
16:26:44.0423 0x09f8  [ 251360C2FCA22BAFE0583314B3262F98, 1EB1B4620E3AFA8ACDDE5F1A6EC4AAEDD40AE2FC5C013AF1B13B03C4B60F6CEB ] aswSP           C:\windows\system32\drivers\aswSP.sys
16:26:44.0437 0x09f8  aswSP - ok
16:26:44.0464 0x09f8  [ AAB5F5336EDBB5D99CC7E1A9F4D8F63F, 01B40475DCA40E7B426DB0578A33DB62D62640F3A7F9F95A6BBF0AD3CF0F2941 ] aswStm          C:\windows\system32\drivers\aswStm.sys
16:26:44.0468 0x09f8  aswStm - ok
16:26:44.0490 0x09f8  [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
16:26:44.0498 0x09f8  aswVmm - ok
16:26:44.0546 0x09f8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
16:26:44.0549 0x09f8  AsyncMac - ok
16:26:44.0605 0x09f8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\windows\system32\drivers\atapi.sys
16:26:44.0610 0x09f8  atapi - ok
16:26:44.0698 0x09f8  [ 7C5D273E29DCC5505469B299C6F29163, 206CAB85CE12A3953F0861C811575DC7FD000147436219EEE334584A33370B3A ] AtiPcie         C:\windows\system32\DRIVERS\AtiPcie.sys
16:26:44.0703 0x09f8  AtiPcie - ok
16:26:44.0784 0x09f8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
16:26:44.0812 0x09f8  AudioEndpointBuilder - ok
16:26:44.0843 0x09f8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\windows\System32\Audiosrv.dll
16:26:44.0862 0x09f8  AudioSrv - ok
16:26:44.0962 0x09f8  [ D74884939D53612FD84AC82C59CCFE27, 07BFB34A3748E018C0A674A6253A03FFA522B31AE1942E84B3CC4DDDED9C16A9 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:26:44.0968 0x09f8  avast! Antivirus - ok
16:26:44.0999 0x09f8  [ 1247D6B0F35AA93774CFBFD73203D857, 96C953BC223BB17DDBACB131693920AF53A9BF36155266EDFE61FC060A14D4B7 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe
16:26:45.0005 0x09f8  avast! Firewall - ok
16:26:45.0055 0x09f8  [ 27CA53E91543B800E16129BCEC3247AD, D13DAF369EDEC383377A7FCE4AA997F8EA6740D18819BBEBAEC0C09C41F700B8 ] Avgdiska        C:\windows\system32\DRIVERS\avgdiska.sys
16:26:45.0061 0x09f8  Avgdiska - ok
16:26:45.0283 0x09f8  [ F89B2DACE0FBE54CF65D12B7081C19C3, 64BBA5A29948ABFADB8865CE0D7D0259AB291B8DA04786AB351055D57B49D439 ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
16:26:45.0419 0x09f8  AVGIDSAgent - ok
16:26:45.0492 0x09f8  [ 57250DDDE2523115D0927DBBA745F9FA, 0560733DBECC074016532ABCF2B2428DBA689A9B930993E7544A2D50B0DCAFA9 ] AVGIDSDriver    C:\windows\system32\DRIVERS\avgidsdrivera.sys
16:26:45.0500 0x09f8  AVGIDSDriver - ok
16:26:45.0551 0x09f8  [ 19AD820FC44AA71EDD1BC70B6E3F36B0, 997CA09273476881E4F824803B769BF3B67CC5ADAE8B99EBBD7A72C2205C3153 ] AVGIDSHA        C:\windows\system32\DRIVERS\avgidsha.sys
16:26:45.0558 0x09f8  AVGIDSHA - ok
16:26:45.0580 0x09f8  [ 4BE8BB177B4C2BC3564845EF6D1073F1, 4ACA54EA54F5ABA96A73BD83C0C5A83C37090FEB7CBE67AE94E9CD3E364931C8 ] Avgldx64        C:\windows\system32\DRIVERS\avgldx64.sys
16:26:45.0588 0x09f8  Avgldx64 - ok
16:26:45.0644 0x09f8  [ D3772CC086FB81F76B5A82C85E1C7C8E, B1BEFD7AC658F28AECEF5468F5815504BDDC8A4203207B6F0CA53C5B216F782D ] Avgloga         C:\windows\system32\DRIVERS\avgloga.sys
16:26:45.0654 0x09f8  Avgloga - ok
16:26:45.0687 0x09f8  [ A0BCE5DC2C1F1EE5C1CA19A33375AC23, 517663AEDD7A45607E17910DE60B2847E521472F9C0AB56034617BE2F351DE8D ] Avgmfx64        C:\windows\system32\DRIVERS\avgmfx64.sys
16:26:45.0693 0x09f8  Avgmfx64 - ok
16:26:45.0714 0x09f8  [ 12FAAF366975B2BF2E93F1866C0E480D, 559480A1434E6805CF4F3DB5352E98387053194BB7B0DB18099B53D306D9951D ] Avgrkx64        C:\windows\system32\DRIVERS\avgrkx64.sys
16:26:45.0717 0x09f8  Avgrkx64 - ok
16:26:45.0745 0x09f8  [ 4E364FABBD147F59E5D524C9EA86D772, 5D2B1E35EDBF68C23C5BF38B8B7AC484E3430219E0072C4831F58A9E8386A5FD ] Avgtdia         C:\windows\system32\DRIVERS\avgtdia.sys
16:26:45.0754 0x09f8  Avgtdia - ok
16:26:45.0784 0x09f8  [ A1F53D2A00E64679A1D81B61D2333D06, 41D4F252693A2382A1C1FB85A49DF5AAB5B21620DC09A0E1A7F66A437E3A0B3B ] avgtp           C:\windows\system32\drivers\avgtpx64.sys
16:26:45.0787 0x09f8  avgtp - ok
16:26:45.0838 0x09f8  [ B747B6BB015E552F49C634BB19540F3D, 5000AD41BD101BC06D595484B6E58DEEBB962939ACF4B24DE515771D1C4AE3ED ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
16:26:45.0850 0x09f8  avgwd - ok
16:26:45.0879 0x09f8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\windows\System32\AxInstSV.dll
16:26:45.0884 0x09f8  AxInstSV - ok
16:26:45.0925 0x09f8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\windows\system32\DRIVERS\bxvbda.sys
16:26:45.0940 0x09f8  b06bdrv - ok
16:26:45.0981 0x09f8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
16:26:45.0991 0x09f8  b57nd60a - ok
16:26:46.0018 0x09f8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\windows\System32\bdesvc.dll
16:26:46.0023 0x09f8  BDESVC - ok
16:26:46.0041 0x09f8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\windows\system32\drivers\Beep.sys
16:26:46.0043 0x09f8  Beep - ok
16:26:46.0129 0x09f8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\windows\System32\bfe.dll
16:26:46.0151 0x09f8  BFE - ok
16:26:46.0314 0x09f8  [ 446B2C459A7D11CD71350235D6977E2A, C19405925EC02A108A1F2C52036FAC64A2ED3FCEF0F29547DBAED25E196F0557 ] BHDrvx64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
16:26:46.0344 0x09f8  BHDrvx64 - ok
16:26:46.0406 0x09f8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\windows\System32\qmgr.dll
16:26:46.0435 0x09f8  BITS - ok
16:26:46.0462 0x09f8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
16:26:46.0467 0x09f8  blbdrive - ok
16:26:46.0514 0x09f8  [ 3F56903E124E820AEECE6D471583C6C1, B3C045AFACC8A8F5DC289ADE9ACFB2FE7F9CA24A900BBAED47E2A63837208CB3 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
16:26:46.0522 0x09f8  Bonjour Service - ok
16:26:46.0565 0x09f8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
16:26:46.0570 0x09f8  bowser - ok
16:26:46.0589 0x09f8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\windows\system32\DRIVERS\BrFiltLo.sys
16:26:46.0592 0x09f8  BrFiltLo - ok
16:26:46.0598 0x09f8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\windows\system32\DRIVERS\BrFiltUp.sys
16:26:46.0601 0x09f8  BrFiltUp - ok
16:26:46.0651 0x09f8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\windows\System32\browser.dll
16:26:46.0657 0x09f8  Browser - ok
16:26:46.0694 0x09f8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\windows\System32\Drivers\Brserid.sys
16:26:46.0705 0x09f8  Brserid - ok
16:26:46.0715 0x09f8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
16:26:46.0719 0x09f8  BrSerWdm - ok
16:26:46.0751 0x09f8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
16:26:46.0754 0x09f8  BrUsbMdm - ok
16:26:46.0762 0x09f8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
16:26:46.0765 0x09f8  BrUsbSer - ok
16:26:46.0780 0x09f8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\windows\system32\DRIVERS\bthmodem.sys
16:26:46.0784 0x09f8  BTHMODEM - ok
16:26:46.0807 0x09f8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\windows\system32\bthserv.dll
16:26:46.0812 0x09f8  bthserv - ok
16:26:46.0893 0x09f8  [ 37F1BAEC39B505B3B51893A35C8337EA, C202362CD313B457937A3134463AC8143A19D1024EA6A3192D648DCE46D40AD3 ] ccHP            C:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
16:26:46.0911 0x09f8  ccHP - ok
16:26:47.0017 0x09f8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
16:26:47.0066 0x09f8  cdfs - ok
16:26:47.0156 0x09f8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
16:26:47.0181 0x09f8  cdrom - ok
16:26:47.0208 0x09f8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\windows\System32\certprop.dll
16:26:47.0212 0x09f8  CertPropSvc - ok
16:26:47.0241 0x09f8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\windows\system32\DRIVERS\circlass.sys
16:26:47.0244 0x09f8  circlass - ok
16:26:47.0289 0x09f8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\windows\system32\CLFS.sys
16:26:47.0301 0x09f8  CLFS - ok
16:26:47.0358 0x09f8  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:26:47.0368 0x09f8  clr_optimization_v2.0.50727_32 - ok
16:26:47.0422 0x09f8  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:26:47.0434 0x09f8  clr_optimization_v2.0.50727_64 - ok
16:26:47.0499 0x09f8  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:26:47.0547 0x09f8  clr_optimization_v4.0.30319_32 - ok
16:26:47.0584 0x09f8  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:26:47.0591 0x09f8  clr_optimization_v4.0.30319_64 - ok
16:26:47.0619 0x09f8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
16:26:47.0622 0x09f8  CmBatt - ok
16:26:47.0650 0x09f8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\windows\system32\drivers\cmdide.sys
16:26:47.0653 0x09f8  cmdide - ok
16:26:47.0701 0x09f8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\windows\system32\Drivers\cng.sys
16:26:47.0716 0x09f8  CNG - ok
16:26:47.0766 0x09f8  [ E10C47A06EFDCD635940B6849F3654B4, 004912E150C25FC5F871F0428B7B03183DFE6872A51941A3384F7ADE4901DBF8 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
16:26:47.0788 0x09f8  CnxtHdAudService - ok
16:26:47.0822 0x09f8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\windows\system32\DRIVERS\compbatt.sys
16:26:47.0825 0x09f8  Compbatt - ok
16:26:47.0863 0x09f8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
16:26:47.0866 0x09f8  CompositeBus - ok
16:26:47.0871 0x09f8  COMSysApp - ok
16:26:47.0894 0x09f8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\windows\system32\DRIVERS\crcdisk.sys
16:26:47.0897 0x09f8  crcdisk - ok
16:26:47.0945 0x09f8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\windows\system32\cryptsvc.dll
16:26:47.0952 0x09f8  CryptSvc - ok
16:26:47.0996 0x09f8  [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm         C:\windows\system32\DRIVERS\ctxusbm.sys
16:26:48.0000 0x09f8  ctxusbm - ok
16:26:48.0074 0x09f8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\windows\system32\rpcss.dll
16:26:48.0099 0x09f8  DcomLaunch - ok
16:26:48.0140 0x09f8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\windows\System32\defragsvc.dll
16:26:48.0154 0x09f8  defragsvc - ok
16:26:48.0197 0x09f8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\windows\system32\Drivers\dfsc.sys
16:26:48.0202 0x09f8  DfsC - ok
16:26:48.0232 0x09f8  [ F617617E9484F1575E15C7FC6CB46523, FCDDB0BB38E6E9C8EC93AEB37DD80061993A235C428C5B4D7AEF1C7517C372F4 ] dg_ssudbus      C:\windows\system32\DRIVERS\ssudbus.sys
16:26:48.0238 0x09f8  dg_ssudbus - ok
16:26:48.0289 0x09f8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\windows\system32\dhcpcore.dll
16:26:48.0300 0x09f8  Dhcp - ok
16:26:48.0328 0x09f8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\windows\system32\drivers\discache.sys
16:26:48.0330 0x09f8  discache - ok
16:26:48.0344 0x09f8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\windows\system32\DRIVERS\disk.sys
16:26:48.0348 0x09f8  Disk - ok
16:26:48.0385 0x09f8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\windows\System32\dnsrslvr.dll
16:26:48.0392 0x09f8  Dnscache - ok
16:26:48.0453 0x09f8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\windows\System32\dot3svc.dll
16:26:48.0467 0x09f8  dot3svc - ok
16:26:48.0500 0x09f8  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys
16:26:48.0510 0x09f8  Dot4 - ok
16:26:48.0556 0x09f8  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\windows\system32\drivers\Dot4Prt.sys
16:26:48.0562 0x09f8  Dot4Print - ok
16:26:48.0599 0x09f8  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys
16:26:48.0602 0x09f8  dot4usb - ok
16:26:48.0652 0x09f8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\windows\system32\dps.dll
16:26:48.0668 0x09f8  DPS - ok
16:26:48.0720 0x09f8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
16:26:48.0723 0x09f8  drmkaud - ok
16:26:48.0817 0x09f8  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
16:26:48.0848 0x09f8  DXGKrnl - ok
16:26:48.0873 0x09f8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\windows\System32\eapsvc.dll
16:26:48.0879 0x09f8  EapHost - ok
16:26:49.0039 0x09f8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\windows\system32\DRIVERS\evbda.sys
16:26:49.0189 0x09f8  ebdrv - ok
16:26:49.0269 0x09f8  [ 066108AE4C35835081598827A1A7D08D, DB32304EBD63E6D71F4B500A4BCB566D2CC6E9D9115D1FB9DA816C4BA8C6F65E ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:26:49.0285 0x09f8  eeCtrl - ok
16:26:49.0321 0x09f8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\windows\System32\lsass.exe
16:26:49.0326 0x09f8  EFS - ok
16:26:49.0429 0x09f8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
16:26:49.0456 0x09f8  ehRecvr - ok
16:26:49.0489 0x09f8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\windows\ehome\ehsched.exe
16:26:49.0495 0x09f8  ehSched - ok
16:26:49.0538 0x09f8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\windows\system32\DRIVERS\elxstor.sys
16:26:49.0571 0x09f8  elxstor - ok
16:26:49.0612 0x09f8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\windows\system32\drivers\errdev.sys
16:26:49.0614 0x09f8  ErrDev - ok
16:26:49.0662 0x09f8  [ DF96C3CD6AE15F6D0A6BCB70F9C1E88D, 4D9E779684D19137D43472CA18C8A955AD29C82C5F9D7C7E248A1400EE40EE59 ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
16:26:49.0667 0x09f8  esgiguard - ok
16:26:49.0708 0x09f8  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\windows\system32\DRIVERS\EsgScanner.sys
16:26:49.0711 0x09f8  EsgScanner - ok
16:26:49.0758 0x09f8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\windows\system32\es.dll
16:26:49.0773 0x09f8  EventSystem - ok
16:26:49.0800 0x09f8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\windows\system32\drivers\exfat.sys
16:26:49.0807 0x09f8  exfat - ok
16:26:49.0853 0x09f8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\windows\system32\drivers\fastfat.sys
16:26:49.0861 0x09f8  fastfat - ok
16:26:49.0920 0x09f8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\windows\system32\fxssvc.exe
16:26:49.0942 0x09f8  Fax - ok
16:26:49.0958 0x09f8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\windows\system32\DRIVERS\fdc.sys
16:26:49.0961 0x09f8  fdc - ok
16:26:49.0991 0x09f8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\windows\system32\fdPHost.dll
16:26:49.0995 0x09f8  fdPHost - ok
16:26:50.0015 0x09f8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\windows\system32\fdrespub.dll
16:26:50.0019 0x09f8  FDResPub - ok
16:26:50.0041 0x09f8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
16:26:50.0046 0x09f8  FileInfo - ok
16:26:50.0062 0x09f8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
16:26:50.0066 0x09f8  Filetrace - ok
16:26:50.0071 0x09f8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\windows\system32\DRIVERS\flpydisk.sys
16:26:50.0075 0x09f8  flpydisk - ok
16:26:50.0120 0x09f8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
16:26:50.0130 0x09f8  FltMgr - ok
16:26:50.0225 0x09f8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\windows\system32\FntCache.dll
16:26:50.0263 0x09f8  FontCache - ok
16:26:50.0308 0x09f8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:26:50.0311 0x09f8  FontCache3.0.0.0 - ok
16:26:50.0340 0x09f8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
16:26:50.0344 0x09f8  FsDepends - ok
16:26:50.0391 0x09f8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
16:26:50.0396 0x09f8  Fs_Rec - ok
16:26:50.0443 0x09f8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
16:26:50.0453 0x09f8  fvevol - ok
16:26:50.0477 0x09f8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\windows\system32\DRIVERS\gagp30kx.sys
16:26:50.0481 0x09f8  gagp30kx - ok
16:26:50.0539 0x09f8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\windows\System32\gpsvc.dll
16:26:50.0564 0x09f8  gpsvc - ok
16:26:50.0658 0x09f8  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:26:50.0670 0x09f8  gupdate - ok
16:26:50.0683 0x09f8  [ 8F0DE4FEF8201E306F9938B0905AC96A, CA7153FE0C037D79FBF7CE0E090D741FB52BCCBBBD4CA505EF4849A0C4199F72 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:26:50.0709 0x09f8  gupdatem - ok
16:26:50.0761 0x09f8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:26:50.0769 0x09f8  gusvc - ok
16:26:50.0803 0x09f8  [ 161E84B112E9EF5C6387CC2B28020949, 3D0C801D8E889272E2C34ADE6DC156D3165699D32E92948F0AF57E1C11736D0E ] HBtnKey         C:\windows\system32\DRIVERS\wstbtndb.sys
16:26:50.0806 0x09f8  HBtnKey - ok
16:26:50.0831 0x09f8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
16:26:50.0834 0x09f8  hcw85cir - ok
16:26:50.0876 0x09f8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
16:26:50.0888 0x09f8  HdAudAddService - ok
16:26:50.0936 0x09f8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
16:26:50.0941 0x09f8  HDAudBus - ok
16:26:50.0956 0x09f8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\windows\system32\DRIVERS\HidBatt.sys
16:26:50.0960 0x09f8  HidBatt - ok
16:26:50.0983 0x09f8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\windows\system32\DRIVERS\hidbth.sys
16:26:50.0988 0x09f8  HidBth - ok
16:26:51.0006 0x09f8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\windows\system32\DRIVERS\hidir.sys
16:26:51.0009 0x09f8  HidIr - ok
16:26:51.0042 0x09f8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\windows\system32\hidserv.dll
16:26:51.0046 0x09f8  hidserv - ok
16:26:51.0076 0x09f8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\windows\system32\drivers\hidusb.sys
16:26:51.0079 0x09f8  HidUsb - ok
16:26:51.0120 0x09f8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\windows\system32\kmsvc.dll
16:26:51.0125 0x09f8  hkmsvc - ok
16:26:51.0167 0x09f8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
16:26:51.0177 0x09f8  HomeGroupListener - ok
16:26:51.0219 0x09f8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
16:26:51.0228 0x09f8  HomeGroupProvider - ok
16:26:51.0254 0x09f8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
16:26:51.0258 0x09f8  HpSAMD - ok
16:26:51.0313 0x09f8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\windows\system32\drivers\HTTP.sys
16:26:51.0336 0x09f8  HTTP - ok
16:26:51.0377 0x09f8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
16:26:51.0382 0x09f8  hwpolicy - ok
16:26:51.0421 0x09f8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
16:26:51.0427 0x09f8  i8042prt - ok
16:26:51.0556 0x09f8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
16:26:51.0575 0x09f8  iaStorV - ok
16:26:51.0628 0x09f8  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:26:51.0636 0x09f8  IDriverT - ok
16:26:51.0764 0x09f8  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:26:51.0791 0x09f8  idsvc - ok
16:26:51.0897 0x09f8  [ 6F9B281BC4AFFF5FE784D7DA699D347F, B4EC8DF0160980BE4E4D4E81E84736D9BFFF6531CDD5C9B2D1147F61F3719D62 ] IDSVia64        C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20110112.001\IDSvia64.sys
16:26:51.0919 0x09f8  IDSVia64 - ok
16:26:51.0926 0x09f8  IEEtwCollectorService - ok
16:26:51.0951 0x09f8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\windows\system32\DRIVERS\iirsp.sys
16:26:51.0955 0x09f8  iirsp - ok
16:26:52.0061 0x09f8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\windows\System32\ikeext.dll
16:26:52.0089 0x09f8  IKEEXT - ok
16:26:52.0134 0x09f8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\windows\system32\drivers\intelide.sys
16:26:52.0137 0x09f8  intelide - ok
16:26:52.0163 0x09f8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
16:26:52.0167 0x09f8  intelppm - ok
16:26:52.0215 0x09f8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\windows\system32\ipbusenum.dll
16:26:52.0251 0x09f8  IPBusEnum - ok
16:26:52.0288 0x09f8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
16:26:52.0292 0x09f8  IpFilterDriver - ok
16:26:52.0364 0x09f8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
16:26:52.0383 0x09f8  iphlpsvc - ok
16:26:52.0433 0x09f8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
16:26:52.0438 0x09f8  IPMIDRV - ok
16:26:52.0473 0x09f8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\windows\system32\drivers\ipnat.sys
16:26:52.0478 0x09f8  IPNAT - ok
16:26:52.0498 0x09f8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\windows\system32\drivers\irenum.sys
16:26:52.0501 0x09f8  IRENUM - ok
16:26:52.0556 0x09f8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\windows\system32\drivers\isapnp.sys
16:26:52.0559 0x09f8  isapnp - ok
16:26:52.0617 0x09f8  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
16:26:52.0634 0x09f8  iScsiPrt - ok
16:26:52.0658 0x09f8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
16:26:52.0662 0x09f8  kbdclass - ok
16:26:52.0707 0x09f8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys
16:26:52.0710 0x09f8  kbdhid - ok
16:26:52.0732 0x09f8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\windows\system32\lsass.exe
16:26:52.0737 0x09f8  KeyIso - ok
16:26:52.0859 0x09f8  [ F8D454FBA97DC28F02931C588BAFE4CF, F853A714BC790F97E3C2FE94683E92A18B18B7448CD7E5D517171C6008930B88 ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe
16:26:52.0875 0x09f8  Kodak AiO Network Discovery Service - ok
16:26:52.0903 0x09f8  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
16:26:52.0908 0x09f8  KSecDD - ok
16:26:52.0925 0x09f8  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
16:26:52.0932 0x09f8  KSecPkg - ok
16:26:52.0956 0x09f8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
16:26:52.0959 0x09f8  ksthunk - ok
16:26:52.0995 0x09f8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\windows\system32\msdtckrm.dll
16:26:53.0010 0x09f8  KtmRm - ok
16:26:53.0044 0x09f8  [ 55480B9C63F3F91A8EBBADCBF28FE581, 5B4BC3F0307B0697DD08DD8AAD4B9EAE99EDD3B33B85D9293D183684D5057293 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
16:26:53.0049 0x09f8  L1C - ok
16:26:53.0090 0x09f8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\windows\system32\srvsvc.dll
16:26:53.0101 0x09f8  LanmanServer - ok
16:26:53.0152 0x09f8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
16:26:53.0171 0x09f8  LanmanWorkstation - ok
16:26:53.0199 0x09f8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
16:26:53.0203 0x09f8  lltdio - ok
16:26:53.0249 0x09f8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\windows\System32\lltdsvc.dll
16:26:53.0261 0x09f8  lltdsvc - ok
16:26:53.0285 0x09f8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\windows\System32\lmhsvc.dll
16:26:53.0289 0x09f8  lmhosts - ok
16:26:53.0319 0x09f8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\windows\system32\DRIVERS\lsi_fc.sys
16:26:53.0324 0x09f8  LSI_FC - ok
16:26:53.0364 0x09f8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\windows\system32\DRIVERS\lsi_sas.sys
16:26:53.0369 0x09f8  LSI_SAS - ok
16:26:53.0392 0x09f8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\windows\system32\DRIVERS\lsi_sas2.sys
16:26:53.0396 0x09f8  LSI_SAS2 - ok
16:26:53.0412 0x09f8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\windows\system32\DRIVERS\lsi_scsi.sys
16:26:53.0418 0x09f8  LSI_SCSI - ok
16:26:53.0439 0x09f8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\windows\system32\drivers\luafv.sys
16:26:53.0445 0x09f8  luafv - ok
16:26:53.0506 0x09f8  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
16:26:53.0509 0x09f8  MBAMProtector - ok
16:26:53.0581 0x09f8  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:26:53.0595 0x09f8  MBAMScheduler - ok
16:26:53.0638 0x09f8  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:26:53.0659 0x09f8  MBAMService - ok
16:26:53.0702 0x09f8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
16:26:53.0713 0x09f8  Mcx2Svc - ok
16:26:53.0740 0x09f8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\windows\system32\DRIVERS\megasas.sys
16:26:53.0772 0x09f8  megasas - ok
16:26:53.0797 0x09f8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\windows\system32\DRIVERS\MegaSR.sys
16:26:53.0809 0x09f8  MegaSR - ok
16:26:53.0853 0x09f8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\windows\system32\mmcss.dll
16:26:53.0859 0x09f8  MMCSS - ok
16:26:53.0879 0x09f8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\windows\system32\drivers\modem.sys
16:26:53.0883 0x09f8  Modem - ok
16:26:53.0903 0x09f8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\windows\system32\DRIVERS\monitor.sys
16:26:53.0906 0x09f8  monitor - ok
16:26:53.0941 0x09f8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
16:26:53.0945 0x09f8  mouclass - ok
16:26:53.0964 0x09f8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
16:26:53.0968 0x09f8  mouhid - ok
16:26:54.0006 0x09f8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
16:26:54.0011 0x09f8  mountmgr - ok
16:26:54.0081 0x09f8  [ A7A117CB1104D0829466F48E17BE0A71, 040F18FC1AF72BE2B7123170C2F5F131A9518B8AA57C20F23203625D213C792B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:26:54.0093 0x09f8  MozillaMaintenance - ok
16:26:54.0144 0x09f8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\windows\system32\drivers\mpio.sys
16:26:54.0152 0x09f8  mpio - ok
16:26:54.0190 0x09f8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
16:26:54.0196 0x09f8  mpsdrv - ok
16:26:54.0275 0x09f8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\windows\system32\mpssvc.dll
16:26:54.0303 0x09f8  MpsSvc - ok
16:26:54.0344 0x09f8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
16:26:54.0350 0x09f8  MRxDAV - ok
16:26:54.0388 0x09f8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
16:26:54.0394 0x09f8  mrxsmb - ok
16:26:54.0431 0x09f8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
16:26:54.0442 0x09f8  mrxsmb10 - ok
16:26:54.0456 0x09f8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
16:26:54.0462 0x09f8  mrxsmb20 - ok
16:26:54.0497 0x09f8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\windows\system32\drivers\msahci.sys
16:26:54.0500 0x09f8  msahci - ok
16:26:54.0561 0x09f8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\windows\system32\drivers\msdsm.sys
16:26:54.0574 0x09f8  msdsm - ok
16:26:54.0603 0x09f8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\windows\System32\msdtc.exe
16:26:54.0612 0x09f8  MSDTC - ok
16:26:54.0657 0x09f8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\windows\system32\drivers\Msfs.sys
16:26:54.0660 0x09f8  Msfs - ok
16:26:54.0706 0x09f8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
16:26:54.0711 0x09f8  mshidkmdf - ok
16:26:54.0759 0x09f8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
16:26:54.0762 0x09f8  msisadrv - ok
16:26:54.0817 0x09f8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
16:26:54.0825 0x09f8  MSiSCSI - ok
16:26:54.0832 0x09f8  msiserver - ok
16:26:54.0872 0x09f8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
16:26:54.0875 0x09f8  MSKSSRV - ok
16:26:54.0907 0x09f8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
16:26:54.0910 0x09f8  MSPCLOCK - ok
16:26:54.0930 0x09f8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
16:26:54.0932 0x09f8  MSPQM - ok
16:26:54.0982 0x09f8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
16:26:54.0995 0x09f8  MsRPC - ok
16:26:55.0026 0x09f8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
16:26:55.0029 0x09f8  mssmbios - ok
16:26:55.0058 0x09f8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
16:26:55.0061 0x09f8  MSTEE - ok
16:26:55.0083 0x09f8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\windows\system32\DRIVERS\MTConfig.sys
16:26:55.0086 0x09f8  MTConfig - ok
16:26:55.0109 0x09f8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\windows\system32\Drivers\mup.sys
16:26:55.0113 0x09f8  Mup - ok
16:26:55.0226 0x09f8  [ D2CB4581FFDFE8BE3EEE16649753F4EE, 8EBE734DCEDAB699C0A19E87EFEB3BBDABB534088B0FE3EC71044C7FAEEDF0B0 ] NanoServiceMain C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
16:26:55.0239 0x09f8  NanoServiceMain - ok
16:26:55.0297 0x09f8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\windows\system32\qagentRT.dll
16:26:55.0321 0x09f8  napagent - ok
16:26:55.0352 0x09f8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
16:26:55.0363 0x09f8  NativeWifiP - ok
16:26:55.0464 0x09f8  [ 9D1CCE440552500DED3A62F9D779CDB4, C6B3B1C891A8BA3F91CC1EC21919C4F80F4C9CAF88971AB6CA11F09820601EBD ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
16:26:55.0484 0x09f8  NAUpdate - ok
16:26:55.0542 0x09f8  [ 7BE93DBB02B66E72872FF76D8A92E662, 5489E40BF1595D8EDC6C142E3F7FFE245E3502433D5E1903F403537796478A24 ] NAVENG          C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110113.018\ENG64.SYS
16:26:55.0553 0x09f8  NAVENG - ok
16:26:55.0674 0x09f8  [ BE99EDBBA322CA59B3F2FE17B9BF987A, CFBBEC938E6125842A049C31BA201001462F9CA7ECF9A211D281552C8AC76CA0 ] NAVEX15         C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20110113.018\EX64.SYS
16:26:55.0728 0x09f8  NAVEX15 - ok
16:26:55.0802 0x09f8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\windows\system32\drivers\ndis.sys
16:26:55.0831 0x09f8  NDIS - ok
16:26:55.0860 0x09f8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
16:26:55.0864 0x09f8  NdisCap - ok
16:26:55.0880 0x09f8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
16:26:55.0883 0x09f8  NdisTapi - ok
16:26:55.0926 0x09f8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
16:26:55.0930 0x09f8  Ndisuio - ok
16:26:55.0971 0x09f8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
16:26:55.0978 0x09f8  NdisWan - ok
16:26:56.0014 0x09f8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
16:26:56.0019 0x09f8  NDProxy - ok
16:26:56.0043 0x09f8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
16:26:56.0047 0x09f8  NetBIOS - ok
16:26:56.0097 0x09f8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
16:26:56.0105 0x09f8  NetBT - ok
16:26:56.0122 0x09f8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\windows\system32\lsass.exe
16:26:56.0127 0x09f8  Netlogon - ok
16:26:56.0161 0x09f8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\windows\System32\netman.dll
16:26:56.0175 0x09f8  Netman - ok
16:26:56.0202 0x09f8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\windows\System32\netprofm.dll
16:26:56.0219 0x09f8  netprofm - ok
16:26:56.0249 0x09f8  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:26:56.0254 0x09f8  NetTcpPortSharing - ok
16:26:56.0293 0x09f8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\windows\system32\DRIVERS\nfrd960.sys
16:26:56.0301 0x09f8  nfrd960 - ok
16:26:56.0438 0x09f8  [ B4187346F54E362DAFFE647B25A58D50, 5890D3B7ED2E15CAC4E1F7EC1B47D48579C8DAE3EEFAC9B29476B0FC48D726DB ] NIS             C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
16:26:56.0449 0x09f8  NIS - ok
16:26:56.0512 0x09f8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\windows\System32\nlasvc.dll
16:26:56.0524 0x09f8  NlaSvc - ok
16:26:56.0607 0x09f8  [ 37B93643A2A003EE25308DDF4EAF8C54, 0643867FE36B5F9691A9FC11C066584CE75C437C53CF17456AA3EEE1998E37D7 ] NNSALPC         C:\windows\system32\DRIVERS\NNSAlpc.sys
16:26:56.0617 0x09f8  NNSALPC - ok
16:26:56.0658 0x09f8  [ B0FA8C7F0451145C1BDB79484FEC3586, D2D3CACE03259CC5FA85A08F776EB2694393C047740156F1979B5F576E4AA211 ] NNSHTTP         C:\windows\system32\DRIVERS\NNSHttp.sys
16:26:56.0666 0x09f8  NNSHTTP - ok
16:26:56.0698 0x09f8  [ 1E599DA97D1A09F54969430AAA106BFA, C90D29DEACFC06D130FB0F4F4263EB9C7DDE939D29E57760816CD60896537F4A ] NNSHTTPS        C:\windows\system32\DRIVERS\NNSHttps.sys
16:26:56.0705 0x09f8  NNSHTTPS - ok
16:26:56.0736 0x09f8  [ 98BDEC322082187674F9764B6C3D3F37, AB02ED80BBA9F5632B09441689F6B806678D472D17F44FC816AC23B9C4E58E4A ] NNSIDS          C:\windows\system32\DRIVERS\NNSIds.sys
16:26:56.0743 0x09f8  NNSIDS - ok
16:26:56.0777 0x09f8  [ 148616C45CC9AB911049CBC8E2B705E9, D99F2A2AF45BD64DAD503C70D4904309B3EA924ADAB21A2EEEDDA5F7CD60ED1B ] NNSPICC         C:\windows\system32\DRIVERS\NNSPicc.sys
16:26:56.0782 0x09f8  NNSPICC - ok
16:26:56.0850 0x09f8  [ 47E510F2699F745581184DBBA24D2148, C8A2DF7C7144FBE5DA8E8798BE9E355BD8C8AF0AAB7E6EDA6702BB24FC9E2A1F ] NNSPIHSW        C:\windows\system32\DRIVERS\NNSPihsw.sys
16:26:56.0854 0x09f8  NNSPIHSW - ok
16:26:56.0884 0x09f8  [ 6CD7D0B3F8F1C1B0CC8D5EA700C16DA5, A4CE2DB19049A8A1B89CFD127B819464D0816BC459E9A0A1F7C29AEF321281D8 ] NNSPOP3         C:\windows\system32\DRIVERS\NNSPop3.sys
16:26:56.0889 0x09f8  NNSPOP3 - ok
16:26:56.0934 0x09f8  [ 6D94915B8EB8FF01664C4170D3AAC994, 89F75C3E71EECF4CAA244DEAA618FB7C1D7FD81FA6DC9E7310868DDC638499FF ] NNSPROT         C:\windows\system32\DRIVERS\NNSProt.sys
16:26:56.0944 0x09f8  NNSPROT - ok
16:26:56.0970 0x09f8  [ 8CDCAD81FB4C3CAA95A6D5F1F189AF4D, 3E55D03D9828CA6137AF1F9ABD563F63C7AEC531BB4DE8161517E6AB31E7E621 ] NNSPRV          C:\windows\system32\DRIVERS\NNSPrv.sys
16:26:56.0976 0x09f8  NNSPRV - ok
16:26:57.0017 0x09f8  [ 22F8E36B153CD61B5FB2A9FE63D0561A, 7CAF77D2FC526DA5FA78BA3B5B9D98FCEB55E9F4820F8DD6101B0BC7315E101F ] NNSSMTP         C:\windows\system32\DRIVERS\NNSSmtp.sys
16:26:57.0023 0x09f8  NNSSMTP - ok
16:26:57.0057 0x09f8  [ 64734FB9136A009E15E01125D11A893A, 1AF5610CDEDE04DB519CB7F0F75DBB0EE7D85F9ACB3630236D58A7F514AD3845 ] NNSSTRM         C:\windows\system32\DRIVERS\NNSStrm.sys
16:26:57.0066 0x09f8  NNSSTRM - ok
16:26:57.0087 0x09f8  [ FA76C90C664963BE96E243E109415717, 61306FAEC6C346D83CECC3F0D50BB4FABBEFA185DAF4EB65E5087D01E008E994 ] NNSTLSC         C:\windows\system32\DRIVERS\NNSTlsc.sys
16:26:57.0092 0x09f8  NNSTLSC - ok
16:26:57.0114 0x09f8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\windows\system32\drivers\Npfs.sys
16:26:57.0118 0x09f8  Npfs - ok
16:26:57.0139 0x09f8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\windows\system32\nsisvc.dll
16:26:57.0143 0x09f8  nsi - ok
16:26:57.0163 0x09f8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
16:26:57.0165 0x09f8  nsiproxy - ok
16:26:57.0281 0x09f8  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
16:26:57.0341 0x09f8  Ntfs - ok
16:26:57.0382 0x09f8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\windows\system32\drivers\Null.sys
16:26:57.0439 0x09f8  Null - ok
16:26:57.0496 0x09f8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\windows\system32\drivers\nvraid.sys
16:26:57.0506 0x09f8  nvraid - ok
16:26:57.0533 0x09f8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\windows\system32\drivers\nvstor.sys
16:26:57.0540 0x09f8  nvstor - ok
16:26:57.0580 0x09f8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
16:26:57.0590 0x09f8  nv_agp - ok
16:26:57.0627 0x09f8  [ 6EEB54E34603DD417ECE187C8402320A, D891806466C64C0168636621B0A15AFBD585827F50184CC484725E90FC87C4FC ] NWADI           C:\windows\system32\DRIVERS\NWADIenum.sys
16:26:57.0636 0x09f8  NWADI - ok
16:26:57.0666 0x09f8  [ D944D4341429093F55CB7F0EC87C86B3, C10BFC706C99E554BB9511E435845CB431E659E9358337243020D42B5E3A352B ] NWUSBCDFIL64    C:\windows\system32\DRIVERS\NwUsbCdFil64.sys
16:26:57.0669 0x09f8  NWUSBCDFIL64 - ok
16:26:57.0709 0x09f8  [ 877CE72712D7860FD815884438D824B8, 31A6B1C84F2935E68A96BBC4592B40F2ACA398537D035BDC6A12F20ED3591A4F ] NWUSBModem_000  C:\windows\system32\DRIVERS\nwusbmdm_000.sys
16:26:57.0717 0x09f8  NWUSBModem_000 - ok
16:26:57.0747 0x09f8  [ 877CE72712D7860FD815884438D824B8, 31A6B1C84F2935E68A96BBC4592B40F2ACA398537D035BDC6A12F20ED3591A4F ] NWUSBPort2_000  C:\windows\system32\DRIVERS\nwusbser2_000.sys
16:26:57.0755 0x09f8  NWUSBPort2_000 - ok
16:26:57.0782 0x09f8  [ 877CE72712D7860FD815884438D824B8, 31A6B1C84F2935E68A96BBC4592B40F2ACA398537D035BDC6A12F20ED3591A4F ] NWUSBPort_000   C:\windows\system32\DRIVERS\nwusbser_000.sys
16:26:57.0790 0x09f8  NWUSBPort_000 - ok
16:26:57.0841 0x09f8  [ 6F67805EBE1C879DE008ED21BFCF2F02, 4B143B54FFE15088F695850E97A97EE19A6B697D5729832EA3898775CB28F621 ] NWVZHelper      C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
16:26:57.0851 0x09f8  NWVZHelper - ok
16:26:57.0947 0x09f8  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:26:57.0962 0x09f8  odserv - ok
16:26:58.0027 0x09f8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
16:26:58.0032 0x09f8  ohci1394 - ok
16:26:58.0064 0x09f8  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:26:58.0070 0x09f8  ose - ok
16:26:58.0114 0x09f8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
16:26:58.0128 0x09f8  p2pimsvc - ok
16:26:58.0157 0x09f8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\windows\system32\p2psvc.dll
16:26:58.0174 0x09f8  p2psvc - ok
16:26:58.0205 0x09f8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\windows\system32\DRIVERS\parport.sys
16:26:58.0210 0x09f8  Parport - ok
16:26:58.0246 0x09f8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\windows\system32\drivers\partmgr.sys
16:26:58.0250 0x09f8  partmgr - ok
16:26:58.0278 0x09f8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\windows\System32\pcasvc.dll
16:26:58.0288 0x09f8  PcaSvc - ok
16:26:58.0346 0x09f8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\windows\system32\drivers\pci.sys
16:26:58.0361 0x09f8  pci - ok
16:26:58.0393 0x09f8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\windows\system32\drivers\pciide.sys
16:26:58.0395 0x09f8  pciide - ok
16:26:58.0434 0x09f8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\windows\system32\DRIVERS\pcmcia.sys
16:26:58.0443 0x09f8  pcmcia - ok
16:26:58.0471 0x09f8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\windows\system32\drivers\pcw.sys
16:26:58.0475 0x09f8  pcw - ok
16:26:58.0521 0x09f8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\windows\system32\drivers\peauth.sys
16:26:58.0542 0x09f8  PEAUTH - ok
16:26:58.0680 0x09f8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\windows\SysWow64\perfhost.exe
16:26:58.0686 0x09f8  PerfHost - ok
16:26:58.0748 0x09f8  [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
16:26:58.0751 0x09f8  PGEffect - ok
16:26:58.0849 0x09f8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\windows\system32\pla.dll
16:26:58.0895 0x09f8  pla - ok
16:26:58.0986 0x09f8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
16:26:59.0002 0x09f8  PlugPlay - ok
16:26:59.0027 0x09f8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
16:26:59.0032 0x09f8  PNRPAutoReg - ok
16:26:59.0069 0x09f8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
16:26:59.0083 0x09f8  PNRPsvc - ok
16:26:59.0121 0x09f8  [ B8D8EC78B0F9ED8E220506181274F3D3, D920277EE66AAAB6D66BF328DD5A40DDD8382BF4F331EAB398069EDB842FF18E ] Point64         C:\windows\system32\DRIVERS\point64.sys
16:26:59.0124 0x09f8  Point64 - ok
16:26:59.0183 0x09f8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
16:26:59.0201 0x09f8  PolicyAgent - ok
16:26:59.0237 0x09f8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\windows\system32\umpo.dll
16:26:59.0247 0x09f8  Power - ok
16:26:59.0284 0x09f8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
16:26:59.0290 0x09f8  PptpMiniport - ok
16:26:59.0326 0x09f8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\windows\system32\DRIVERS\processr.sys
16:26:59.0330 0x09f8  Processor - ok
16:26:59.0374 0x09f8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\windows\system32\profsvc.dll
16:26:59.0385 0x09f8  ProfSvc - ok
16:26:59.0400 0x09f8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
16:26:59.0404 0x09f8  ProtectedStorage - ok
16:26:59.0439 0x09f8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\windows\system32\DRIVERS\pacer.sys
16:26:59.0445 0x09f8  Psched - ok
16:26:59.0490 0x09f8  [ 201F907C39AC583EB2A36F6CC38AF683, B1E455810DF23474FAB4A1034EA8D2864CF9E0669F160DD6CDA803EC87533C3D ] PSINAflt        C:\windows\system32\DRIVERS\PSINAflt.sys
16:26:59.0498 0x09f8  PSINAflt - ok
16:26:59.0528 0x09f8  [ 21EA387741A29F20CA9F9009D5AF6109, 0CABB89CFE5BA889B63FCAE6B63916AF7970ECDC3772D629BE5B45FE9797B60F ] PSINFile        C:\windows\system32\DRIVERS\PSINFile.sys
16:26:59.0534 0x09f8  PSINFile - ok
16:26:59.0571 0x09f8  [ 21B20706576D006954ABD601F1CA68A8, 2457DF703B056369610381D7588A92C6ED16858F46F1D20E720D19DEC55C2423 ] PSINKNC         C:\windows\system32\DRIVERS\psinknc.sys
16:26:59.0579 0x09f8  PSINKNC - ok
16:26:59.0610 0x09f8  [ 75C064F6AACFE6E2786C8128EC0A0B4F, 90A72A071E87EB8984BA23536F8C5435BAAA04196441F98148DF76225FC64AEA ] PSINProc        C:\windows\system32\DRIVERS\PSINProc.sys
16:26:59.0615 0x09f8  PSINProc - ok
16:26:59.0641 0x09f8  [ 47A171CEAC14628390F3DACA9C20D9C3, C6D17519F87AD38240885720B820983E9A2DC0E6A06B88C9D82D3441F6FFB92F ] PSINProt        C:\windows\system32\DRIVERS\PSINProt.sys
16:26:59.0647 0x09f8  PSINProt - ok
16:26:59.0686 0x09f8  [ 0F9171CFB4D6A0179A13C951A9ACEA47, EB0663497555C9E32A2B4C5200D842068F7BF0FC0D325028BCB335141FEC7677 ] PSINReg         C:\windows\system32\DRIVERS\PSINReg.sys
16:26:59.0692 0x09f8  PSINReg - ok
16:26:59.0755 0x09f8  [ D6C6BAE38CFEDCF3F7E046A5A72528FD, B012699571ED38E2BE909CEC81674C563C2DAAA18701AC03AE96176BA57BCF47 ] PSKMAD          C:\windows\system32\DRIVERS\PSKMAD.sys
16:26:59.0759 0x09f8  PSKMAD - ok
16:26:59.0784 0x09f8  [ 06F5EFBE02C40E3BE7E916EBAB387F6D, 21741628F307387C42FAB8B37C8F9D58E02533AA4D96004B166455CBCDF117A1 ] PSUAService     C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
16:26:59.0788 0x09f8  PSUAService - ok
16:26:59.0833 0x09f8  [ C8FCB4899F8B70CC34E0D9876A80963C, E4CFC69C3EE1BC5C0FFF96CE034EAD8DD9727DA165A790CB57979AA0A6CEE350 ] QIOMem          C:\windows\system32\DRIVERS\QIOMem.sys
16:26:59.0836 0x09f8  QIOMem - ok
16:26:59.0932 0x09f8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\windows\system32\DRIVERS\ql2300.sys
16:26:59.0980 0x09f8  ql2300 - ok
16:27:00.0004 0x09f8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\windows\system32\DRIVERS\ql40xx.sys
16:27:00.0010 0x09f8  ql40xx - ok
16:27:00.0050 0x09f8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\windows\system32\qwave.dll
16:27:00.0062 0x09f8  QWAVE - ok
16:27:00.0090 0x09f8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
16:27:00.0094 0x09f8  QWAVEdrv - ok
16:27:00.0112 0x09f8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
16:27:00.0115 0x09f8  RasAcd - ok
16:27:00.0144 0x09f8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
16:27:00.0149 0x09f8  RasAgileVpn - ok
16:27:00.0170 0x09f8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\windows\System32\rasauto.dll
16:27:00.0178 0x09f8  RasAuto - ok
16:27:00.0218 0x09f8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
16:27:00.0224 0x09f8  Rasl2tp - ok
16:27:00.0279 0x09f8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\windows\System32\rasmans.dll
16:27:00.0293 0x09f8  RasMan - ok
16:27:00.0316 0x09f8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
16:27:00.0322 0x09f8  RasPppoe - ok
16:27:00.0340 0x09f8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
16:27:00.0345 0x09f8  RasSstp - ok
16:27:00.0371 0x09f8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
16:27:00.0383 0x09f8  rdbss - ok
16:27:00.0417 0x09f8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\windows\system32\DRIVERS\rdpbus.sys
16:27:00.0420 0x09f8  rdpbus - ok
16:27:00.0440 0x09f8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
16:27:00.0442 0x09f8  RDPCDD - ok
16:27:00.0467 0x09f8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
16:27:00.0469 0x09f8  RDPENCDD - ok
16:27:00.0490 0x09f8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
16:27:00.0493 0x09f8  RDPREFMP - ok
16:27:00.0543 0x09f8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
16:27:00.0551 0x09f8  RDPWD - ok
16:27:00.0635 0x09f8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
16:27:00.0644 0x09f8  rdyboost - ok
16:27:00.0701 0x09f8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\windows\System32\mprdim.dll
16:27:00.0707 0x09f8  RemoteAccess - ok
16:27:00.0738 0x09f8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\windows\system32\regsvc.dll
16:27:00.0748 0x09f8  RemoteRegistry - ok
16:27:00.0774 0x09f8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
16:27:00.0780 0x09f8  RpcEptMapper - ok
16:27:00.0803 0x09f8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\windows\system32\locator.exe
16:27:00.0807 0x09f8  RpcLocator - ok
16:27:00.0859 0x09f8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\windows\system32\rpcss.dll
16:27:00.0876 0x09f8  RpcSs - ok
16:27:00.0907 0x09f8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
16:27:00.0912 0x09f8  rspndr - ok
16:27:00.0945 0x09f8  [ 3CEEE53BBF8BA284FF44585CEC0162FE, 5725A47BE8B7A9116983895FCB82CB2808B7B9C57BC285F3DFD7352E72DBC1FE ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
16:27:00.0954 0x09f8  RSUSBSTOR - ok
16:27:01.0036 0x09f8  [ A0CC67833ED3D0A110108BE3BCF579FB, B7F9E2566F63839A6681BB0E1520840A5B3DC1F05927B233D56E6DB3E09BE895 ] rtl8192se       C:\windows\system32\DRIVERS\rtl8192se.sys
16:27:01.0073 0x09f8  rtl8192se - ok
16:27:01.0100 0x09f8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\windows\system32\lsass.exe
16:27:01.0104 0x09f8  SamSs - ok
16:27:01.0123 0x09f8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
16:27:01.0128 0x09f8  sbp2port - ok
16:27:01.0164 0x09f8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\windows\System32\SCardSvr.dll
16:27:01.0174 0x09f8  SCardSvr - ok
16:27:01.0206 0x09f8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
16:27:01.0209 0x09f8  scfilter - ok
16:27:01.0282 0x09f8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\windows\system32\schedsvc.dll
16:27:01.0319 0x09f8  Schedule - ok
16:27:01.0342 0x09f8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\windows\System32\certprop.dll
16:27:01.0346 0x09f8  SCPolicySvc - ok
16:27:01.0389 0x09f8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\windows\System32\SDRSVC.dll
16:27:01.0398 0x09f8  SDRSVC - ok
16:27:01.0422 0x09f8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\windows\system32\drivers\secdrv.sys
16:27:01.0425 0x09f8  secdrv - ok
16:27:01.0468 0x09f8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\windows\system32\seclogon.dll
16:27:01.0473 0x09f8  seclogon - ok
16:27:01.0500 0x09f8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\windows\System32\sens.dll
16:27:01.0507 0x09f8  SENS - ok
16:27:01.0527 0x09f8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\windows\system32\sensrsvc.dll
16:27:01.0533 0x09f8  SensrSvc - ok
16:27:01.0551 0x09f8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\windows\system32\DRIVERS\serenum.sys
16:27:01.0554 0x09f8  Serenum - ok
16:27:01.0581 0x09f8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\windows\system32\DRIVERS\serial.sys
16:27:01.0586 0x09f8  Serial - ok
16:27:01.0620 0x09f8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\windows\system32\DRIVERS\sermouse.sys
16:27:01.0623 0x09f8  sermouse - ok
16:27:01.0690 0x09f8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\windows\system32\sessenv.dll
16:27:01.0698 0x09f8  SessionEnv - ok
16:27:01.0734 0x09f8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
16:27:01.0737 0x09f8  sffdisk - ok
16:27:01.0748 0x09f8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
16:27:01.0751 0x09f8  sffp_mmc - ok
16:27:01.0773 0x09f8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
16:27:01.0776 0x09f8  sffp_sd - ok
16:27:01.0801 0x09f8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\windows\system32\DRIVERS\sfloppy.sys
16:27:01.0804 0x09f8  sfloppy - ok
16:27:01.0882 0x09f8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\windows\System32\ipnathlp.dll
16:27:01.0907 0x09f8  SharedAccess - ok
16:27:01.0964 0x09f8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
16:27:01.0979 0x09f8  ShellHWDetection - ok
16:27:01.0989 0x09f8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\windows\system32\DRIVERS\SiSRaid2.sys
16:27:01.0993 0x09f8  SiSRaid2 - ok
16:27:02.0004 0x09f8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\windows\system32\DRIVERS\sisraid4.sys
16:27:02.0008 0x09f8  SiSRaid4 - ok
16:27:02.0045 0x09f8  [ 2F5AF9D91D51E832773D4A9EAF65CB33, AE7C75589040F700B5F5E93EACF022057C7D4571B496C86732E629B8AD0BF19D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
16:27:02.0050 0x09f8  SkypeUpdate - ok
16:27:02.0086 0x09f8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\windows\system32\DRIVERS\smb.sys
16:27:02.0091 0x09f8  Smb - ok
16:27:02.0141 0x09f8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\windows\System32\snmptrap.exe
16:27:02.0147 0x09f8  SNMPTRAP - ok
16:27:02.0177 0x09f8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\windows\system32\drivers\spldr.sys
16:27:02.0180 0x09f8  spldr - ok
16:27:02.0242 0x09f8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\windows\System32\spoolsv.exe
16:27:02.0263 0x09f8  Spooler - ok
16:27:02.0476 0x09f8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\windows\system32\sppsvc.exe
16:27:02.0620 0x09f8  sppsvc - ok
16:27:02.0676 0x09f8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\windows\system32\sppuinotify.dll
16:27:02.0693 0x09f8  sppuinotify - ok
16:27:02.0796 0x09f8  [ 484008985EEB63C0ABBBBC4F93E6AF06, 2916E1ADF0062387F422831CD724D2BAE6C1F67F9A949D57C43056ED30685557 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
16:27:02.0827 0x09f8  SpyHunter 4 Service - ok
16:27:02.0934 0x09f8  [ 96BABC4906ECDB1C69D1176F8647AD8E, DFBA5D62A9454E713BF9653B8D7F986F4318A2BB7985F3D93851D15453FE10A1 ] SRTSP           C:\windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
16:27:02.0962 0x09f8  SRTSP - ok
16:27:02.0994 0x09f8  [ C7F491A290E0E4222F5CDCD50EEB8167, C168EA224269A30C7A1AE14C2CDE6FEFBCB2DCB32927CB386DF7C35F51BB2BAD ] SRTSPX          C:\windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
16:27:02.0997 0x09f8  SRTSPX - ok
16:27:03.0072 0x09f8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\windows\system32\DRIVERS\srv.sys
16:27:03.0095 0x09f8  srv - ok
16:27:03.0127 0x09f8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
16:27:03.0142 0x09f8  srv2 - ok
16:27:03.0187 0x09f8  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\windows\system32\DRIVERS\VSTAZL6.SYS
16:27:03.0197 0x09f8  SrvHsfHDA - ok
16:27:03.0307 0x09f8  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\windows\system32\DRIVERS\VSTDPV6.SYS
16:27:03.0353 0x09f8  SrvHsfV92 - ok
16:27:03.0405 0x09f8  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\windows\system32\DRIVERS\VSTCNXT6.SYS
16:27:03.0428 0x09f8  SrvHsfWinac - ok
16:27:03.0473 0x09f8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
16:27:03.0480 0x09f8  srvnet - ok
16:27:03.0513 0x09f8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
16:27:03.0524 0x09f8  SSDPSRV - ok
16:27:03.0547 0x09f8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\windows\system32\sstpsvc.dll
16:27:03.0554 0x09f8  SstpSvc - ok
16:27:03.0604 0x09f8  [ 475031E4C054C11828A9AE3288C3B327, B75ECAD6D4003E83E73E7F211130900B5B82D48563368F01D091E8FD035DDD69 ] ssudmdm         C:\windows\system32\DRIVERS\ssudmdm.sys
16:27:03.0612 0x09f8  ssudmdm - ok
16:27:03.0643 0x09f8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\windows\system32\DRIVERS\stexstor.sys
16:27:03.0646 0x09f8  stexstor - ok
16:27:03.0675 0x09f8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\windows\system32\drivers\serscan.sys
16:27:03.0679 0x09f8  StillCam - ok
16:27:03.0739 0x09f8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\windows\System32\wiaservc.dll
16:27:03.0761 0x09f8  stisvc - ok
16:27:03.0794 0x09f8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\windows\system32\drivers\swenum.sys
16:27:03.0797 0x09f8  swenum - ok
16:27:03.0844 0x09f8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\windows\System32\swprv.dll
16:27:03.0863 0x09f8  swprv - ok
16:27:03.0913 0x09f8  [ 659B227A72B76115975A6A9491B2FE1F, 29DA3CD37BDBF2690B3C84233FC594A060EFB3B0D3C43B704CE9D8BE29943AD8 ] SymDS           C:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
16:27:03.0927 0x09f8  SymDS - ok
16:27:03.0973 0x09f8  [ 9F5783A4A03D0091CDBDAA858B566926, A30DED5DCD3B18214B86A08B88D0E98005E66A1C73AC000E24545CE88C9CC99B ] SymEFA          C:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
16:27:03.0984 0x09f8  SymEFA - ok
16:27:04.0014 0x09f8  [ 3F9D5FE52585E2653E59FDBFDF09A94C, 9BF7EAAEC513C61E2EF717A766932A678A135B0BA547E69771E5FCFBF080D004 ] SymEvent        C:\windows\system32\Drivers\SYMEVENT64x86.SYS
16:27:04.0021 0x09f8  SymEvent - ok
16:27:04.0071 0x09f8  [ F57588546E738DB1583981D8F44E9BC2, 843F111D820633505D6F6ED553B1F6AB1CAD82606CD3CDB14804AA7C8983CAF6 ] SymIRON         C:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
16:27:04.0078 0x09f8  SymIRON - ok
16:27:04.0112 0x09f8  [ 3ADFB72F0797AE3832509FE030755E21, 03BBAAB27ADCE2EE6A7F22734BEFC34D296DE6E5ECBEEEDD2B332E247543D2B2 ] SYMTDIv         C:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
16:27:04.0128 0x09f8  SYMTDIv - ok
16:27:04.0171 0x09f8  [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
16:27:04.0183 0x09f8  SynTP - ok
16:27:04.0325 0x09f8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\windows\system32\sysmain.dll
16:27:04.0380 0x09f8  SysMain - ok
16:27:04.0443 0x09f8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
16:27:04.0451 0x09f8  TabletInputService - ok
16:27:04.0479 0x09f8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\windows\System32\tapisrv.dll
16:27:04.0492 0x09f8  TapiSrv - ok
16:27:04.0515 0x09f8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\windows\System32\tbssvc.dll
16:27:04.0523 0x09f8  TBS - ok
16:27:04.0661 0x09f8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\windows\system32\drivers\tcpip.sys
16:27:04.0718 0x09f8  Tcpip - ok
16:27:04.0790 0x09f8  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
16:27:04.0842 0x09f8  TCPIP6 - ok
16:27:04.0899 0x09f8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
16:27:04.0905 0x09f8  tcpipreg - ok
16:27:04.0965 0x09f8  [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
16:27:04.0968 0x09f8  tdcmdpst - ok
16:27:04.0999 0x09f8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
16:27:05.0003 0x09f8  TDPIPE - ok
16:27:05.0038 0x09f8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
16:27:05.0044 0x09f8  TDTCP - ok
16:27:05.0098 0x09f8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
16:27:05.0104 0x09f8  tdx - ok
16:27:05.0140 0x09f8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\windows\system32\drivers\termdd.sys
16:27:05.0145 0x09f8  TermDD - ok
16:27:05.0200 0x09f8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\windows\System32\termsrv.dll
16:27:05.0224 0x09f8  TermService - ok
16:27:05.0251 0x09f8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\windows\system32\themeservice.dll
16:27:05.0265 0x09f8  Themes - ok
16:27:05.0308 0x09f8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\windows\system32\mmcss.dll
16:27:05.0313 0x09f8  THREADORDER - ok
16:27:05.0372 0x09f8  [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:27:05.0375 0x09f8  TMachInfo - ok
16:27:05.0412 0x09f8  [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv         C:\Windows\system32\TODDSrv.exe
16:27:05.0420 0x09f8  TODDSrv - ok
16:27:05.0515 0x09f8  [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:27:05.0535 0x09f8  TosCoSrv - ok
16:27:05.0685 0x09f8  [ BAE96AD126F4EED4D361B092BA2E61FE, DA52698953D1B97F79F55D939707F334DB914DF1038869009B8CB4FCADF62CF9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:27:05.0725 0x09f8  TOSHIBA eco Utility Service - ok
16:27:05.0912 0x09f8  [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:27:05.0940 0x09f8  TOSHIBA HDD SSD Alert Service - ok
16:27:06.0325 0x09f8  [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:27:06.0468 0x09f8  TPCHSrv - ok
16:27:06.0632 0x09f8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\windows\System32\trkwks.dll
16:27:06.0651 0x09f8  TrkWks - ok
16:27:06.0729 0x09f8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
16:27:06.0739 0x09f8  TrustedInstaller - ok
16:27:06.0800 0x09f8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
16:27:06.0804 0x09f8  tssecsrv - ok
16:27:06.0840 0x09f8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
16:27:06.0845 0x09f8  TsUsbFlt - ok
16:27:06.0879 0x09f8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
16:27:06.0886 0x09f8  tunnel - ok
16:27:06.0927 0x09f8  [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:27:06.0930 0x09f8  TVALZ - ok
16:27:06.0970 0x09f8  [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
16:27:06.0976 0x09f8  TVALZFL - ok
16:27:07.0043 0x09f8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\windows\system32\DRIVERS\uagp35.sys
16:27:07.0062 0x09f8  uagp35 - ok
16:27:07.0115 0x09f8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
16:27:07.0126 0x09f8  udfs - ok
16:27:07.0191 0x09f8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\windows\system32\UI0Detect.exe
16:27:07.0198 0x09f8  UI0Detect - ok
16:27:07.0249 0x09f8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
16:27:07.0258 0x09f8  uliagpkx - ok
16:27:07.0312 0x09f8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\windows\system32\DRIVERS\umbus.sys
16:27:07.0317 0x09f8  umbus - ok
16:27:07.0364 0x09f8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\windows\system32\DRIVERS\umpass.sys
16:27:07.0368 0x09f8  UmPass - ok
16:27:07.0415 0x09f8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\windows\System32\upnphost.dll
16:27:07.0435 0x09f8  upnphost - ok
16:27:07.0478 0x09f8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
16:27:07.0487 0x09f8  usbccgp - ok
16:27:07.0534 0x09f8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\windows\system32\drivers\usbcir.sys
16:27:07.0539 0x09f8  usbcir - ok
16:27:07.0573 0x09f8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
16:27:07.0577 0x09f8  usbehci - ok
16:27:07.0620 0x09f8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
16:27:07.0632 0x09f8  usbhub - ok
16:27:07.0656 0x09f8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
16:27:07.0659 0x09f8  usbohci - ok
16:27:07.0694 0x09f8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
16:27:07.0741 0x09f8  usbprint - ok
16:27:07.0829 0x09f8  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\windows\system32\drivers\usbscan.sys
16:27:07.0889 0x09f8  usbscan - ok
16:27:08.0040 0x09f8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
16:27:08.0046 0x09f8  USBSTOR - ok
16:27:08.0075 0x09f8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
16:27:08.0079 0x09f8  usbuhci - ok
16:27:08.0107 0x09f8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\windows\System32\Drivers\usbvideo.sys
16:27:08.0115 0x09f8  usbvideo - ok
16:27:08.0162 0x09f8  [ 7B28E2FBE75115660FAB31079C0A9F29, 81BB5A3E64B652A672A0782A88ABF6DDD729D38712D0706CE0FB9DE6D1EE1515 ] usb_rndisx      C:\windows\system32\DRIVERS\usb8023x.sys
16:27:08.0165 0x09f8  usb_rndisx - ok
16:27:08.0201 0x09f8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\windows\System32\uxsms.dll
16:27:08.0207 0x09f8  UxSms - ok
16:27:08.0222 0x09f8  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\windows\system32\lsass.exe
16:27:08.0226 0x09f8  VaultSvc - ok
16:27:08.0270 0x09f8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
16:27:08.0274 0x09f8  vdrvroot - ok
16:27:08.0331 0x09f8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\windows\System32\vds.exe
16:27:08.0351 0x09f8  vds - ok
16:27:08.0383 0x09f8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
16:27:08.0387 0x09f8  vga - ok
16:27:08.0410 0x09f8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\windows\System32\drivers\vga.sys
16:27:08.0415 0x09f8  VgaSave - ok
16:27:08.0453 0x09f8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
16:27:08.0461 0x09f8  vhdmp - ok
16:27:08.0497 0x09f8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\windows\system32\drivers\viaide.sys
16:27:08.0501 0x09f8  viaide - ok
16:27:08.0550 0x09f8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\windows\system32\drivers\volmgr.sys
16:27:08.0555 0x09f8  volmgr - ok
16:27:08.0607 0x09f8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
16:27:08.0623 0x09f8  volmgrx - ok
16:27:08.0675 0x09f8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\windows\system32\drivers\volsnap.sys
16:27:08.0686 0x09f8  volsnap - ok
16:27:08.0731 0x09f8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\windows\system32\DRIVERS\vsmraid.sys
16:27:08.0738 0x09f8  vsmraid - ok
16:27:08.0835 0x09f8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\windows\system32\vssvc.exe
16:27:08.0886 0x09f8  VSS - ok
16:27:09.0102 0x09f8  [ 2BF7C653F12F0C0F8EAD0C40EF710F4D, 55F61921645013FC53402169A2EB5C9FF1431621CA05145E4288ABC8069C2862 ] vToolbarUpdater17.3.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe
16:27:09.0154 0x09f8  vToolbarUpdater17.3.0 - ok
16:27:09.0166 0x09f8  VuuPCConnectivity - ok
16:27:09.0189 0x09f8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
16:27:09.0192 0x09f8  vwifibus - ok
16:27:09.0224 0x09f8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
16:27:09.0228 0x09f8  vwififlt - ok
16:27:09.0249 0x09f8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
16:27:09.0253 0x09f8  vwifimp - ok
16:27:09.0294 0x09f8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\windows\system32\w32time.dll
16:27:09.0309 0x09f8  W32Time - ok
16:27:09.0343 0x09f8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\windows\system32\DRIVERS\wacompen.sys
16:27:09.0347 0x09f8  WacomPen - ok
16:27:09.0390 0x09f8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
16:27:09.0395 0x09f8  WANARP - ok
16:27:09.0406 0x09f8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
16:27:09.0409 0x09f8  Wanarpv6 - ok
16:27:09.0497 0x09f8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
16:27:09.0536 0x09f8  WatAdminSvc - ok
16:27:09.0649 0x09f8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\windows\system32\wbengine.exe
16:27:09.0697 0x09f8  wbengine - ok
16:27:09.0737 0x09f8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
16:27:09.0748 0x09f8  WbioSrvc - ok
16:27:09.0802 0x09f8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\windows\System32\wcncsvc.dll
16:27:09.0818 0x09f8  wcncsvc - ok
16:27:09.0836 0x09f8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
16:27:09.0843 0x09f8  WcsPlugInService - ok
16:27:09.0869 0x09f8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\windows\system32\DRIVERS\wd.sys
16:27:09.0872 0x09f8  Wd - ok
16:27:09.0942 0x09f8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
16:27:09.0967 0x09f8  Wdf01000 - ok
16:27:09.0994 0x09f8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\windows\system32\wdi.dll
16:27:10.0002 0x09f8  WdiServiceHost - ok
16:27:10.0013 0x09f8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\windows\system32\wdi.dll
16:27:10.0020 0x09f8  WdiSystemHost - ok
16:27:10.0097 0x09f8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\windows\System32\webclnt.dll
16:27:10.0110 0x09f8  WebClient - ok
16:27:10.0146 0x09f8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\windows\system32\wecsvc.dll
16:27:10.0158 0x09f8  Wecsvc - ok
16:27:10.0181 0x09f8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\windows\System32\wercplsupport.dll
16:27:10.0188 0x09f8  wercplsupport - ok
16:27:10.0214 0x09f8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\windows\System32\WerSvc.dll
16:27:10.0223 0x09f8  WerSvc - ok
16:27:10.0246 0x09f8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
16:27:10.0249 0x09f8  WfpLwf - ok
16:27:10.0268 0x09f8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\windows\system32\drivers\wimmount.sys
16:27:10.0271 0x09f8  WIMMount - ok
16:27:10.0295 0x09f8  WinHttpAutoProxySvc - ok
16:27:10.0350 0x09f8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
16:27:10.0359 0x09f8  Winmgmt - ok
16:27:10.0496 0x09f8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\windows\system32\WsmSvc.dll
16:27:10.0567 0x09f8  WinRM - ok
16:27:10.0632 0x09f8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
16:27:10.0635 0x09f8  WinUsb - ok
16:27:10.0700 0x09f8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\windows\System32\wlansvc.dll
16:27:10.0731 0x09f8  Wlansvc - ok
16:27:10.0778 0x09f8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
16:27:10.0781 0x09f8  WmiAcpi - ok
16:27:10.0821 0x09f8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
16:27:10.0829 0x09f8  wmiApSrv - ok
16:27:10.0866 0x09f8  WMPNetworkSvc - ok
16:27:10.0918 0x09f8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\windows\System32\wpcsvc.dll
16:27:10.0926 0x09f8  WPCSvc - ok
16:27:10.0967 0x09f8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
16:27:10.0976 0x09f8  WPDBusEnum - ok
16:27:11.0004 0x09f8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
16:27:11.0007 0x09f8  ws2ifsl - ok
16:27:11.0049 0x09f8  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys
16:27:11.0052 0x09f8  WSDPrintDevice - ok
16:27:11.0063 0x09f8  WSearch - ok
16:27:11.0228 0x09f8  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\windows\system32\wuaueng.dll
16:27:11.0302 0x09f8  wuauserv - ok
16:27:11.0348 0x09f8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
16:27:11.0352 0x09f8  WudfPf - ok
16:27:11.0394 0x09f8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
16:27:11.0402 0x09f8  WUDFRd - ok
16:27:11.0449 0x09f8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
16:27:11.0456 0x09f8  wudfsvc - ok
16:27:11.0501 0x09f8  [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc         C:\windows\System32\wwansvc.dll
16:27:11.0516 0x09f8  WwanSvc - ok
16:27:11.0565 0x09f8  ================ Scan global ===============================
16:27:11.0612 0x09f8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
16:27:11.0681 0x09f8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
16:27:11.0701 0x09f8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
16:27:11.0733 0x09f8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
16:27:11.0808 0x09f8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
16:27:11.0821 0x09f8  [ Global ] - ok
16:27:11.0822 0x09f8  ================ Scan MBR ==================================
16:27:11.0837 0x09f8  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
16:27:12.0101 0x09f8  \Device\Harddisk0\DR0 - ok
16:27:12.0102 0x09f8  ================ Scan VBR ==================================
16:27:12.0105 0x09f8  [ DD76684B3133CBDEE8075F0F14238DF3 ] \Device\Harddisk0\DR0\Partition1
16:27:12.0107 0x09f8  \Device\Harddisk0\DR0\Partition1 - ok
16:27:12.0110 0x09f8  Waiting for KSN requests completion. In queue: 120
16:27:13.0110 0x09f8  Waiting for KSN requests completion. In queue: 120
16:27:14.0110 0x09f8  Waiting for KSN requests completion. In queue: 120
16:27:15.0232 0x09f8  AV detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\WSCStub.exe (  ), 0x50010 ( disabled : outofdate )
16:27:15.0235 0x09f8  FW detected via SS2: Norton Internet Security, C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\WSCStub.exe (  ), 0x50010 ( disabled )
16:27:15.0298 0x09f8  Win FW state via NFP2: enabled
16:27:31.0380 0x09f8  ============================================================
16:27:31.0380 0x09f8  Scan finished
16:27:31.0380 0x09f8  ============================================================
16:27:31.0405 0x20c8  Detected object count: 0
16:27:31.0405 0x20c8  Actual detected object count: 0
 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 17 February 2014 - 06:06 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

Ask toolbar


Close the window.

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir=
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAA992FBD-DE8E-4C82-9D8C-D0779F173880&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms}
    SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAA992FBD-DE8E-4C82-9D8C-D0779F173880&q={searchTerms}&SSPV=
    BHO: Shopop WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
    Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
    FF Homepage: hxxp://pandasecurity.mystart.com/?pr=vmn&id=pandasecuritytb&v=4_1&utm_campaign=653&ent=hp_653&u=92ADF1CD2100392FBF535552F90CD8C5
    FF Keyword.URL: hxxp://www.mystart.com/results.php?pr=vmn&id=pandasecuritytb&v=4_1&ent=bs____campaignID___&u=92ADF1CD2100392FBF535552F90CD8C5&q=
    FF SearchPlugin: C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\searchplugins\Mysearchdial.xml
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
    FF Extension: Koala Personal Search - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\a6d5f3ea-8d29-452c-94c0-878cb1985d57@b1e2f4a0-21fc-44c4-8d96-96e463afd762.com [2014-01-27]
    FF Extension: mysearchdial.com - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\ffxtlbr@mysearchdial.com [2014-01-02]
    FF Extension: MySearchDial NewTab - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-02]
    CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir=
    CHR DefaultSearchKeyword: pandasecurity.mystart.com
    CHR DefaultSearchProvider: Search The Web
    CHR DefaultSearchURL: http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms}
    CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\cavasinj\AppData\Local\mysearchdial-speeddial.crx [2011-12-22]
    CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\cavasinj\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2013-08-19]
    CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2014-01-06]
    AlternateDataStreams: C:\Users\cavasinj\Downloads\Re.eml:OECustomProperty
    
    S2 VuuPCConnectivity
    
    C:\Users\cavasinj\AppData\Local\RewardsArcade
    C:\Program Files (x86)\Jump Flip
    C:\Program Files (x86)\VuuP
    C:\Users\cavasinj\AppData\Roaming\Systweak
    C:\ProgramData\cwes.exe
    C:\ProgramData\dfvg.exe
    C:\ProgramData\kfvg.exe
    C:\ProgramData\ojfp.exe
    C:\Users\cavasinj\CadStd_Pro_V3_Install.exe
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 February 2014 - 10:27 AM

So I attempted to find and remove the Ask Toolbar, through multiple avenues.  I could not find it in the list of installed programs for removal.  However, to keep things moving, I ran performed the rest of the instructions as above.  Below is the fixlog from FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-02-2014
Ran by cavasinj at 2014-02-17 09:22:27 Run:1
Running from C:\Users\cavasinj\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAA992FBD-DE8E-4C82-9D8C-D0779F173880&q={searchTerms}&SSPV=
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms}
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPAA992FBD-DE8E-4C82-9D8C-D0779F173880&q={searchTerms}&SSPV=
BHO: Shopop WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - Shopop Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\windows\system32\mscoree.dll (Microsoft Corporation)
FF Homepage: hxxp://pandasecurity.mystart.com/?pr=vmn&id=pandasecuritytb&v=4_1&utm_campaign=653&ent=hp_653&u=92ADF1CD2100392FBF535552F90CD8C5
FF Keyword.URL: hxxp://www.mystart.com/results.php?pr=vmn&id=pandasecuritytb&v=4_1&ent=bs____campaignID___&u=92ADF1CD2100392FBF535552F90CD8C5&q=
FF SearchPlugin: C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml
FF Extension: Koala Personal Search - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\a6d5f3ea-8d29-452c-94c0-878cb1985d57@b1e2f4a0-21fc-44c4-8d96-96e463afd762.com [2014-01-27]
FF Extension: mysearchdial.com - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\ffxtlbr@mysearchdial.com [2014-01-02]
FF Extension: MySearchDial NewTab - C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} [2014-01-02]
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir=
CHR DefaultSearchKeyword: pandasecurity.mystart.com
CHR DefaultSearchProvider: Search The Web
CHR DefaultSearchURL: http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms}
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\cavasinj\AppData\Local\mysearchdial-speeddial.crx [2011-12-22]
CHR HKLM-x32\...\Chrome\Extension: [dcmagccbogebndpoodhhhafmofelpffh] - C:\Users\cavasinj\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx [2013-08-19]
CHR HKLM-x32\...\Chrome\Extension: [hphehadppenpmajgnkjdcopcfijjegaf] - C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx [2014-01-06]
AlternateDataStreams: C:\Users\cavasinj\Downloads\Re.eml:OECustomProperty

S2 VuuPCConnectivity

C:\Users\cavasinj\AppData\Local\RewardsArcade
C:\Program Files (x86)\Jump Flip
C:\Program Files (x86)\VuuP
C:\Users\cavasinj\AppData\Roaming\Systweak
C:\ProgramData\cwes.exe
C:\ProgramData\dfvg.exe
C:\ProgramData\kfvg.exe
C:\ProgramData\ojfp.exe
C:\Users\cavasinj\CadStd_Pro_V3_Install.exe
*****************

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key deleted successfully.
HKCR\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key deleted successfully.
HKCR\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key deleted successfully.
HKCR\CLSID\{31ad400d-1b06-4e33-a59a-90c2c140cba0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => Value deleted successfully.
HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} => Key deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\searchplugins\Mysearchdial.xml => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\adawaretb.xml => Moved successfully.
C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\a6d5f3ea-8d29-452c-94c0-878cb1985d57@b1e2f4a0-21fc-44c4-8d96-96e463afd762.com => Moved successfully.
C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\ffxtlbr@mysearchdial.com => Moved successfully.
C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} => Moved successfully.
CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0CzztD0A0Azy0Azz0B0C0E0B0EtCyE0CtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1896144905&ir= ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchKeyword: pandasecurity.mystart.com ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchProvider: Search The Web ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSearchURL: http://pandasecurity.mystart.com/results.php?gen=ms&pr=vmn&id=pandasecuritytb&v=4_1&ent=ch_653&q={searchTerms} ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff => Key deleted successfully.
"C:\Users\cavasinj\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dcmagccbogebndpoodhhhafmofelpffh => Key deleted successfully.
"C:\Users\cavasinj\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hphehadppenpmajgnkjdcopcfijjegaf => Key deleted successfully.
"C:\Program Files (x86)\Jump Flip\hphehadppenpmajgnkjdcopcfijjegaf.crx" => File/Directory not found.
C:\Users\cavasinj\Downloads\Re.eml => ":OECustomProperty" ADS removed successfully.
"C:\Users\cavasinj\AppData\Local\RewardsArcade" => File/Directory not found.
"C:\Program Files (x86)\Jump Flip" => File/Directory not found.
"C:\Program Files (x86)\VuuP" => File/Directory not found.
C:\Users\cavasinj\AppData\Roaming\Systweak => Moved successfully.
C:\ProgramData\cwes.exe => Moved successfully.
C:\ProgramData\dfvg.exe => Moved successfully.
C:\ProgramData\kfvg.exe => Moved successfully.
C:\ProgramData\ojfp.exe => Moved successfully.
C:\Users\cavasinj\CadStd_Pro_V3_Install.exe => Moved successfully.

==== End of Fixlog ====



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 17 February 2014 - 10:28 AM

Skip the MBAM scan run.

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 17 February 2014 - 01:52 PM

ESET Log as requested:

 

C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$R0R0G38.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$R33DS1J.exe    Win32/Packed.ScrambleWrapper.G potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RAM4826.exe    Win32/Wajam.C potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RFPZHM8.exe    a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RMGTK7O.exe    a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RNMFG9A.exe    Win32/Wajam.F potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RPLXQR5.exe    Win32/InstallCore.AZ potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RQ3X4SN.exe    Win32/InstallCore.AZ potentially unwanted application
C:\$RECYCLE.BIN\S-1-5-21-4247545617-1322224138-1498987710-1000\$RROFOXA.exe    a variant of Win32/InstallCore.D potentially unwanted application
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\pandasecuritytb\dtUser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\cavasinj\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe    a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\cavasinj\AppData\Roaming\Mozilla\Firefox\Profiles\zqve1y7u.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}\dtUser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\cavasinj\Downloads\PIP267_AVR10_.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 18 February 2014 - 04:14 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and keep only one of them.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 EastNasty

EastNasty
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:09 PM

Posted 18 February 2014 - 07:23 AM

the antivirus programs you see, outzside of AVG, were all additions to my computer once the virus showed up. I tried one at a time when the last seemed to not work. I will remove these when I get back home today. What are my steps after removing them?

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 18 February 2014 - 07:33 AM

I need to know the one you want to keep, first.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users