Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Infected with a Trojan


  • This topic is locked This topic is locked
23 replies to this topic

#1 Shooshy

Shooshy

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 07 March 2014 - 10:44 AM

http://www.bleepingcomputer.com/forums/t/526484/java-update-problem/?p=3305391

 

Above is a link where I was working with dc3 to remove some Malware.  He suggested that I make a thread here.

 

I ran dds, but it only produce one .txt file.  I have attached it below.  Also, I am attaching a file that I snipped from my screen.  These keep popping up and will continue until there are 60 or so screens and then sometimes they disappear. 

 

Thanks so much for your help!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 07 March 2014 - 11:00 AM

Hi there,

judging from your other thread your computer is severely infected.
Let's have a closer look:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 07 March 2014 - 11:20 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014
Ran by Jack (administrator) on JACK-PC on 07-03-2014 11:07:44
Running from C:\Users\Jack\Desktop
Microsoft® Windows Vista™ Business  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
( ) C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
() C:\Program Files\Softex\OmniPass\scureapp.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe
() C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe
() C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\system32\WerFault.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4706304 2007-11-23] (Realtek Semiconductor)
HKLM\...\Run: [Name of App] - C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe [675935 2008-07-07] ( )
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [OmniPass] - C:\Program Files\Softex\OmniPass\scureapp.exe [2670592 2008-03-31] ()
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [stqauweu] - C:\Users\Jack\AppData\Local\jotllpdr.exe [154624 2014-03-05] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Qoomgaziotqepo] - C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe [277504 2014-03-05] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Hoivucgeycuzaga] - C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe [276992 2014-03-05] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Sacaapuh] - C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe [280576 2014-03-05] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Aligogfacuafpy] - C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe [276992 2014-03-05] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Ohadkeab] - C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe [279672 2014-01-19] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [psgsgamt] - C:\Users\Jack\AppData\Local\vccjlkqr.exe [163840 2014-03-06] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Xoallogivyisduu] - C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe [280715 2014-02-19] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Exegni] - C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe [282853 2014-01-21] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Pycevavaotm] - C:\Users\Jack\AppData\Roaming\Owabza\okhyr.exe [282853 2014-02-06] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Waqauk] - C:\Users\Jack\AppData\Roaming\Obywsya\utdioce.exe [280576 2014-01-29] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1005\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\jtkiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\lgx9nv7h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S4 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [1179648 2008-12-05] (BitDefender SRL)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2008-03-31] (Softex Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S2 rsyncd; C:\rsyncd\cygrunsrv.exe [43008 2009-01-16] ()
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [151552 2008-11-21] (S.C. BitDefender S.R.L)
S4 XCOMM; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [86016 2007-11-27] (BitDefender)
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]

==================== Drivers (Whitelisted) ====================

R3 DM9102; C:\Windows\System32\DRIVERS\DM9PCI5.SYS [33207 2001-07-25] (CNet Technology, Inc.                                                    )
S3 FLMckUsb; C:\Windows\System32\DRIVERS\ATTchDrv.sys [88192 2007-11-17] (AuthenTec, Inc.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2014-03-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Profos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [12800 2007-07-12] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 11:07 - 2014-03-07 11:09 - 00013593 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-07 11:06 - 2014-03-07 11:07 - 00000000 ____D () C:\FRST
2014-03-07 11:04 - 2014-03-07 11:04 - 01145344 _____ (Farbar) C:\Users\Jack\Desktop\FRST.exe
2014-03-07 10:26 - 2014-03-07 10:35 - 00002021 _____ () C:\Users\Jack\Desktop\attach.txt
2014-03-07 10:23 - 2014-03-07 10:23 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-03-07 09:46 - 2014-03-07 09:46 - 00448512 _____ (OldTimer Tools) C:\Users\Jack\Downloads\TFC.exe
2014-03-07 09:39 - 2014-03-07 11:00 - 00000790 _____ () C:\Windows\Tasks\Security Center Update - 1187788997.job
2014-03-07 09:39 - 2014-03-07 09:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Owabza
2014-03-07 09:36 - 2014-03-07 09:36 - 00099176 _____ () C:\Users\Jack\AppData\Local\wcskekou.exe
2014-03-07 08:33 - 2014-03-07 11:00 - 00000796 _____ () C:\Windows\Tasks\Security Center Update - 4146715376.job
2014-03-07 08:33 - 2014-03-07 08:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Akriogg
2014-03-06 13:47 - 2014-03-07 11:00 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 1192784356.job
2014-03-06 13:47 - 2014-03-06 13:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Idsuceol
2014-03-06 13:44 - 2014-03-06 13:44 - 00095080 _____ () C:\Users\Jack\AppData\Local\mcsqkvie.exe
2014-03-06 09:53 - 2014-03-07 11:00 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 1765193067.job
2014-03-06 09:53 - 2014-03-06 09:53 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Gyugytb
2014-03-06 09:50 - 2014-03-06 09:50 - 00095080 _____ () C:\Users\Jack\AppData\Local\fciauvor.exe
2014-03-06 09:09 - 2014-03-06 09:09 - 00003735 _____ () C:\Users\Jack\Desktop\esetscan.txt
2014-03-06 06:05 - 2014-03-06 06:05 - 00163840 _____ () C:\Users\Jack\AppData\Local\vccjlkqr.exe
2014-03-06 05:42 - 2014-03-07 11:00 - 00000794 _____ () C:\Windows\Tasks\Security Center Update - 2258981729.job
2014-03-06 05:42 - 2014-03-06 05:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybsigu
2014-03-06 01:48 - 2014-03-07 11:00 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 2793911936.job
2014-03-06 01:48 - 2014-03-06 01:48 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Amadbur
2014-03-05 21:41 - 2014-03-07 11:00 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 1293679475.job
2014-03-05 21:41 - 2014-03-05 21:41 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Obywsya
2014-03-05 17:47 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Beapicn
2014-03-05 16:01 - 2014-03-05 16:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-05 16:00 - 2014-03-05 16:00 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:10 - 2014-03-05 15:10 - 00001054 _____ () C:\Users\Jack\Desktop\AdwCleaner[S1].txt
2014-03-05 14:52 - 2014-03-05 14:52 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT(1).exe
2014-03-05 13:44 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Senagius
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT.exe
2014-03-05 13:04 - 2014-03-05 14:30 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:04 - 2014-03-05 13:04 - 01244192 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-03-05 09:40 - 2014-03-05 15:12 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Igumly
2014-03-05 06:32 - 2014-03-05 06:32 - 00154624 _____ () C:\Users\Jack\AppData\Local\jotllpdr.exe
2014-03-05 05:44 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Yvubik
2014-03-05 01:49 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Incuudx
2014-03-04 21:42 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ydeppu
2014-03-04 17:48 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Fazeyx
2014-03-04 14:45 - 2014-03-04 14:45 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 13:52 - 2014-03-04 13:52 - 00000000 ____D () C:\Users\Jack\AppData\Local\Macromedia
2014-03-04 13:47 - 2014-03-04 13:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Hooqhiu
2014-03-04 10:31 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xyectofo
2014-03-03 21:47 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Elriikx
2014-03-03 17:38 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Acgazaak
2014-03-03 13:45 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iquvdos
2014-03-03 10:42 - 2014-03-05 21:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ivofibo
2014-03-01 01:39 - 2014-03-05 15:12 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nynedae
2014-02-28 21:45 - 2014-03-05 15:12 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Elzeaqz
2014-02-28 17:38 - 2014-03-05 15:12 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Pycily
2014-02-28 13:43 - 2014-03-05 15:15 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Fakyva
2014-02-28 09:37 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Angaym
2014-02-28 07:52 - 2014-02-28 12:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Cyudyqe
2014-02-27 13:40 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Avfuik
2014-02-27 09:45 - 2014-02-28 12:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Woygaga
2014-02-26 14:27 - 2014-02-28 12:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ludoaty
2014-02-26 09:51 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Qauzvida
2014-02-26 05:45 - 2014-02-28 12:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nyyvoky
2014-02-26 01:51 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Umxeer
2014-02-25 21:42 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Uvzyeh
2014-02-25 17:47 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ukfaque
2014-02-25 14:30 - 2014-03-06 14:49 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job
2014-02-25 13:39 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nyabbu
2014-02-25 09:45 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Awyqogi
2014-02-25 05:37 - 2014-02-28 12:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybabutzo
2014-02-25 01:44 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Giofiphu
2014-02-24 21:48 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Etanpif
2014-02-24 17:41 - 2014-02-28 12:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Daipaqi
2014-02-24 13:46 - 2014-02-28 12:54 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Cielpupa
2014-02-24 11:08 - 2014-02-24 11:08 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes
2014-02-24 09:39 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Asnywa
2014-02-24 07:55 - 2014-02-24 11:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Hoibadv
2014-02-21 17:42 - 2014-02-24 11:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Buselae
2014-02-21 13:47 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Agsoob
2014-02-21 10:04 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ofimyf
2014-02-21 05:49 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Beokca
2014-02-21 01:42 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Riemip
2014-02-20 21:48 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Vufeow
2014-02-20 17:40 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Laxiobo
2014-02-20 15:32 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Vuylosa
2014-02-20 07:46 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nyupulof
2014-02-20 01:42 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Owxusy
2014-02-19 21:50 - 2014-02-24 11:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Maapvy
2014-02-19 17:40 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Peoptiqi
2014-02-19 15:34 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Onzyqi
2014-02-19 09:48 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Suaxidop
2014-02-19 05:40 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Eqpiowa
2014-02-19 01:42 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Elovot
2014-02-18 21:47 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xiamudo
2014-02-18 17:40 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iwebib
2014-02-18 13:45 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ecpeibty
2014-02-18 10:22 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Etdita
2014-02-17 14:20 - 2014-03-07 10:18 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-02-17 13:59 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Zoypery
2014-02-17 13:19 - 2014-02-17 13:19 - 00068161 _____ () C:\Users\Jack\AppData\Local\wvpejnxt
2014-02-17 13:06 - 2014-02-17 13:06 - 00068161 _____ () C:\Users\Jack\AppData\Local\wxvapexd
2014-02-17 12:53 - 2014-02-17 12:53 - 00068161 _____ () C:\Users\Jack\AppData\Local\bwprekrr
2014-02-17 12:40 - 2014-02-17 12:40 - 00068161 _____ () C:\Users\Jack\AppData\Local\qrmqpefc
2014-02-17 12:13 - 2014-02-17 12:13 - 00068260 _____ () C:\Users\Jack\AppData\Local\sbefchjb
2014-02-17 10:43 - 2014-02-24 11:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Kesipi
2014-02-14 13:43 - 2014-02-24 11:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Reynbe
2014-02-14 10:32 - 2014-03-07 10:22 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-02-14 09:57 - 2014-02-24 11:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Inkuehna
2014-02-14 09:56 - 2014-02-14 09:56 - 00012326 _____ () C:\Users\Jack\AppData\Local\icwdbpqq
2014-02-14 09:55 - 2014-02-14 09:55 - 00068260 _____ () C:\Users\Jack\AppData\Local\gcvjkhoo
2014-02-14 08:44 - 2014-02-14 08:44 - 00000000 _____ () C:\Users\Jack\AppData\Roaming\SharedSettings.ccs
2014-02-06 10:52 - 2014-02-21 13:53 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-03-07 11:15 - 2008-11-11 15:41 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{03806ACC-27AB-479D-9244-B490C44233F8}.job
2014-03-07 11:15 - 2008-10-27 12:02 - 00000434 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job
2014-03-07 11:11 - 2014-01-15 14:00 - 00000000 ____D () C:\Users\Jack
2014-03-07 11:11 - 2008-08-25 07:50 - 166355968 _____ () C:\Users\Jack\archive.pst
2014-03-07 11:09 - 2014-03-07 11:07 - 00013593 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-07 11:07 - 2014-03-07 11:06 - 00000000 ____D () C:\FRST
2014-03-07 11:04 - 2014-03-07 11:04 - 01145344 _____ (Farbar) C:\Users\Jack\Desktop\FRST.exe
2014-03-07 11:00 - 2014-03-07 09:39 - 00000790 _____ () C:\Windows\Tasks\Security Center Update - 1187788997.job
2014-03-07 11:00 - 2014-03-07 08:33 - 00000796 _____ () C:\Windows\Tasks\Security Center Update - 4146715376.job
2014-03-07 11:00 - 2014-03-06 13:47 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 1192784356.job
2014-03-07 11:00 - 2014-03-06 09:53 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 1765193067.job
2014-03-07 11:00 - 2014-03-06 05:42 - 00000794 _____ () C:\Windows\Tasks\Security Center Update - 2258981729.job
2014-03-07 11:00 - 2014-03-06 01:48 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 2793911936.job
2014-03-07 11:00 - 2014-03-05 21:41 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 1293679475.job
2014-03-07 10:52 - 2013-09-11 14:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 10:35 - 2014-03-07 10:26 - 00002021 _____ () C:\Users\Jack\Desktop\attach.txt
2014-03-07 10:23 - 2014-03-07 10:23 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-03-07 10:22 - 2014-02-14 10:32 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-03-07 10:21 - 2008-01-20 20:39 - 01134940 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 10:18 - 2014-02-17 14:20 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-03-07 10:17 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 10:17 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 10:17 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 10:16 - 2006-11-02 08:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-07 09:46 - 2014-03-07 09:46 - 00448512 _____ (OldTimer Tools) C:\Users\Jack\Downloads\TFC.exe
2014-03-07 09:39 - 2014-03-07 09:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Owabza
2014-03-07 09:36 - 2014-03-07 09:36 - 00099176 _____ () C:\Users\Jack\AppData\Local\wcskekou.exe
2014-03-07 08:33 - 2014-03-07 08:33 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Akriogg
2014-03-07 08:31 - 2006-11-02 05:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 14:49 - 2014-02-25 14:30 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job
2014-03-06 13:47 - 2014-03-06 13:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Idsuceol
2014-03-06 13:44 - 2014-03-06 13:44 - 00095080 _____ () C:\Users\Jack\AppData\Local\mcsqkvie.exe
2014-03-06 09:53 - 2014-03-06 09:53 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Gyugytb
2014-03-06 09:50 - 2014-03-06 09:50 - 00095080 _____ () C:\Users\Jack\AppData\Local\fciauvor.exe
2014-03-06 09:09 - 2014-03-06 09:09 - 00003735 _____ () C:\Users\Jack\Desktop\esetscan.txt
2014-03-06 06:05 - 2014-03-06 06:05 - 00163840 _____ () C:\Users\Jack\AppData\Local\vccjlkqr.exe
2014-03-06 05:42 - 2014-03-06 05:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybsigu
2014-03-06 01:48 - 2014-03-06 01:48 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Amadbur
2014-03-05 21:51 - 2014-03-05 17:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Beapicn
2014-03-05 21:51 - 2014-03-05 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Senagius
2014-03-05 21:51 - 2014-03-05 05:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Yvubik
2014-03-05 21:51 - 2014-03-05 01:49 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Incuudx
2014-03-05 21:51 - 2014-03-04 21:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ydeppu
2014-03-05 21:51 - 2014-03-04 17:48 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Fazeyx
2014-03-05 21:51 - 2014-03-04 10:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xyectofo
2014-03-05 21:51 - 2014-03-03 21:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Elriikx
2014-03-05 21:51 - 2014-03-03 17:38 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Acgazaak
2014-03-05 21:51 - 2014-03-03 13:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iquvdos
2014-03-05 21:51 - 2014-03-03 10:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ivofibo
2014-03-05 21:41 - 2014-03-05 21:41 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Obywsya
2014-03-05 16:01 - 2014-03-05 16:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-05 16:00 - 2014-03-05 16:00 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:15 - 2014-02-28 13:43 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Fakyva
2014-03-05 15:15 - 2006-11-02 08:00 - 00059200 _____ () C:\Windows\PFRO.log
2014-03-05 15:12 - 2014-03-05 09:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Igumly
2014-03-05 15:12 - 2014-03-01 01:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nynedae
2014-03-05 15:12 - 2014-02-28 21:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Elzeaqz
2014-03-05 15:12 - 2014-02-28 17:38 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Pycily
2014-03-05 15:10 - 2014-03-05 15:10 - 00001054 _____ () C:\Users\Jack\Desktop\AdwCleaner[S1].txt
2014-03-05 14:52 - 2014-03-05 14:52 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT(1).exe
2014-03-05 14:30 - 2014-03-05 13:04 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT.exe
2014-03-05 13:04 - 2014-03-05 13:04 - 01244192 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-03-05 06:32 - 2014-03-05 06:32 - 00154624 _____ () C:\Users\Jack\AppData\Local\jotllpdr.exe
2014-03-04 15:03 - 2012-06-26 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 14:45 - 2014-03-04 14:45 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 13:52 - 2014-03-04 13:52 - 00000000 ____D () C:\Users\Jack\AppData\Local\Macromedia
2014-03-04 13:47 - 2014-03-04 13:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Hooqhiu
2014-02-28 15:00 - 2014-01-17 12:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\HpUpdate
2014-02-28 12:54 - 2014-02-28 07:52 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Cyudyqe
2014-02-28 12:54 - 2014-02-27 09:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Woygaga
2014-02-28 12:54 - 2014-02-26 14:27 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ludoaty
2014-02-28 12:54 - 2014-02-26 05:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nyyvoky
2014-02-28 12:54 - 2014-02-25 05:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybabutzo
2014-02-28 12:54 - 2014-02-24 13:46 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Cielpupa
2014-02-28 12:52 - 2014-02-28 09:37 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Angaym
2014-02-28 12:52 - 2014-02-27 13:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Avfuik
2014-02-28 12:52 - 2014-02-26 09:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Qauzvida
2014-02-28 12:52 - 2014-02-26 01:51 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Umxeer
2014-02-28 12:52 - 2014-02-25 21:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Uvzyeh
2014-02-28 12:52 - 2014-02-25 17:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ukfaque
2014-02-28 12:52 - 2014-02-25 13:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nyabbu
2014-02-28 12:52 - 2014-02-25 09:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Awyqogi
2014-02-28 12:52 - 2014-02-25 01:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Giofiphu
2014-02-28 12:52 - 2014-02-24 21:48 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Etanpif
2014-02-28 12:52 - 2014-02-24 17:41 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Daipaqi
2014-02-24 11:40 - 2014-02-24 07:55 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Hoibadv
2014-02-24 11:40 - 2014-02-21 17:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Buselae
2014-02-24 11:40 - 2014-02-19 21:50 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Maapvy
2014-02-24 11:40 - 2014-02-17 10:43 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Kesipi
2014-02-24 11:40 - 2014-02-14 09:57 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Inkuehna
2014-02-24 11:40 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\SchCache
2014-02-24 11:37 - 2014-02-24 09:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Asnywa
2014-02-24 11:37 - 2014-02-21 13:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Agsoob
2014-02-24 11:37 - 2014-02-21 10:04 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ofimyf
2014-02-24 11:37 - 2014-02-21 05:49 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Beokca
2014-02-24 11:37 - 2014-02-21 01:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Riemip
2014-02-24 11:37 - 2014-02-20 21:48 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Vufeow
2014-02-24 11:37 - 2014-02-20 17:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Laxiobo
2014-02-24 11:37 - 2014-02-20 15:32 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Vuylosa
2014-02-24 11:37 - 2014-02-20 07:46 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Nyupulof
2014-02-24 11:37 - 2014-02-20 01:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Owxusy
2014-02-24 11:37 - 2014-02-19 17:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Peoptiqi
2014-02-24 11:37 - 2014-02-19 15:34 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Onzyqi
2014-02-24 11:37 - 2014-02-19 09:48 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Suaxidop
2014-02-24 11:37 - 2014-02-19 05:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Eqpiowa
2014-02-24 11:37 - 2014-02-19 01:42 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Elovot
2014-02-24 11:37 - 2014-02-18 21:47 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xiamudo
2014-02-24 11:37 - 2014-02-18 17:40 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iwebib
2014-02-24 11:37 - 2014-02-18 13:45 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ecpeibty
2014-02-24 11:37 - 2014-02-18 10:22 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Etdita
2014-02-24 11:37 - 2014-02-17 13:59 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Zoypery
2014-02-24 11:37 - 2014-02-14 13:43 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Reynbe
2014-02-24 11:08 - 2014-02-24 11:08 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Malwarebytes
2014-02-24 10:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-21 13:53 - 2014-02-06 10:52 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-02-21 13:53 - 2013-09-11 14:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:53 - 2012-04-05 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 11:29 - 2014-01-30 11:39 - 00000382 _____ () C:\Users\Jack\AppData\Roaming\SamsungLiveUpdateConfig.ini
2014-02-19 11:29 - 2010-12-06 09:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-17 13:19 - 2014-02-17 13:19 - 00068161 _____ () C:\Users\Jack\AppData\Local\wvpejnxt
2014-02-17 13:06 - 2014-02-17 13:06 - 00068161 _____ () C:\Users\Jack\AppData\Local\wxvapexd
2014-02-17 12:53 - 2014-02-17 12:53 - 00068161 _____ () C:\Users\Jack\AppData\Local\bwprekrr
2014-02-17 12:40 - 2014-02-17 12:40 - 00068161 _____ () C:\Users\Jack\AppData\Local\qrmqpefc
2014-02-17 12:13 - 2014-02-17 12:13 - 00068260 _____ () C:\Users\Jack\AppData\Local\sbefchjb
2014-02-14 09:56 - 2014-02-14 09:56 - 00012326 _____ () C:\Users\Jack\AppData\Local\icwdbpqq
2014-02-14 09:55 - 2014-02-14 09:55 - 00068260 _____ () C:\Users\Jack\AppData\Local\gcvjkhoo
2014-02-14 08:44 - 2014-02-14 08:44 - 00000000 _____ () C:\Users\Jack\AppData\Roaming\SharedSettings.ccs
2014-02-14 08:35 - 2014-01-16 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 08:32 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-05 16:23 - 2006-11-02 07:52 - 00031958 _____ () C:\Windows\setupact.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-07 10:24

==================== End Of Log ============================



#4 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 07 March 2014 - 11:22 AM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014
Ran by Jack at 2014-03-07 11:16:48
Running from C:\Users\Jack\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (HKLM\...\{52581E8C-F0AE-44CD-84A7-CF0945B2628C}) (Version: 7.10.0.1129 - AuthenTec)
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitDefender Antivirus 2008 (HKLM\...\{C6E8173D-40EE-4998-B659-CA19F1F278BA}) (Version: 11.0.17 - BitDefender)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bovada Casino  (HKLM\...\Bovada Casino) (Version:  - Bovada)
Brother MFL-Pro Suite MFC-7860DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FW LiveUpdate (HKLM\...\{11F5D779-7BD9-465A-BBC4-10701386BCB9}) (Version: 2.0.2.2 - SAMSUNG)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5657 (Version: 5.01.13 - Softex Inc.) Hidden
Inst565a (Version: 5.01.13 - Softex Inc.) Hidden
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
LightScribe System Software  1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - http://www.lightscribe.com)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}) (Version: 2.6.0.35 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{7BAA9BA8-0761-42EF-842A-23FAA5321033}) (Version: 7.03.0976 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OmniPass 5.01.13 (HKLM\...\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}) (Version: 5.01.13 - Softex Inc.)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
QuickBooks Premier: Contractor Edition 2008 (HKLM\...\{8ECB8220-F426-4BEB-9596-97033C533702}) (Version: 18.0.4008.606 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5519 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C73F2967-062E-48F2-A462-D335B8950183}) (Version: 5.33.20.27 - Apple Inc.)
Scansoft PDF Professional (Version:  - ) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User State Migration Tools version 3.0.1 (HKLM\...\{EACB261C-5C4D-4CB4-B8CC-0EF998C5B3E8}) (Version: 3.0.1 - Microsoft Corporation)
ViewChoice (HKLM\...\{48312CB9-F5D5-4E4B-8D5D-34AEF45DAE1F}) (Version: 1.0.0 - Default Company Name)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{492F8345-095D-467F-926C-278870D93ECF}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

24-01-2014 12:32:44 Windows Update
27-01-2014 12:53:04 Scheduled Checkpoint
28-01-2014 12:51:27 Windows Update
30-01-2014 18:40:02 Scheduled Checkpoint
31-01-2014 06:42:27 Windows Update
03-02-2014 14:10:25 Scheduled Checkpoint
04-02-2014 05:00:00 Scheduled Checkpoint
04-02-2014 06:16:36 Windows Update
06-02-2014 16:58:14 Scheduled Checkpoint
07-02-2014 12:42:18 Windows Update
10-02-2014 16:10:38 Scheduled Checkpoint
11-02-2014 12:48:29 Windows Update
14-02-2014 13:31:40 Windows Update
14-02-2014 13:35:10 Windows Update
17-02-2014 13:10:35 Windows Defender Checkpoint
18-02-2014 15:17:36 Windows Update
18-02-2014 16:53:39 Windows Defender Checkpoint
20-02-2014 19:51:34 Scheduled Checkpoint
21-02-2014 06:35:43 Windows Update
21-02-2014 14:08:42 Windows Defender Checkpoint
25-02-2014 05:55:36 Windows Update
28-02-2014 12:35:47 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BDF0EF8-FD66-47D7-BBEA-539F19145A87} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {0C87AAC8-140E-4D10-AD91-42473CE07809} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - {152482dc-57c4-42c7-8f63-ad9282334850} => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {1E040E26-5FFB-4030-86B4-BE13A7D2C348} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - jtkiger => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {334CA480-7AC5-41FC-AFC5-BCEDF8CE73C4} - System32\Tasks\Security Center Update - 1765193067 => C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe [2014-02-19] () <==== ATTENTION
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5F6ACB95-D5F9-451A-82F3-32711E201735} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {61FF1E69-533B-466E-AC77-5B6BF3D0595D} - System32\Tasks\Security Center Update - 1293679475 => C:\Users\Jack\AppData\Roaming\Obywsya\utdioce.exe [2014-01-29] (Cloud Company) <==== ATTENTION
Task: {83954D37-78C8-406B-B419-1E40BF70A950} - System32\Tasks\Security Center Update - 2793911936 => C:\Users\Jack\AppData\Roaming\Amadbur\errapou.exe [2014-01-18] (Cloud Company) <==== ATTENTION
Task: {A38E97F5-62BC-4BEB-A078-0543428A502E} - System32\Tasks\Security Center Update - 2258981729 => C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe [2014-01-19] () <==== ATTENTION
Task: {AE3E12A7-D191-4233-85DF-DF6678F5EE0E} - System32\Tasks\Security Center Update - 1187788997 => C:\Users\Jack\AppData\Roaming\Owabza\okhyr.exe [2014-02-06] () <==== ATTENTION
Task: {CC894ABA-C9A6-4DD2-9099-582D051B0CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {D5709172-7D5B-4BF7-93F5-CF4C5A49F63D} - System32\Tasks\Security Center Update - 4146715376 => C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe [2014-01-21] () <==== ATTENTION
Task: {F88B28C4-25A2-4FE9-893F-FC8E673FD798} - System32\Tasks\Security Center Update - 1192784356 => C:\Users\Jack\AppData\Roaming\Idsuceol\micae.exe [2014-01-18] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Security Center Update - 1187788997.job => C:\Users\Jack\AppData\Roaming\Owabza\okhyr.exe
Task: C:\Windows\Tasks\Security Center Update - 1192784356.job => C:\Users\Jack\AppData\Roaming\Idsuceol\micae.exe
Task: C:\Windows\Tasks\Security Center Update - 1293679475.job => C:\Users\Jack\AppData\Roaming\Obywsya\utdioce.exe
Task: C:\Windows\Tasks\Security Center Update - 1765193067.job => C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe
Task: C:\Windows\Tasks\Security Center Update - 2258981729.job => C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe
Task: C:\Windows\Tasks\Security Center Update - 2793911936.job => C:\Users\Jack\AppData\Roaming\Amadbur\errapou.exe
Task: C:\Windows\Tasks\Security Center Update - 4146715376.job => C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{03806ACC-27AB-479D-9244-B490C44233F8}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-01-08 13:55 - 2008-03-31 12:00 - 00540672 _____ () C:\Program Files\Softex\OmniPass\storeng.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2009-01-08 13:55 - 2008-03-31 12:01 - 00438272 _____ () C:\Program Files\Softex\OmniPass\userdata.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 01101824 _____ () C:\Program Files\Softex\OmniPass\autheng.dll
2009-01-08 13:55 - 2008-03-31 12:12 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-28 09:16 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-01-08 13:55 - 2008-03-31 12:01 - 00061440 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll
2008-10-26 19:12 - 2008-07-07 12:12 - 03235840 _____ () C:\Program Files\SAMSUNG\FW LiveUpdate\LiveUpdate.dat
2009-01-08 13:55 - 2008-03-31 13:28 - 02670592 _____ () C:\Program Files\Softex\OmniPass\scureapp.exe
2014-01-19 13:08 - 2014-01-19 13:08 - 00279672 _____ () C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe
2014-02-19 05:13 - 2014-02-19 05:13 - 00280715 _____ () C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-04 14:38 - 2014-03-04 14:38 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: LIVESRV => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: XCOMM => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDAgent => "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
MSCONFIG\startupreg: BitDefender Antiphishing Helper => "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2014 11:02:46 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0006af93,
process id 0x191c, application start time 0xExplorer.EXE0.

Error: (03/07/2014 10:38:06 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 10:38:06.928]: [00002256]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]

Error: (03/07/2014 10:37:55 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000682dd,
process id 0x870, application start time 0xExplorer.EXE0.

Error: (03/07/2014 10:19:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2014 09:13:11 AM) (Source: Application Hang) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 344c
Start Time: 01cf3a0a4f42f757
Termination Time: 96

Error: (03/07/2014 08:49:05 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 08:49:05.757]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]

Error: (03/07/2014 08:26:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/06/2014 03:14:01 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x001caf93,
process id 0x4fa0, application start time 0xExplorer.EXE0.

Error: (03/06/2014 02:02:02 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000682dd,
process id 0x7c64, application start time 0xExplorer.EXE0.

Error: (03/06/2014 11:33:19 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0006af93,
process id 0x299c, application start time 0xExplorer.EXE0.


System errors:
=============
Error: (03/07/2014 11:06:19 AM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 10:33:57 AM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 10:33:57 AM) (Source: DCOM) (User: )
Description: 2WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/07/2014 10:32:44 AM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 10:32:09 AM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/07/2014 10:19:44 AM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 10:19:43 AM) (Source: DCOM) (User: )
Description: 2WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/07/2014 10:19:29 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (03/07/2014 10:19:29 AM) (Source: Service Control Manager) (User: )
Description: rsyncd1

Error: (03/07/2014 10:19:29 AM) (Source: Service Control Manager) (User: )
Description: WSearch%%2


Microsoft Office Sessions:
=========================
Error: (11/15/2010 08:30:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 586067 seconds with 2160 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-07 11:15:17.478
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:15:16.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:15:16.576
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:15:16.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:09:38.518
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:09:37.888
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:09:37.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:09:36.527
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:09:35.797
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 11:09:34.936
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 71%
Total physical RAM: 3070.39 MB
Available physical RAM: 887.1 MB
Total Pagefile: 6371.29 MB
Available Pagefile: 3581.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:151.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP OJ8600) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 6BAFA7C5)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
 



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 07 March 2014 - 11:44 AM

Well that's quite an impressive malware collection..


Step 1

Please download this attached Attached File  fixlist.txt   12.74KB   12 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow a reboot if requested.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#6 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 07 March 2014 - 01:59 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014
Ran by Jack (administrator) on JACK-PC on 07-03-2014 13:55:52
Running from C:\Users\Jack\Desktop
Microsoft® Windows Vista™ Business  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
( ) C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
() C:\Program Files\Softex\OmniPass\scureapp.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe
() C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe
() C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4706304 2007-11-23] (Realtek Semiconductor)
HKLM\...\Run: [Name of App] - C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe [675935 2008-07-07] ( )
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [OmniPass] - C:\Program Files\Softex\OmniPass\scureapp.exe [2670592 2008-03-31] ()
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Exegni] - C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe [282853 2014-03-07] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Sacaapuh] - C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe [280576 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Xoallogivyisduu] - C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe [280715 2014-03-07] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Ohadkeab] - C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe [279672 2014-03-07] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Aligogfacuafpy] - C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe [276992 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Hoivucgeycuzaga] - C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe [276992 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Qoomgaziotqepo] - C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe [277504 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1005\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\jtkiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\lgx9nv7h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S4 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [1179648 2008-12-05] (BitDefender SRL)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2008-03-31] (Softex Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S2 rsyncd; C:\rsyncd\cygrunsrv.exe [43008 2009-01-16] ()
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [151552 2008-11-21] (S.C. BitDefender S.R.L)
S4 XCOMM; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [86016 2007-11-27] (BitDefender)
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]

==================== Drivers (Whitelisted) ====================

R3 DM9102; C:\Windows\System32\DRIVERS\DM9PCI5.SYS [33207 2001-07-25] (CNet Technology, Inc.                                                    )
S3 FLMckUsb; C:\Windows\System32\DRIVERS\ATTchDrv.sys [88192 2007-11-17] (AuthenTec, Inc.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2014-03-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Profos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [12800 2007-07-12] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 13:50 - 2014-03-07 13:50 - 00065536 ___HT () C:\Users\Jack\~archive.pst.tmp
2014-03-07 13:47 - 2014-03-07 13:47 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybsigu
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xyectofo
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Senagius
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ivofibo
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iquvdos
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Gyugytb
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Akriogg
2014-03-07 13:39 - 2014-03-07 13:46 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 2766217317.job
2014-03-07 13:39 - 2014-03-07 13:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Wyypcake
2014-03-07 11:16 - 2014-03-07 11:19 - 00030968 _____ () C:\Users\Jack\Desktop\Addition.txt
2014-03-07 11:07 - 2014-03-07 13:56 - 00012956 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-07 11:06 - 2014-03-07 13:55 - 00000000 ____D () C:\FRST
2014-03-07 11:04 - 2014-03-07 11:04 - 01145344 _____ (Farbar) C:\Users\Jack\Desktop\FRST.exe
2014-03-07 10:26 - 2014-03-07 10:35 - 00002021 _____ () C:\Users\Jack\Desktop\attach.txt
2014-03-07 10:23 - 2014-03-07 10:23 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-03-07 09:46 - 2014-03-07 09:46 - 00448512 _____ (OldTimer Tools) C:\Users\Jack\Downloads\TFC.exe
2014-03-06 09:09 - 2014-03-06 09:09 - 00003735 _____ () C:\Users\Jack\Desktop\esetscan.txt
2014-03-05 16:01 - 2014-03-05 16:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-05 16:00 - 2014-03-05 16:00 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:10 - 2014-03-05 15:10 - 00001054 _____ () C:\Users\Jack\Desktop\AdwCleaner[S1].txt
2014-03-05 14:52 - 2014-03-05 14:52 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT(1).exe
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT.exe
2014-03-05 13:04 - 2014-03-05 14:30 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:04 - 2014-03-05 13:04 - 01244192 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-03-04 14:45 - 2014-03-04 14:45 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 13:52 - 2014-03-04 13:52 - 00000000 ____D () C:\Users\Jack\AppData\Local\Macromedia
2014-02-25 14:30 - 2014-03-07 13:39 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job
2014-02-14 10:32 - 2014-03-07 12:30 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-02-14 08:44 - 2014-02-14 08:44 - 00000000 _____ () C:\Users\Jack\AppData\Roaming\SharedSettings.ccs
2014-02-06 10:52 - 2014-02-21 13:53 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-03-07 13:56 - 2014-03-07 11:07 - 00012956 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-07 13:55 - 2014-03-07 11:06 - 00000000 ____D () C:\FRST
2014-03-07 13:55 - 2008-11-11 15:41 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{03806ACC-27AB-479D-9244-B490C44233F8}.job
2014-03-07 13:55 - 2008-10-27 12:02 - 00000434 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job
2014-03-07 13:52 - 2013-09-11 14:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-07 13:51 - 2008-08-25 07:50 - 166355968 _____ () C:\Users\Jack\archive.pst
2014-03-07 13:51 - 2008-01-20 20:39 - 01139311 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 13:50 - 2014-03-07 13:50 - 00065536 ___HT () C:\Users\Jack\~archive.pst.tmp
2014-03-07 13:50 - 2014-01-15 14:00 - 00000000 ____D () C:\Users\Jack
2014-03-07 13:47 - 2014-03-07 13:47 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-03-07 13:46 - 2014-03-07 13:39 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 2766217317.job
2014-03-07 13:46 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 13:46 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 13:46 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 13:45 - 2006-11-02 08:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybsigu
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xyectofo
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Senagius
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ivofibo
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iquvdos
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Gyugytb
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Akriogg
2014-03-07 13:39 - 2014-03-07 13:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Wyypcake
2014-03-07 13:39 - 2014-02-25 14:30 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job
2014-03-07 12:30 - 2014-02-14 10:32 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-03-07 11:19 - 2014-03-07 11:16 - 00030968 _____ () C:\Users\Jack\Desktop\Addition.txt
2014-03-07 11:04 - 2014-03-07 11:04 - 01145344 _____ (Farbar) C:\Users\Jack\Desktop\FRST.exe
2014-03-07 10:35 - 2014-03-07 10:26 - 00002021 _____ () C:\Users\Jack\Desktop\attach.txt
2014-03-07 10:23 - 2014-03-07 10:23 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-03-07 09:46 - 2014-03-07 09:46 - 00448512 _____ (OldTimer Tools) C:\Users\Jack\Downloads\TFC.exe
2014-03-07 08:31 - 2006-11-02 05:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 09:09 - 2014-03-06 09:09 - 00003735 _____ () C:\Users\Jack\Desktop\esetscan.txt
2014-03-05 16:01 - 2014-03-05 16:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-05 16:00 - 2014-03-05 16:00 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:15 - 2006-11-02 08:00 - 00059200 _____ () C:\Windows\PFRO.log
2014-03-05 15:10 - 2014-03-05 15:10 - 00001054 _____ () C:\Users\Jack\Desktop\AdwCleaner[S1].txt
2014-03-05 14:52 - 2014-03-05 14:52 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT(1).exe
2014-03-05 14:30 - 2014-03-05 13:04 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT.exe
2014-03-05 13:04 - 2014-03-05 13:04 - 01244192 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-03-04 15:03 - 2012-06-26 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 14:45 - 2014-03-04 14:45 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 13:52 - 2014-03-04 13:52 - 00000000 ____D () C:\Users\Jack\AppData\Local\Macromedia
2014-02-28 15:00 - 2014-01-17 12:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\HpUpdate
2014-02-24 11:40 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\SchCache
2014-02-24 10:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-21 13:53 - 2014-02-06 10:52 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-02-21 13:53 - 2013-09-11 14:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:53 - 2012-04-05 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 11:29 - 2014-01-30 11:39 - 00000382 _____ () C:\Users\Jack\AppData\Roaming\SamsungLiveUpdateConfig.ini
2014-02-19 11:29 - 2010-12-06 09:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-14 08:44 - 2014-02-14 08:44 - 00000000 _____ () C:\Users\Jack\AppData\Roaming\SharedSettings.ccs
2014-02-14 08:35 - 2014-01-16 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 08:32 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-05 16:23 - 2006-11-02 07:52 - 00031958 _____ () C:\Windows\setupact.log

Some content of TEMP:
====================
C:\Users\Jack\AppData\Local\Temp\UpdateFlashPlayer_269b1cf5.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-07 13:54

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014
Ran by Jack at 2014-03-07 13:56:36
Running from C:\Users\Jack\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (HKLM\...\{52581E8C-F0AE-44CD-84A7-CF0945B2628C}) (Version: 7.10.0.1129 - AuthenTec)
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitDefender Antivirus 2008 (HKLM\...\{C6E8173D-40EE-4998-B659-CA19F1F278BA}) (Version: 11.0.17 - BitDefender)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bovada Casino  (HKLM\...\Bovada Casino) (Version:  - Bovada)
Brother MFL-Pro Suite MFC-7860DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FW LiveUpdate (HKLM\...\{11F5D779-7BD9-465A-BBC4-10701386BCB9}) (Version: 2.0.2.2 - SAMSUNG)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5657 (Version: 5.01.13 - Softex Inc.) Hidden
Inst565a (Version: 5.01.13 - Softex Inc.) Hidden
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
LightScribe System Software  1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - http://www.lightscribe.com)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}) (Version: 2.6.0.35 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{7BAA9BA8-0761-42EF-842A-23FAA5321033}) (Version: 7.03.0976 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OmniPass 5.01.13 (HKLM\...\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}) (Version: 5.01.13 - Softex Inc.)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
QuickBooks Premier: Contractor Edition 2008 (HKLM\...\{8ECB8220-F426-4BEB-9596-97033C533702}) (Version: 18.0.4008.606 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5519 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C73F2967-062E-48F2-A462-D335B8950183}) (Version: 5.33.20.27 - Apple Inc.)
Scansoft PDF Professional (Version:  - ) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User State Migration Tools version 3.0.1 (HKLM\...\{EACB261C-5C4D-4CB4-B8CC-0EF998C5B3E8}) (Version: 3.0.1 - Microsoft Corporation)
ViewChoice (HKLM\...\{48312CB9-F5D5-4E4B-8D5D-34AEF45DAE1F}) (Version: 1.0.0 - Default Company Name)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{492F8345-095D-467F-926C-278870D93ECF}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

24-01-2014 12:32:44 Windows Update
27-01-2014 12:53:04 Scheduled Checkpoint
28-01-2014 12:51:27 Windows Update
30-01-2014 18:40:02 Scheduled Checkpoint
31-01-2014 06:42:27 Windows Update
03-02-2014 14:10:25 Scheduled Checkpoint
04-02-2014 05:00:00 Scheduled Checkpoint
04-02-2014 06:16:36 Windows Update
06-02-2014 16:58:14 Scheduled Checkpoint
07-02-2014 12:42:18 Windows Update
10-02-2014 16:10:38 Scheduled Checkpoint
11-02-2014 12:48:29 Windows Update
14-02-2014 13:31:40 Windows Update
14-02-2014 13:35:10 Windows Update
17-02-2014 13:10:35 Windows Defender Checkpoint
18-02-2014 15:17:36 Windows Update
18-02-2014 16:53:39 Windows Defender Checkpoint
20-02-2014 19:51:34 Scheduled Checkpoint
21-02-2014 06:35:43 Windows Update
21-02-2014 14:08:42 Windows Defender Checkpoint
25-02-2014 05:55:36 Windows Update
28-02-2014 12:35:47 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BDF0EF8-FD66-47D7-BBEA-539F19145A87} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {0C87AAC8-140E-4D10-AD91-42473CE07809} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - {152482dc-57c4-42c7-8f63-ad9282334850} => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {1E040E26-5FFB-4030-86B4-BE13A7D2C348} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - jtkiger => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5F6ACB95-D5F9-451A-82F3-32711E201735} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {68077DBF-84BD-4701-AF8D-CF8A6DF6E5ED} - System32\Tasks\Security Center Update - 2766217317 => C:\Users\Jack\AppData\Roaming\Wyypcake\xiyqv.exe [2014-02-23] () <==== ATTENTION
Task: {CC894ABA-C9A6-4DD2-9099-582D051B0CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Security Center Update - 2766217317.job => C:\Users\Jack\AppData\Roaming\Wyypcake\xiyqv.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{03806ACC-27AB-479D-9244-B490C44233F8}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-01-08 13:55 - 2008-03-31 12:00 - 00540672 _____ () C:\Program Files\Softex\OmniPass\storeng.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2009-01-08 13:55 - 2008-03-31 12:01 - 00438272 _____ () C:\Program Files\Softex\OmniPass\userdata.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 01101824 _____ () C:\Program Files\Softex\OmniPass\autheng.dll
2009-01-08 13:55 - 2008-03-31 12:12 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-28 09:16 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-01-08 13:55 - 2008-03-31 12:01 - 00061440 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll
2008-10-26 19:12 - 2008-07-07 12:12 - 03235840 _____ () C:\Program Files\SAMSUNG\FW LiveUpdate\LiveUpdate.dat
2009-01-08 13:55 - 2008-03-31 13:28 - 02670592 _____ () C:\Program Files\Softex\OmniPass\scureapp.exe
2014-03-07 13:44 - 2014-03-07 13:44 - 00282853 _____ () C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe
2014-03-07 13:44 - 2014-03-07 13:44 - 00280715 _____ () C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe
2014-03-07 13:44 - 2014-03-07 13:44 - 00279672 _____ () C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-03-04 14:38 - 2014-03-04 14:38 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: LIVESRV => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: XCOMM => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDAgent => "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
MSCONFIG\startupreg: BitDefender Antiphishing Helper => "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2014 01:48:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2014 01:47:26 PM) (Source: Application Error) (User: )
Description: Faulting application cygrunsrv.exe, version 0.0.0.0, time stamp 0x449671dc, faulting module cygwin1.dll, version 1005.21.0.0, time stamp 0x44c41028, exception code 0xc0000005, fault offset 0x000ede32,
process id 0x97c, application start time 0xcygrunsrv.exe0.

Error: (03/07/2014 00:10:40 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0006af93,
process id 0x4e28, application start time 0xExplorer.EXE0.

Error: (03/07/2014 11:59:17 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 11:59:17.551]: [00002256]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]

Error: (03/07/2014 11:02:46 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0006af93,
process id 0x191c, application start time 0xExplorer.EXE0.

Error: (03/07/2014 10:38:06 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 10:38:06.928]: [00002256]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]

Error: (03/07/2014 10:37:55 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000682dd,
process id 0x870, application start time 0xExplorer.EXE0.

Error: (03/07/2014 10:19:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2014 09:13:11 AM) (Source: Application Hang) (User: )
Description: The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 344c
Start Time: 01cf3a0a4f42f757
Termination Time: 96

Error: (03/07/2014 08:49:05 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 08:49:05.757]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]


System errors:
=============
Error: (03/07/2014 01:50:41 PM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 01:50:41 PM) (Source: DCOM) (User: )
Description: 2WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (03/07/2014 01:49:49 PM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 01:49:41 PM) (Source: DCOM) (User: )
Description: 2WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/07/2014 01:48:10 PM) (Source: Service Control Manager) (User: )
Description: rsyncd1

Error: (03/07/2014 01:48:10 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (03/07/2014 01:48:10 PM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 01:46:33 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (03/07/2014 01:46:18 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description:

Error: (03/07/2014 01:46:13 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (11/15/2010 08:30:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 586067 seconds with 2160 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-07 13:56:26.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:26.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:26.578
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:26.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:12.528
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:12.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:12.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:12.087
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:11.932
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 13:56:11.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 3070.39 MB
Available physical RAM: 1672.67 MB
Total Pagefile: 6377.24 MB
Available Pagefile: 4674.73 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.22 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:151.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP OJ8600) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 6BAFA7C5)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 07 March 2014 - 02:08 PM

Some of them have already recovered. Let's try again. Please also post up the fixlog this time.


Step 1

Please download this attached Attached File  fixlist.txt   3.13KB   15 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button. Allow a reboot if requested.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Start FRST with administator privileges.

  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#8 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 07 March 2014 - 02:23 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-03-2014
Ran by Jack at 2014-03-07 14:13:42 Run:2
Running from C:\Users\Jack\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe
() C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe
() C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe
(Cloud Company) C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Exegni] - C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe [282853 2014-03-07] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Sacaapuh] - C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe [280576 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Xoallogivyisduu] - C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe [280715 2014-03-07] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Ohadkeab] - C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe [279672 2014-03-07] ()
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Aligogfacuafpy] - C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe [276992 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Hoivucgeycuzaga] - C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe [276992 2014-03-07] (Cloud Company)
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\...\Run: [Qoomgaziotqepo] - C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe [277504 2014-03-07] (Cloud Company)
2014-03-07 13:47 - 2014-03-07 13:47 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ybsigu
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Xyectofo
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Senagius
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Ivofibo
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Iquvdos
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Gyugytb
2014-03-07 13:44 - 2014-03-07 13:44 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Akriogg
2014-03-07 13:39 - 2014-03-07 13:46 - 00000798 _____ () C:\Windows\Tasks\Security Center Update - 2766217317.job
2014-03-07 13:39 - 2014-03-07 13:39 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\Wyypcake
Task: {68077DBF-84BD-4701-AF8D-CF8A6DF6E5ED} - System32\Tasks\Security Center Update - 2766217317 => C:\Users\Jack\AppData\Roaming\Wyypcake\xiyqv.exe [2014-02-23] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Security Center Update - 2766217317.job => C:\Users\Jack\AppData\Roaming\Wyypcake\xiyqv.exe
C:\Users\Jack\AppData\Local\Temp\*.exe
CMD: dir /a:d/b "C:\Users\Jack\AppData\Roaming"
CMD: dir /a/b "C:\Users\Jack\AppData\Local\*.exe"
CMD: dir /a/b "C:\Windows\Tasks\Security Center Update*.job"
CMD: dir /a/b "C:\windows\System32\Tasks\Security Center Update*"
Reboot:
*****************

[456] C:\Users\Jack\AppData\Roaming\Akriogg\zezeqo.exe => Process closed successfully.
[2164] C:\Users\Jack\AppData\Roaming\Senagius\acizimi.exe => Process closed successfully.
[2184] C:\Users\Jack\AppData\Roaming\Gyugytb\epfaykq.exe => Process closed successfully.
[2220] C:\Users\Jack\AppData\Roaming\Ybsigu\ukahyns.exe => Process closed successfully.
[2240] C:\Users\Jack\AppData\Roaming\Ivofibo\ifteu.exe => Process closed successfully.
[2236] C:\Users\Jack\AppData\Roaming\Iquvdos\uhsiov.exe => Process closed successfully.
[2348] C:\Users\Jack\AppData\Roaming\Xyectofo\xaixafx.exe => Process closed successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Exegni => Value deleted successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Sacaapuh => Value deleted successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Xoallogivyisduu => Value deleted successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Ohadkeab => Value deleted successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Aligogfacuafpy => Value deleted successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Hoivucgeycuzaga => Value deleted successfully.
HKU\S-1-5-21-1081067578-3157015403-4240007424-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Qoomgaziotqepo => Value deleted successfully.
C:\Windows\system32\cygrunsrv.exe.stackdump => Moved successfully.
C:\Users\Jack\AppData\Roaming\Ybsigu => Moved successfully.
C:\Users\Jack\AppData\Roaming\Xyectofo => Moved successfully.
C:\Users\Jack\AppData\Roaming\Senagius => Moved successfully.
C:\Users\Jack\AppData\Roaming\Ivofibo => Moved successfully.
C:\Users\Jack\AppData\Roaming\Iquvdos => Moved successfully.
C:\Users\Jack\AppData\Roaming\Gyugytb => Moved successfully.
C:\Users\Jack\AppData\Roaming\Akriogg => Moved successfully.
C:\Windows\Tasks\Security Center Update - 2766217317.job => Moved successfully.
C:\Users\Jack\AppData\Roaming\Wyypcake => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68077DBF-84BD-4701-AF8D-CF8A6DF6E5ED} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68077DBF-84BD-4701-AF8D-CF8A6DF6E5ED} => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2766217317 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2766217317 => Key deleted successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\Security Center Update - 2766217317.job not found.
C:\Users\Jack\AppData\Local\Temp\*.exe => Moved successfully.

=========  dir /a:d/b "C:\Users\Jack\AppData\Roaming" =========

Adobe
Ahead
Apple Computer
Bitdefender
ControlCenter4
HpUpdate
Identities
Logitech
Macromedia
Microsoft
Mozilla

========= End of CMD: =========


=========  dir /a/b "C:\Users\Jack\AppData\Local\*.exe" =========

File Not Found

========= End of CMD: =========


=========  dir /a/b "C:\Windows\Tasks\Security Center Update*.job" =========

File Not Found

========= End of CMD: =========


=========  dir /a/b "C:\windows\System32\Tasks\Security Center Update*" =========

File Not Found

========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog ====


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-03-2014
Ran by Jack (administrator) on JACK-PC on 07-03-2014 14:18:04
Running from C:\Users\Jack\Desktop
Microsoft® Windows Vista™ Business  Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 7
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Softex\OmniPass\OmniServ.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
( ) C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe
() C:\Program Files\Softex\OmniPass\scureapp.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCtrlCntr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Brother Industries, Ltd.) C:\Program Files\ControlCenter4\BrCcUxSys.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4706304 2007-11-23] (Realtek Semiconductor)
HKLM\...\Run: [Name of App] - C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe [675935 2008-07-07] ( )
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [OmniPass] - C:\Program Files\Softex\OmniPass\scureapp.exe [2670592 2008-03-31] ()
HKLM\...\Run: [IndexSearch] - C:\Program Files\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] - C:\Program Files\Nuance\PaperPort\pptd40nt.exe [29984 2010-03-08] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort12reminder] - C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe [328992 2010-02-09] (Nuance Communications, Inc.)
HKLM\...\Run: [PDFHook] - C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [PDF5 Registry Controller] - C:\Program Files\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM\...\Run: [ControlCenter4] - C:\Program Files\ControlCenter4\BrCcBoot.exe [139264 2010-10-26] (Brother Industries, Ltd.)
HKLM\...\Run: [BrStsMon00] - C:\Program Files\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1081067578-3157015403-4240007424-1005\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\jtkiger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll (Bitdefender)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll (Microsoft Corporation)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\lgx9nv7h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.)
S4 LIVESRV; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [1179648 2008-12-05] (BitDefender SRL)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
R2 omniserv; C:\Program Files\Softex\OmniPass\OmniServ.exe [40960 2008-03-31] (Softex Inc.)
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S2 rsyncd; C:\rsyncd\cygrunsrv.exe [43008 2009-01-16] ()
S3 scan; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll [151552 2008-11-21] (S.C. BitDefender S.R.L)
S4 XCOMM; C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe [86016 2007-11-27] (BitDefender)
S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]

==================== Drivers (Whitelisted) ====================

R3 DM9102; C:\Windows\System32\DRIVERS\DM9PCI5.SYS [33207 2001-07-25] (CNet Technology, Inc.                                                    )
S3 FLMckUsb; C:\Windows\System32\DRIVERS\ATTchDrv.sys [88192 2007-11-17] (AuthenTec, Inc.)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-20] (Microsoft Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2014-03-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 Profos; C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [12800 2007-07-12] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-07 14:15 - 2014-03-07 14:16 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-03-07 13:50 - 2014-03-07 13:50 - 00065536 ___HT () C:\Users\Jack\~archive.pst.tmp
2014-03-07 11:16 - 2014-03-07 13:58 - 00028977 _____ () C:\Users\Jack\Desktop\Addition.txt
2014-03-07 11:07 - 2014-03-07 14:18 - 00011370 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-07 11:06 - 2014-03-07 14:18 - 00000000 ____D () C:\FRST
2014-03-07 11:04 - 2014-03-07 11:04 - 01145344 _____ (Farbar) C:\Users\Jack\Desktop\FRST.exe
2014-03-07 10:26 - 2014-03-07 10:35 - 00002021 _____ () C:\Users\Jack\Desktop\attach.txt
2014-03-07 10:23 - 2014-03-07 10:23 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-03-07 09:46 - 2014-03-07 09:46 - 00448512 _____ (OldTimer Tools) C:\Users\Jack\Downloads\TFC.exe
2014-03-06 09:09 - 2014-03-06 09:09 - 00003735 _____ () C:\Users\Jack\Desktop\esetscan.txt
2014-03-05 16:01 - 2014-03-05 16:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-05 16:00 - 2014-03-05 16:00 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:10 - 2014-03-05 15:10 - 00001054 _____ () C:\Users\Jack\Desktop\AdwCleaner[S1].txt
2014-03-05 14:52 - 2014-03-05 14:52 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT(1).exe
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT.exe
2014-03-05 13:04 - 2014-03-05 14:30 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:04 - 2014-03-05 13:04 - 01244192 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-03-04 14:45 - 2014-03-04 14:45 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 13:52 - 2014-03-04 13:52 - 00000000 ____D () C:\Users\Jack\AppData\Local\Macromedia
2014-02-25 14:30 - 2014-03-07 13:39 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job
2014-02-14 10:32 - 2014-03-07 14:01 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-02-14 08:44 - 2014-02-14 08:44 - 00000000 _____ () C:\Users\Jack\AppData\Roaming\SharedSettings.ccs
2014-02-06 10:52 - 2014-02-21 13:53 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe

==================== One Month Modified Files and Folders =======

2014-03-07 14:18 - 2014-03-07 11:07 - 00011370 _____ () C:\Users\Jack\Desktop\FRST.txt
2014-03-07 14:18 - 2014-03-07 11:06 - 00000000 ____D () C:\FRST
2014-03-07 14:16 - 2014-03-07 14:15 - 00001035 _____ () C:\Windows\system32\cygrunsrv.exe.stackdump
2014-03-07 14:15 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-07 14:15 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-07 14:15 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-07 14:14 - 2008-01-20 20:39 - 01140784 _____ () C:\Windows\WindowsUpdate.log
2014-03-07 14:14 - 2006-11-02 08:01 - 00032582 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-07 14:11 - 2008-08-25 07:50 - 166355968 _____ () C:\Users\Jack\archive.pst
2014-03-07 14:10 - 2008-11-11 15:41 - 00000422 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{03806ACC-27AB-479D-9244-B490C44233F8}.job
2014-03-07 14:10 - 2008-10-27 12:02 - 00000434 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job
2014-03-07 14:01 - 2014-02-14 10:32 - 00000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2014-03-07 13:58 - 2014-03-07 11:16 - 00028977 _____ () C:\Users\Jack\Desktop\Addition.txt
2014-03-07 13:50 - 2014-03-07 13:50 - 00065536 ___HT () C:\Users\Jack\~archive.pst.tmp
2014-03-07 13:50 - 2014-01-15 14:00 - 00000000 ____D () C:\Users\Jack
2014-03-07 13:39 - 2014-02-25 14:30 - 00000416 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job
2014-03-07 11:04 - 2014-03-07 11:04 - 01145344 _____ (Farbar) C:\Users\Jack\Desktop\FRST.exe
2014-03-07 10:35 - 2014-03-07 10:26 - 00002021 _____ () C:\Users\Jack\Desktop\attach.txt
2014-03-07 10:23 - 2014-03-07 10:23 - 00688992 ____R (Swearware) C:\Users\Jack\Desktop\dds.com
2014-03-07 09:46 - 2014-03-07 09:46 - 00448512 _____ (OldTimer Tools) C:\Users\Jack\Downloads\TFC.exe
2014-03-07 08:31 - 2006-11-02 05:33 - 00707392 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 09:09 - 2014-03-06 09:09 - 00003735 _____ () C:\Users\Jack\Desktop\esetscan.txt
2014-03-05 16:01 - 2014-03-05 16:01 - 00000000 ____D () C:\Program Files\ESET
2014-03-05 16:00 - 2014-03-05 16:00 - 02347384 _____ (ESET) C:\Users\Jack\Downloads\esetsmartinstaller_enu.exe
2014-03-05 15:15 - 2006-11-02 08:00 - 00059200 _____ () C:\Windows\PFRO.log
2014-03-05 15:10 - 2014-03-05 15:10 - 00001054 _____ () C:\Users\Jack\Desktop\AdwCleaner[S1].txt
2014-03-05 14:52 - 2014-03-05 14:52 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT(1).exe
2014-03-05 14:30 - 2014-03-05 13:04 - 00000000 ____D () C:\AdwCleaner
2014-03-05 13:13 - 2014-03-05 13:13 - 01037734 _____ (Thisisu) C:\Users\Jack\Downloads\JRT.exe
2014-03-05 13:04 - 2014-03-05 13:04 - 01244192 _____ () C:\Users\Jack\Downloads\AdwCleaner.exe
2014-03-04 15:03 - 2012-06-26 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-04 14:45 - 2014-03-04 14:45 - 00031560 _____ () C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-04 14:38 - 2014-03-04 14:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-03-04 13:52 - 2014-03-04 13:52 - 00000000 ____D () C:\Users\Jack\AppData\Local\Macromedia
2014-02-28 15:00 - 2014-01-17 12:31 - 00000000 ____D () C:\Users\Jack\AppData\Roaming\HpUpdate
2014-02-24 11:40 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\SchCache
2014-02-24 10:59 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-21 13:53 - 2014-02-06 10:52 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2014-02-21 13:53 - 2013-09-11 14:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 13:53 - 2012-04-05 12:04 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 11:29 - 2014-01-30 11:39 - 00000382 _____ () C:\Users\Jack\AppData\Roaming\SamsungLiveUpdateConfig.ini
2014-02-19 11:29 - 2010-12-06 09:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-14 08:44 - 2014-02-14 08:44 - 00000000 _____ () C:\Users\Jack\AppData\Roaming\SharedSettings.ccs
2014-02-14 08:35 - 2014-01-16 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 08:32 - 2006-11-02 05:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-05 16:23 - 2006-11-02 07:52 - 00031958 _____ () C:\Windows\setupact.log

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-07 13:54

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-03-2014
Ran by Jack at 2014-03-07 14:19:16
Running from C:\Users\Jack\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden
Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec Fingerprint Sensor Minimum Install (HKLM\...\{52581E8C-F0AE-44CD-84A7-CF0945B2628C}) (Version: 7.10.0.1129 - AuthenTec)
Bing Bar (HKLM\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitDefender Antivirus 2008 (HKLM\...\{C6E8173D-40EE-4998-B659-CA19F1F278BA}) (Version: 11.0.17 - BitDefender)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bovada Casino  (HKLM\...\Bovada Casino) (Version:  - Bovada)
Brother MFL-Pro Suite MFC-7860DW (HKLM\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.0.0.0 - Brother Industries, Ltd.)
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Citrix Online Launcher (HKLM\...\{75C7BFBC-5FA8-47C9-9E6C-AD1954F63A53}) (Version: 1.0.109 - Citrix)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
FW LiveUpdate (HKLM\...\{11F5D779-7BD9-465A-BBC4-10701386BCB9}) (Version: 2.0.2.2 - SAMSUNG)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{9C55C629-6C4F-48A9-8840-C897DF6187ED}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM\...\{B6F5C6D8-C443-4B55-932F-AE11B5743FC4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{669B49D6-BCA8-4F7C-9248-CE5677750285}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Inst5657 (Version: 5.01.13 - Softex Inc.) Hidden
Inst565a (Version: 5.01.13 - Softex Inc.) Hidden
iTunes (HKLM\...\{2A697B53-0DE3-42DA-B41D-C3F804B1C538}) (Version: 10.2.1.1 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
LightScribe System Software  1.12.29.2 (HKLM\...\{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}) (Version: 1.12.29.2 - http://www.lightscribe.com)
Logitech SetPoint (HKLM\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 2.0.181.2 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}) (Version: 2.6.0.35 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{7BAA9BA8-0761-42EF-842A-23FAA5321033}) (Version: 7.03.0976 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OmniPass 5.01.13 (HKLM\...\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}) (Version: 5.01.13 - Softex Inc.)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
QuickBooks Premier: Contractor Edition 2008 (HKLM\...\{8ECB8220-F426-4BEB-9596-97033C533702}) (Version: 18.0.4008.606 - Intuit Inc.)
QuickTime (HKLM\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5519 - Realtek Semiconductor Corp.)
Safari (HKLM\...\{C73F2967-062E-48F2-A462-D335B8950183}) (Version: 5.33.20.27 - Apple Inc.)
Scansoft PDF Professional (Version:  - ) Hidden
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{128A5449-CF71-4DA4-A746-F49E3B5DB584}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
User State Migration Tools version 3.0.1 (HKLM\...\{EACB261C-5C4D-4CB4-B8CC-0EF998C5B3E8}) (Version: 3.0.1 - Microsoft Corporation)
ViewChoice (HKLM\...\{48312CB9-F5D5-4E4B-8D5D-34AEF45DAE1F}) (Version: 1.0.0 - Default Company Name)
Windows Small Business Server 2008 ClientAgent (HKLM\...\{492F8345-095D-467F-926C-278870D93ECF}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 Desktop Links Gadget (HKLM\...\{DB6C2AC7-4D4C-493A-B5E8-4B1E685C277F}) (Version: 6.0.5601.0 - Microsoft Corporation)
Windows Small Business Server 2008 WMI Provider (Version: 6.0.5601.0 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

24-01-2014 12:32:44 Windows Update
27-01-2014 12:53:04 Scheduled Checkpoint
28-01-2014 12:51:27 Windows Update
30-01-2014 18:40:02 Scheduled Checkpoint
31-01-2014 06:42:27 Windows Update
03-02-2014 14:10:25 Scheduled Checkpoint
04-02-2014 05:00:00 Scheduled Checkpoint
04-02-2014 06:16:36 Windows Update
06-02-2014 16:58:14 Scheduled Checkpoint
07-02-2014 12:42:18 Windows Update
10-02-2014 16:10:38 Scheduled Checkpoint
11-02-2014 12:48:29 Windows Update
14-02-2014 13:31:40 Windows Update
14-02-2014 13:35:10 Windows Update
17-02-2014 13:10:35 Windows Defender Checkpoint
18-02-2014 15:17:36 Windows Update
18-02-2014 16:53:39 Windows Defender Checkpoint
20-02-2014 19:51:34 Scheduled Checkpoint
21-02-2014 06:35:43 Windows Update
21-02-2014 14:08:42 Windows Defender Checkpoint
25-02-2014 05:55:36 Windows Update
28-02-2014 12:35:47 Windows Update

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0BDF0EF8-FD66-47D7-BBEA-539F19145A87} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09] (Hewlett-Packard Co.)
Task: {0C87AAC8-140E-4D10-AD91-42473CE07809} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - {152482dc-57c4-42c7-8f63-ad9282334850} => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {155723BA-60E2-4354-93AF-84EAC8D3C2D8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {1E040E26-5FFB-4030-86B4-BE13A7D2C348} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - jtkiger => C:\Program Files\Windows Calendar\WinCal.exe [2008-01-20] (Microsoft Corporation)
Task: {22E1772E-7DFE-4C5F-841F-1C93FD5D82A4} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {2DE18FE4-6467-484F-8431-206702EC5546} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {2E5B7D97-F14C-4CFF-864E-620AABA892D1} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {4D72741E-769C-45DB-8604-CB8EBDADAA29} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {5F6ACB95-D5F9-451A-82F3-32711E201735} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CC894ABA-C9A6-4DD2-9099-582D051B0CC9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\User_Feed_Synchronization-{02C3DF28-36E8-4716-B96E-B8CF0CE0096D}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{03806ACC-27AB-479D-9244-B490C44233F8}.job => C:\Windows\system32\msfeedssync.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{7D0A9B2B-A02A-4A6B-9DF0-B9E3EEF4E5BB}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-01-08 13:55 - 2008-03-31 12:00 - 00540672 _____ () C:\Program Files\Softex\OmniPass\storeng.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll
2009-01-08 13:55 - 2008-03-31 12:01 - 00438272 _____ () C:\Program Files\Softex\OmniPass\userdata.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 01101824 _____ () C:\Program Files\Softex\OmniPass\autheng.dll
2009-01-08 13:55 - 2008-03-31 12:12 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-28 09:16 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2009-01-08 13:55 - 2008-03-31 12:01 - 00061440 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll
2009-01-08 13:55 - 2008-03-31 12:00 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll
2008-10-26 19:12 - 2008-07-07 12:12 - 03235840 _____ () C:\Program Files\SAMSUNG\FW LiveUpdate\LiveUpdate.dat
2009-01-08 13:55 - 2008-03-31 13:28 - 02670592 _____ () C:\Program Files\Softex\OmniPass\scureapp.exe
2014-03-04 14:38 - 2014-03-04 14:38 - 03578992 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: LIVESRV => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: XCOMM => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BDAgent => "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
MSCONFIG\startupreg: BitDefender Antiphishing Helper => "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/07/2014 02:16:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2014 02:14:03 PM) (Source: Application Error) (User: )
Description: Faulting application OmniServ.exe, version 5.0.0.1, time stamp 0x47f11a56, faulting module ntdll.dll, version 6.0.6001.18538, time stamp 0x4cb733dc, exception code 0xc0000005, fault offset 0x0003ccaf,
process id 0x3c0, application start time 0xOmniServ.exe0.

Error: (03/07/2014 02:11:50 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000682dd,
process id 0xac0, application start time 0xExplorer.EXE0.

Error: (03/07/2014 01:48:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/07/2014 01:47:26 PM) (Source: Application Error) (User: )
Description: Faulting application cygrunsrv.exe, version 0.0.0.0, time stamp 0x449671dc, faulting module cygwin1.dll, version 1005.21.0.0, time stamp 0x44c41028, exception code 0xc0000005, fault offset 0x000ede32,
process id 0x97c, application start time 0xcygrunsrv.exe0.

Error: (03/07/2014 00:10:40 PM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0006af93,
process id 0x4e28, application start time 0xExplorer.EXE0.

Error: (03/07/2014 11:59:17 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 11:59:17.551]: [00002256]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]

Error: (03/07/2014 11:02:46 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0006af93,
process id 0x191c, application start time 0xExplorer.EXE0.

Error: (03/07/2014 10:38:06 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/03/07 10:38:06.928]: [00002256]: SendSKeySettingToDevice:: Snmp Load Error[0] To[10.0.8.111]

Error: (03/07/2014 10:37:55 AM) (Source: Application Error) (User: )
Description: Faulting application Explorer.EXE, version 6.0.6001.18164, time stamp 0x4907e242, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x000682dd,
process id 0x870, application start time 0xExplorer.EXE0.


System errors:
=============
Error: (03/07/2014 02:18:42 PM) (Source: Schannel) (User: )
Description: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

Error: (03/07/2014 02:16:44 PM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 02:16:44 PM) (Source: Service Control Manager) (User: )
Description: rsyncd1

Error: (03/07/2014 02:16:44 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (03/07/2014 02:16:44 PM) (Source: Service Control Manager) (User: )
Description: WSearch%%2

Error: (03/07/2014 02:16:12 PM) (Source: DCOM) (User: )
Description: 2WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (03/07/2014 02:15:06 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueKerberos

Error: (03/07/2014 02:14:50 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description:

Error: (03/07/2014 02:14:47 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.

Error: (03/07/2014 02:14:47 PM) (Source: disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk0\DR0.


Microsoft Office Sessions:
=========================
Error: (11/15/2010 08:30:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 586067 seconds with 2160 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-03-07 14:19:04.602
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:19:04.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:19:04.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:19:04.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:18:47.977
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:18:47.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:18:47.737
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:18:47.586
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:18:47.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-07 14:18:47.289
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 3070.39 MB
Available physical RAM: 1404.58 MB
Total Pagefile: 6345.28 MB
Available Pagefile: 4385.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:151.06 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (HP OJ8600) (CDROM) (Total:0.33 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: 6BAFA7C5)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 07 March 2014 - 02:44 PM

Ok. How is your computer running now?

 

 

  • Start Malwarebytes Anti-Malware with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

Edited by aharonov, 07 March 2014 - 02:44 PM.


#10 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 10 March 2014 - 09:13 AM

Seems to be running better now.  Thanks so much for your help!!!

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.10.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
Jack :: JACK-PC [administrator]

3/10/2014 7:51:14 AM
mbam-log-2014-03-10 (07-51-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 319813
Time elapsed: 45 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 10 March 2014 - 09:19 AM

I don't see a running anti-virus program on your computer. I highly recommend that you download and install one anti-virus software now (e.g. avast or MSE).

After successful installation run a full scan with this program and post the log file.



#12 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 11 March 2014 - 07:27 AM

Hi Aharono,  I just had 20 screens popup identical to the thumbnail that I attached in the first post.  They stayed for about 30 seconds and then disappeared.

 

I will download the antivirus software now.  Thanks again for your help!



#13 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 12 March 2014 - 07:34 AM

I downloaded AVAST:

Attached File  avas.JPG   69.86KB   0 downloads

 

There is another log that shows about 20 items that were put in the "chest".  I am unsure how to post the log.

 



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:32 PM

Posted 12 March 2014 - 07:48 AM

Ok, please run the following scan:


Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#15 Shooshy

Shooshy
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:02:32 PM

Posted 12 March 2014 - 08:19 AM

09:11:31.0527 0x021c  TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
09:11:38.0134 0x021c  ============================================================
09:11:38.0134 0x021c  Current date / time: 2014/03/12 09:11:38.0134
09:11:38.0134 0x021c  SystemInfo:
09:11:38.0134 0x021c  
09:11:38.0134 0x021c  OS Version: 6.0.6001 ServicePack: 1.0
09:11:38.0134 0x021c  Product type: Workstation
09:11:38.0134 0x021c  ComputerName: JACK-PC
09:11:38.0135 0x021c  UserName: Jack
09:11:38.0135 0x021c  Windows directory: C:\Windows
09:11:38.0135 0x021c  System windows directory: C:\Windows
09:11:38.0135 0x021c  Processor architecture: Intel x86
09:11:38.0135 0x021c  Number of processors: 2
09:11:38.0135 0x021c  Page size: 0x1000
09:11:38.0135 0x021c  Boot type: Normal boot
09:11:38.0135 0x021c  ============================================================
09:11:40.0399 0x021c  KLMD registered as C:\Windows\system32\drivers\23708474.sys
09:11:40.0728 0x021c  System UUID: {2123C62F-1F06-3D72-02FA-C540CC8D4EBC}
09:11:41.0958 0x021c  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:11:42.0013 0x021c  ============================================================
09:11:42.0013 0x021c  \Device\Harddisk0\DR0:
09:11:42.0014 0x021c  MBR partitions:
09:11:42.0014 0x021c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
09:11:42.0014 0x021c  ============================================================
09:11:42.0095 0x021c  C: <-> \Device\Harddisk0\DR0\Partition1
09:11:42.0095 0x021c  ============================================================
09:11:42.0095 0x021c  Initialize success
09:11:42.0095 0x021c  ============================================================
09:13:32.0308 0x1518  ============================================================
09:13:32.0308 0x1518  Scan started
09:13:32.0308 0x1518  Mode: Manual; SigCheck; TDLFS;
09:13:32.0308 0x1518  ============================================================
09:13:32.0308 0x1518  KSN ping started
09:13:43.0435 0x1518  KSN ping finished: true
09:13:45.0126 0x1518  ================ Scan system memory ========================
09:13:45.0126 0x1518  System memory - ok
09:13:45.0126 0x1518  ================ Scan services =============================
09:13:45.0438 0x1518  [ FCB8C7210F0135E24C6580F7F649C73C, 7E5E3D0B4F4BD418E6CC551850C672E1AF347CBB2E665B6F72638786CE5079C5 ] ACPI            C:\Windows\system32\drivers\acpi.sys
09:13:45.0532 0x1518  ACPI - ok
09:13:45.0720 0x1518  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
09:13:45.0751 0x1518  AdobeARMservice - ok
09:13:45.0813 0x1518  [ F7AB315A4D400CA876381D1E188A2E20, B6019C2E9B6801BB23C530C66D080F47330F48ADB0DD2813D50BE1408865BD91 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:13:45.0845 0x1518  AdobeFlashPlayerUpdateSvc - ok
09:13:45.0907 0x1518  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
09:13:45.0923 0x1518  adp94xx - ok
09:13:46.0017 0x1518  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
09:13:46.0049 0x1518  adpahci - ok
09:13:46.0097 0x1518  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
09:13:46.0128 0x1518  adpu160m - ok
09:13:46.0175 0x1518  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
09:13:46.0190 0x1518  adpu320 - ok
09:13:46.0268 0x1518  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
09:13:46.0472 0x1518  AeLookupSvc - ok
09:13:46.0581 0x1518  [ 48EB99503533C27AC6135648E5474457, 344A83008F41AAC3CDFC52EFC4F2EFF441971C58182597D2FBED315B3FC62137 ] AFD             C:\Windows\system32\drivers\afd.sys
09:13:46.0690 0x1518  AFD - ok
09:13:46.0784 0x1518  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
09:13:46.0800 0x1518  agp440 - ok
09:13:46.0862 0x1518  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
09:13:46.0893 0x1518  aic78xx - ok
09:13:46.0925 0x1518  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
09:13:47.0242 0x1518  ALG - ok
09:13:47.0258 0x1518  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
09:13:47.0273 0x1518  aliide - ok
09:13:47.0320 0x1518  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
09:13:47.0336 0x1518  amdagp - ok
09:13:47.0351 0x1518  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
09:13:47.0367 0x1518  amdide - ok
09:13:47.0398 0x1518  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
09:13:47.0430 0x1518  AmdK7 - ok
09:13:47.0445 0x1518  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
09:13:47.0476 0x1518  AmdK8 - ok
09:13:47.0523 0x1518  [ C6D704C7F0434DC791AAC37CAC4B6E14, 35CF7D1895F97637E0C678A39F3049B871BCA9526D379C7793ED33B87D2EAC4C ] Appinfo         C:\Windows\System32\appinfo.dll
09:13:47.0570 0x1518  Appinfo - ok
09:13:47.0726 0x1518  [ 7EF47644B74EBE721CC32211D3C35E76, 1381908E70567AAE5A8C96C4B7BF8E68748F64DE3243FD0FA8CC0E72DEEDA9A7 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:13:47.0758 0x1518  Apple Mobile Device - ok
09:13:47.0805 0x1518  [ C56DED3FE618C8BAE1AAAF4E801CCB3E, 342E9A6E07E7A14C72097A612E6968E8C0CFBBF8FA310DCA7C6CC1711061AE9D ] AppMgmt         C:\Windows\System32\appmgmts.dll
09:13:47.0883 0x1518  AppMgmt - ok
09:13:47.0930 0x1518  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
09:13:47.0961 0x1518  arc - ok
09:13:48.0023 0x1518  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
09:13:48.0023 0x1518  arcsas - ok
09:13:48.0103 0x1518  [ 61953E5E1FFAEAF246A610BEE2554879, AF489668BC4DCA5CFC81BF056C6AFC7CE4E5B917413FE513B13830B210524785 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
09:13:48.0150 0x1518  aswMonFlt - ok
09:13:48.0182 0x1518  [ 98C18C78B0C3E7EFBDDA7BD0C35F5903, 92128EA70472EBA8804C2972DAA8557F460C2E082084E29B40CE93A05447592F ] aswRdr          C:\Windows\system32\drivers\aswRdr.sys
09:13:48.0182 0x1518  aswRdr - ok
09:13:48.0197 0x1518  [ F385467DF95D0A73775CB3B076B8B969, D427A5F4FB4D1DAB04AFC29E7EC510844F907ABBA053538995E65747BAD37422 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
09:13:48.0213 0x1518  aswRvrt - ok
09:13:48.0322 0x1518  [ 8CD8710457FCC1CDE88CBFA3AA119B92, B750481B2D44E2D01DEF500276A7253731EDD2BCB117B083EE10FAA7A8FFF729 ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
09:13:48.0385 0x1518  aswSnx - ok
09:13:48.0432 0x1518  [ C1F95C9481F46B96E23A276639C55AC9, 75F7BCF74E46E3A8EC9AF0DB5D7FCA280DCAF97BD932767DCBDE66E26BF0E7CE ] aswSP           C:\Windows\system32\drivers\aswSP.sys
09:13:48.0478 0x1518  aswSP - ok
09:13:48.0525 0x1518  [ E6390554DCB2A730702188547267093C, 1F97F23A2C1767ABD52041DFA0EF9065567CDB02B12F674CF4EE4E8FBA69773B ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
09:13:48.0541 0x1518  aswTdi - ok
09:13:48.0603 0x1518  [ 1B0662514A68C3A42E60D240C5ABEF28, 71301759C135895C72CAED297A669BA58B3F73E0B7E46DB981F6559D5D5E2B89 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
09:13:48.0619 0x1518  aswVmm - ok
09:13:48.0650 0x1518  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
09:13:48.0682 0x1518  AsyncMac - ok
09:13:48.0713 0x1518  [ 2D9C903DC76A66813D350A562DE40ED9, 82609F01A08C6842E4C17C077BB641C1429C0E6657964B7F2D114035E1BDCBF3 ] atapi           C:\Windows\system32\drivers\atapi.sys
09:13:48.0728 0x1518  atapi - ok
09:13:48.0791 0x1518  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
09:13:48.0822 0x1518  AudioEndpointBuilder - ok
09:13:48.0853 0x1518  [ 42076E29AAFA0830A2C5D4E310F58DD1, 13BB794C09BB602AECF53DB8147677159DC154E994FFEAE89C0298BD65FA9C7B ] Audiosrv        C:\Windows\System32\Audiosrv.dll
09:13:48.0885 0x1518  Audiosrv - ok
09:13:48.0994 0x1518  [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:13:49.0025 0x1518  avast! Antivirus - ok
09:13:49.0152 0x1518  [ F2E8CEFC8CF4D6454F4121C5FF93136A, DFD05AD328BD0FDD8BF44043C40084A6DF98BF6F5CEAE71BF793176AF6ADFBBB ] BBSvc           C:\Program Files\Microsoft\BingBar\7.3.124.0\BBSvc.exe
09:13:49.0215 0x1518  BBSvc - ok
09:13:49.0246 0x1518  [ 6E1BCC590C9D30FEE8FC14DBD053CE94, 4F698D399225A890B7FDCE3773E504B2880534ED1C0F4C37589568C44BA51743 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.3.124.0\SeaPort.exe
09:13:49.0277 0x1518  BBUpdate - ok
09:13:49.0340 0x1518  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
09:13:49.0371 0x1518  Beep - ok
09:13:49.0449 0x1518  [ 8582E233C346AEFE759833E8A30DD697, 2B0A4FB7F0C3256A5003821634DFA04BA8C3FBB46E942E8BC5D114AF8D1E5354 ] BFE             C:\Windows\System32\bfe.dll
09:13:49.0496 0x1518  BFE - ok
09:13:49.0730 0x1518  [ 02ED7B4DBC2A3232A389106DA7515C3D, 0DFCD03CB967D1A980D56124603F353DC1D800E3A5E436EEE95C65FDE17398CF ] BITS            C:\Windows\System32\qmgr.dll
09:13:49.0965 0x1518  BITS - ok
09:13:49.0980 0x1518  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
09:13:50.0012 0x1518  blbdrive - ok
09:13:50.0233 0x1518  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
09:13:50.0280 0x1518  Bonjour Service - ok
09:13:50.0327 0x1518  [ 8153396D5551276227FA146900F734E6, 0AE06774162D542D9E95246B7112A40D7C463EF331B4F56C9CF8AD99A0341E38 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
09:13:50.0390 0x1518  bowser - ok
09:13:50.0436 0x1518  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
09:13:50.0452 0x1518  BrFiltLo - ok
09:13:50.0468 0x1518  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
09:13:50.0499 0x1518  BrFiltUp - ok
09:13:50.0546 0x1518  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
09:13:50.0577 0x1518  Browser - ok
09:13:50.0640 0x1518  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
09:13:51.0093 0x1518  Brserid - ok
09:13:51.0108 0x1518  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
09:13:51.0192 0x1518  BrSerWdm - ok
09:13:51.0224 0x1518  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
09:13:51.0255 0x1518  BrUsbMdm - ok
09:13:51.0286 0x1518  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
09:13:51.0333 0x1518  BrUsbSer - ok
09:13:51.0395 0x1518  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files\Browny02\BrYNSvc.exe
09:13:51.0427 0x1518  BrYNSvc - detected UnsignedFile.Multi.Generic ( 1 )
09:13:51.0552 0x1518  Detect skipped due to KSN trusted
09:13:51.0552 0x1518  BrYNSvc - ok
09:13:51.0599 0x1518  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
09:13:51.0645 0x1518  BTHMODEM - ok
09:13:51.0677 0x1518  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
09:13:51.0708 0x1518  cdfs - ok
09:13:51.0724 0x1518  [ 1EC25CEA0DE6AC4718BF89F9E1778B57, 019E12C30E7A395259F3906EC55AFF86949CFDBB443060208C8B91B9EB7F9FB7 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
09:13:51.0755 0x1518  cdrom - ok
09:13:51.0817 0x1518  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] CertPropSvc     C:\Windows\System32\certprop.dll
09:13:51.0849 0x1518  CertPropSvc - ok
09:13:51.0880 0x1518  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
09:13:51.0895 0x1518  circlass - ok
09:13:51.0927 0x1518  [ 465745561C832B29F7C48B488AAB3842, B631C61FBF6E2641FED7C4CFC1B179D19143B04CF76DCF48A9C7582E756FFD8C ] CLFS            C:\Windows\system32\CLFS.sys
09:13:51.0958 0x1518  CLFS - ok
09:13:52.0036 0x1518  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:13:52.0052 0x1518  clr_optimization_v2.0.50727_32 - ok
09:13:52.0226 0x1518  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:13:52.0241 0x1518  clr_optimization_v4.0.30319_32 - ok
09:13:52.0288 0x1518  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
09:13:52.0304 0x1518  cmdide - ok
09:13:52.0319 0x1518  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
09:13:52.0319 0x1518  Compbatt - ok
09:13:52.0335 0x1518  COMSysApp - ok
09:13:52.0351 0x1518  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
09:13:52.0366 0x1518  crcdisk - ok
09:13:52.0397 0x1518  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
09:13:52.0429 0x1518  Crusoe - ok
09:13:52.0491 0x1518  [ 6DE363F9F99334514C46AEC02D3E3678, FF403B8A4D7D6B3D2F23E2711D1353CFB0C748AD7D7927CF5DFBD99CD169D826 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
09:13:52.0522 0x1518  CryptSvc - ok
09:13:52.0585 0x1518  [ 9A5434125C3DFE42393DE4BBB791BD19, 29BEE511299FD95B41489721E73677A71AB264E537A16A287253A8FEFC9CB4C8 ] CSC             C:\Windows\system32\drivers\csc.sys
09:13:52.0741 0x1518  CSC - ok
09:13:52.0819 0x1518  [ CB1D480676229A09EEF1DD4D23C5EDF3, BD11777709F67294D79AE644C5572BC34DA364C306FECA9352FCB8539E121D8E ] CscService      C:\Windows\System32\cscsvc.dll
09:13:52.0897 0x1518  CscService - ok
09:13:53.0007 0x1518  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] DcomLaunch      C:\Windows\system32\rpcss.dll
09:13:53.0322 0x1518  DcomLaunch - ok
09:13:53.0353 0x1518  [ A3E9FA213F443AC77C7746119D13FEEC, 479B349BFC811D20572C09C4A2228C3880F8F3B4B4BA5F4E56600C7EF583DE7B ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
09:13:53.0400 0x1518  DfsC - ok
09:13:53.0775 0x1518  [ FA3463F25F9CC9C3BCF1E7912FEFF099, 8CFA0F1DFD975ED877B303EB55BE52B0B1EC2B20FEC36820121A0F5E046E0032 ] DFSR            C:\Windows\system32\DFSR.exe
09:13:54.0103 0x1518  DFSR - ok
09:13:54.0171 0x1518  [ 43A988A9C10333476CB5FB667CBD629D, 7E0DD57E75A50E3671673876631A1E66A4AC16810418BEC1AC2143DFD331F389 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
09:13:54.0250 0x1518  Dhcp - ok
09:13:54.0328 0x1518  [ 64109E623ABD6955C8FB110B592E68B7, 964F456EF44F9AE836B8CAB438FEB18303B2548A2B7D85FEBD72F4F80127B0EE ] disk            C:\Windows\system32\drivers\disk.sys
09:13:54.0344 0x1518  disk - ok
09:13:54.0453 0x1518  [ EFA372B03FA797C615ADD67B364E9C29, F0782999C6CCA9D1A004CF4A5E8B7CAB9E2DC8D61134A9C1544EB00C700BB507 ] DM9102          C:\Windows\system32\DRIVERS\DM9PCI5.SYS
09:13:54.0516 0x1518  DM9102 - ok
09:13:54.0547 0x1518  [ 4805D9A6D281C7A7DEFD9094DEC6AF7D, 473A5F1C4E795BD6B6DDB32ECB04BA8BF238AA5FBC67FC5D8D8F749464ED0AE9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
09:13:54.0578 0x1518  Dnscache - ok
09:13:54.0672 0x1518  [ 5AF620A08C614E24206B79E8153CF1A8, 5BB32FF3C9A5C51C2773F0ECF9647749667F4678EF3C75FEB4420EC6C805913E ] dot3svc         C:\Windows\System32\dot3svc.dll
09:13:54.0719 0x1518  dot3svc - ok
09:13:54.0797 0x1518  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
09:13:54.0844 0x1518  DPS - ok
09:13:54.0891 0x1518  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
09:13:54.0937 0x1518  drmkaud - ok
09:13:55.0078 0x1518  [ 85F33880B8CFB554BD3D9CCDB486845A, 2D120F94800AEB886D4BA2A45FE2454EBB1FAC3E57BDE552737EBDE7EF8899CF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
09:13:55.0220 0x1518  DXGKrnl - ok
09:13:55.0283 0x1518  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
09:13:55.0299 0x1518  E1G60 - ok
09:13:55.0361 0x1518  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
09:13:55.0392 0x1518  EapHost - ok
09:13:55.0455 0x1518  [ DD2CD259D83D8B72C02C5F2331FF9D68, 07E758A414442FEAFE55FB28842D960971553DB16C31D5791FDD0843CBF5E2B4 ] Ecache          C:\Windows\system32\drivers\ecache.sys
09:13:55.0471 0x1518  Ecache - ok
09:13:55.0502 0x1518  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
09:13:55.0549 0x1518  elxstor - ok
09:13:55.0596 0x1518  [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C, 80385AC32CE8388F06341AA4A880F68E0EB5815CCCA5CF8E799846F472DCE360 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
09:13:55.0736 0x1518  EMDMgmt - ok
09:13:55.0783 0x1518  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
09:13:55.0814 0x1518  ErrDev - ok
09:13:55.0924 0x1518  [ 3CB3343D720168B575133A0A20DC2465, B356938AC3D9CE833A2C0EBFAA548CDB6B68BEDDB2CCA80222E508BD978FB26B ] EventSystem     C:\Windows\system32\es.dll
09:13:56.0033 0x1518  EventSystem - ok
09:13:56.0080 0x1518  [ 0D858EB20589A34EFB25695ACAA6AA2D, E5C891D8971173D78194176CB38C0D62C1245C71E04DD94EC742A69C2925F843 ] exfat           C:\Windows\system32\drivers\exfat.sys
09:13:56.0142 0x1518  exfat - ok
09:13:56.0189 0x1518  [ 3C489390C2E2064563727752AF8EAB9E, BF528F6D4718AC160C103FD89496C6B7BABED7A17A6BD4222D684AF22FE21A49 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
09:13:56.0222 0x1518  fastfat - ok
09:13:56.0300 0x1518  [ DFBA0F60FA301E5B1BFB1403A93EE23E, 727A01AA77BFD6B6FEB394A4C4CCBDB785987A1904F8EED3739A5F6D03C15965 ] Fax             C:\Windows\system32\fxssvc.exe
09:13:56.0393 0x1518  Fax - ok
09:13:56.0472 0x1518  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
09:13:56.0503 0x1518  fdc - ok
09:13:56.0518 0x1518  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
09:13:56.0534 0x1518  fdPHost - ok
09:13:56.0565 0x1518  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
09:13:56.0612 0x1518  FDResPub - ok
09:13:56.0659 0x1518  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
09:13:56.0675 0x1518  FileInfo - ok
09:13:56.0722 0x1518  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
09:13:56.0753 0x1518  Filetrace - ok
09:13:56.0847 0x1518  [ 8B961F0B8CEA178805F5BC11789D191F, 986E5A0AE5160A69906117A36FB8DB9862FEB8423BB44B3BD857E23201ADFA22 ] FLMckUsb        C:\Windows\system32\DRIVERS\ATTchDrv.sys
09:13:56.0862 0x1518  FLMckUsb - ok
09:13:56.0909 0x1518  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
09:13:56.0925 0x1518  flpydisk - ok
09:13:56.0972 0x1518  [ 05EA53AFE985443011E36DAB07343B46, E033C1C218E9B0D22B63E1B927D7BBE331B59814F26952B68BEDC914EF881E55 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
09:13:57.0003 0x1518  FltMgr - ok
09:13:57.0112 0x1518  [ C9BE08664611DDAF98E2331E9288B00B, C645DDAB5FD588486553DF2DD5750AF5A967FEE988F4EB29E05362E3362DF4A2 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
09:13:57.0143 0x1518  FontCache3.0.0.0 - ok
09:13:57.0159 0x1518  [ 65EA8B77B5851854F0C55C43FA51A198, 150BE6C195094DBEAC4FD73CC1C31FF59B77A73944574E244D280EE2DE69DC2F ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
09:13:57.0254 0x1518  Fs_Rec - ok
09:13:57.0316 0x1518  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
09:13:57.0316 0x1518  gagp30kx - ok
09:13:57.0379 0x1518  [ 8182FF89C65E4D38B2DE4BB0FB18564E, 2ACFA64D48BF7D25641EC5819C8722144284B8A8E071BF297C1881B07EEAFE88 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:13:57.0379 0x1518  GEARAspiWDM - ok
09:13:57.0488 0x1518  [ D9F1113D9401185245573350712F92FC, 7D8E96B61D7FC1FCC7D70A19DB725BCEA78FE94F3D7AFBB1202771D530A628B7 ] gpsvc           C:\Windows\System32\gpsvc.dll
09:13:57.0676 0x1518  gpsvc - ok
09:13:57.0723 0x1518  [ CB04C744BE0A61B1D648FAED182C3B59, 61DC0FF94325DAFCCB7B3980A48727EFBF1283FCF753EC16EF04C730525994C0 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
09:13:57.0785 0x1518  HdAudAddService - ok
09:13:57.0848 0x1518  [ C87B1EE051C0464491C1A7B03FA0BC99, 0EF498A7D37A454E8B6DB1BE3C0EADA648B51B34A2BB553171E766463E54EE90 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
09:13:57.0879 0x1518  HDAudBus - ok
09:13:57.0894 0x1518  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
09:13:57.0941 0x1518  HidBth - ok
09:13:57.0957 0x1518  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
09:13:58.0004 0x1518  HidIr - ok
09:13:58.0035 0x1518  [ 8FA640195279ACE21BEA91396A0054FC, 20541E5FA29B3FBD8824F3DF93C7D63AFEE56948F82FFDE20E9E87F5C0A3A789 ] hidserv         C:\Windows\system32\hidserv.dll
09:13:58.0098 0x1518  hidserv - ok
09:13:58.0144 0x1518  [ 854CA287AB7FAF949617A788306D967E, 8C0BC3727C07634FAD35C7184C72B6D48D428F35E612257A833F00CACF4AAB5D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
09:13:58.0160 0x1518  HidUsb - ok
09:13:58.0191 0x1518  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
09:13:58.0238 0x1518  hkmsvc - ok
09:13:58.0285 0x1518  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
09:13:58.0301 0x1518  HpCISSs - ok
09:13:58.0410 0x1518  [ 96E241624C71211A79C84F50A8E71CAB, EB6E679218B781F67FBFF4EB12DDE44769ACA7EA3F83A4404A073EA89C902C25 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
09:13:58.0488 0x1518  HTTP - ok
09:13:58.0535 0x1518  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
09:13:58.0535 0x1518  i2omp - ok
09:13:58.0613 0x1518  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
09:13:58.0644 0x1518  i8042prt - ok
09:13:58.0691 0x1518  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
09:13:58.0738 0x1518  iaStorV - ok
09:13:58.0894 0x1518  [ 7B630ACAED64FEF0C3E1CF255CB56686, 9DCC6953BC6EF77C3916F8AA226CEC0662513A23AB60E9F714D53746E82FB372 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:13:59.0129 0x1518  idsvc - ok
09:13:59.0176 0x1518  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
09:13:59.0176 0x1518  iirsp - ok
09:13:59.0255 0x1518  [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC, ED795B07B38EDBB2850384EDFA04C85539D4D22A7AAB8981C83C84E2EAB5976F ] IKEEXT          C:\Windows\System32\ikeext.dll
09:13:59.0333 0x1518  IKEEXT - ok
09:13:59.0583 0x1518  [ 4DF91F46265709CD0F5FFD8AAC26D586, B02DC365256BF9AAAA876E9A6291F8AC79227D8C961D56CDA7B9C923D0AC667B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
09:13:59.0880 0x1518  IntcAzAudAddService - ok
09:13:59.0911 0x1518  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
09:13:59.0911 0x1518  intelide - ok
09:13:59.0974 0x1518  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
09:14:00.0020 0x1518  intelppm - ok
09:14:00.0067 0x1518  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
09:14:00.0114 0x1518  IPBusEnum - ok
09:14:00.0130 0x1518  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:14:00.0161 0x1518  IpFilterDriver - ok
09:14:00.0192 0x1518  [ 6A35D233693EDC29A12742049BC5E37F, 77275407105492A11CDC232E72C8183F0DFD28F8B9AD2A24AAABDB246F14D38F ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
09:14:00.0239 0x1518  iphlpsvc - ok
09:14:00.0255 0x1518  IpInIp - ok
09:14:00.0287 0x1518  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
09:14:00.0318 0x1518  IPMIDRV - ok
09:14:00.0350 0x1518  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
09:14:00.0381 0x1518  IPNAT - ok
09:14:00.0506 0x1518  [ 9033D67B7112D23EDED6789BACDED128, F63BF5BAF62C1FA767BE7C3A9F44DBAACEA4B767B65A5DDA76666502CE2083AE ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
09:14:00.0584 0x1518  iPod Service - ok
09:14:00.0615 0x1518  [ E50A95179211B12946F7E035D60AF560, 69765E2548BA708FF35545EC944DBA1940AD4065AF90E53B97A7792AC231DCF7 ] irda            C:\Windows\system32\DRIVERS\irda.sys
09:14:00.0646 0x1518  irda - ok
09:14:00.0662 0x1518  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
09:14:00.0709 0x1518  IRENUM - ok
09:14:00.0740 0x1518  [ CBB0D940221A281BCFEAEA695BD1CDA5, D05D192019524A02FE3FAE6827B98A942FA1AD651BF7AA53530A8A6F4ADFB7EB ] Irmon           C:\Windows\System32\irmon.dll
09:14:00.0771 0x1518  Irmon - ok
09:14:00.0834 0x1518  [ 5896B5FF6332AB2BE1582523E9656A67, EA61CF0B108DDA2D32A2A9B28B2AD296E6941839114C99384D343B883ECAB7F8 ] irsir           C:\Windows\system32\DRIVERS\irsir.sys
09:14:00.0865 0x1518  irsir - ok
09:14:00.0928 0x1518  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
09:14:00.0943 0x1518  isapnp - ok
09:14:00.0975 0x1518  [ F247EEC28317F6C739C16DE420097301, 0F4BE16BB0630DFE2256F70C94D4363B7B71F02F7F6597E7CAE28A3EFEA7BCAD ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
09:14:00.0990 0x1518  iScsiPrt - ok
09:14:01.0006 0x1518  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
09:14:01.0021 0x1518  iteatapi - ok
09:14:01.0053 0x1518  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
09:14:01.0053 0x1518  iteraid - ok
09:14:01.0084 0x1518  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
09:14:01.0100 0x1518  kbdclass - ok
09:14:01.0131 0x1518  [ 18247836959BA67E3511B62846B9C2E0, 9623FF990A1C11A707C358CC9FDD4306C2992A8C766A50DAFC9534A283AA011D ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
09:14:01.0146 0x1518  kbdhid - ok
09:14:01.0193 0x1518  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] KeyIso          C:\Windows\system32\lsass.exe
09:14:01.0271 0x1518  KeyIso - ok
09:14:01.0334 0x1518  [ 7A0CF7908B6824D6A2A1D313E5AE3DCA, 903CF1169D984BBDAE114827D82D5CCC88C2BC7CAEE6BB3A299E2572B0751BB6 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
09:14:01.0412 0x1518  KSecDD - ok
09:14:01.0506 0x1518  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
09:14:01.0662 0x1518  KtmRm - ok
09:14:01.0709 0x1518  [ 1925E63C91CF1610AE41BFD539062079, C25438D19D51B76A8E4C5F3A5D41C76197321166CB37E224217993A4466EBEF9 ] LanmanServer    C:\Windows\system32\srvsvc.dll
09:14:01.0803 0x1518  LanmanServer - ok
09:14:01.0865 0x1518  [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15, 7B1FAC42B9EA73A8C4E812F8F729EB882BDFD04D2E68FE354CFD6B8379A46D14 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
09:14:01.0990 0x1518  LanmanWorkstation - ok
09:14:02.0115 0x1518  [ A0F7DC0080E4F97DC97DE08B699E231B, 7220630BEFB4ADFEB19B07253953F5E09EF42E8AE0187566EFEE4F822DAC1F8A ] LBTServ         C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
09:14:02.0146 0x1518  LBTServ - ok
09:14:02.0225 0x1518  [ 24E0DDB99AECCF86BB37702611761459, 5827F83E84F0CC8C520F54AF71BB4382A98BFE379D68F6A593C2FFC28B3DB59B ] LHidFilt        C:\Windows\system32\DRIVERS\LHidFilt.Sys
09:14:02.0256 0x1518  LHidFilt - ok
09:14:02.0318 0x1518  [ D57D1BE0129C1B45653B0FA920BC4B38, E6A5C600A2A7F8EB373B5555A1EB718B167EF5265E55E8A75CA3ADBDE04A2DA1 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
09:14:02.0350 0x1518  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
09:14:02.0521 0x1518  Detect skipped due to KSN trusted
09:14:02.0521 0x1518  LightScribeService - ok
09:14:02.0881 0x1518  [ 47C35F4A0AD07C753E125C4EE97C26C5, CD0789801857469E7D7D1E31D9047228E181B118D2284C02C1DEC00BF36544B1 ] LIVESRV         C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
09:14:03.0131 0x1518  LIVESRV - detected UnsignedFile.Multi.Generic ( 1 )
09:14:03.0271 0x1518  Detect skipped due to KSN trusted
09:14:03.0271 0x1518  LIVESRV - ok
09:14:03.0318 0x1518  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
09:14:03.0381 0x1518  lltdio - ok
09:14:03.0443 0x1518  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
09:14:03.0475 0x1518  lltdsvc - ok
09:14:03.0506 0x1518  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
09:14:03.0553 0x1518  lmhosts - ok
09:14:03.0584 0x1518  [ D58B330D318361A66A9FE60D7C9B4951, DCE08C7B3F2FE45204172564129292BB2BABED9226F368091DE2C2D315DA4D5C ] LMouFilt        C:\Windows\system32\DRIVERS\LMouFilt.Sys
09:14:03.0600 0x1518  LMouFilt - ok
09:14:03.0615 0x1518  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
09:14:03.0631 0x1518  LSI_FC - ok
09:14:03.0631 0x1518  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
09:14:03.0646 0x1518  LSI_SAS - ok
09:14:03.0678 0x1518  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
09:14:03.0693 0x1518  LSI_SCSI - ok
09:14:03.0725 0x1518  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
09:14:03.0756 0x1518  luafv - ok
09:14:03.0818 0x1518  [ F2BD1DFC573A5857A8ED61822831627E, 902D11EF369F0163B7D98CBA545BA9C3A3225CDF69BC0912B506C661A10661D4 ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
09:14:03.0834 0x1518  mbamchameleon - ok
09:14:03.0912 0x1518  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
09:14:03.0912 0x1518  MBAMProtector - ok
09:14:04.0037 0x1518  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
09:14:04.0100 0x1518  MBAMScheduler - ok
09:14:04.0240 0x1518  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
09:14:04.0365 0x1518  MBAMService - ok
09:14:04.0537 0x1518  [ F453D1E6D881E8F8717E20CCD4199E85, 99864785355638479F0A005E5E1D22067A13EC41FDD1BD1E561577F38A134453 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
09:14:04.0568 0x1518  McComponentHostService - ok
09:14:04.0631 0x1518  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
09:14:04.0646 0x1518  megasas - ok
09:14:04.0740 0x1518  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
09:14:04.0818 0x1518  MegaSR - ok
09:14:04.0850 0x1518  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
09:14:04.0896 0x1518  MMCSS - ok
09:14:04.0928 0x1518  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
09:14:04.0943 0x1518  Modem - ok
09:14:05.0006 0x1518  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
09:14:05.0037 0x1518  monitor - ok
09:14:05.0068 0x1518  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
09:14:05.0084 0x1518  mouclass - ok
09:14:05.0146 0x1518  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
09:14:05.0178 0x1518  mouhid - ok
09:14:05.0193 0x1518  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
09:14:05.0225 0x1518  MountMgr - ok
09:14:05.0256 0x1518  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
09:14:05.0271 0x1518  MozillaMaintenance - ok
09:14:05.0318 0x1518  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
09:14:05.0334 0x1518  mpio - ok
09:14:05.0365 0x1518  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
09:14:05.0412 0x1518  mpsdrv - ok
09:14:05.0521 0x1518  [ D1639BA315B0D79DEC49A4B0E1FB929B, 96420572029217FDD78CD286A022EB5F8BAB76EE30F75E48CD69AEE1A4846B53 ] MpsSvc          C:\Windows\system32\mpssvc.dll
09:14:05.0584 0x1518  MpsSvc - ok
09:14:05.0615 0x1518  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
09:14:05.0631 0x1518  Mraid35x - ok
09:14:05.0678 0x1518  [ AE3DE84536B6799D2267443CEC8EDBB9, 787AF9D5BC6D1A1E4A55A66D62F0DF93F45C2FB7EA5BE0BF63F1270604600B40 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
09:14:05.0725 0x1518  MRxDAV - ok
09:14:05.0740 0x1518  [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1, 2C5F0554D5A763D6B3F1402C9BF36C6091CBBDFFD5139AEE85D69D5B210D2047 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
09:14:05.0818 0x1518  mrxsmb - ok
09:14:05.0834 0x1518  [ 6B5FA5ADFACAC9DBBE0991F4566D7D55, 9BAD029A6AAF4C2292C682B9F07C57051C84F7FA4F3EBEA52C25CAEF1A41121F ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:14:05.0896 0x1518  mrxsmb10 - ok
09:14:05.0928 0x1518  [ 5C80D8159181C7ABF1B14BA703B01E0B, 414085AD3C36B8E95D1D49E2958671332DECE38739544CCB70FAB30C408E89A2 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:14:05.0943 0x1518  mrxsmb20 - ok
09:14:05.0990 0x1518  [ 28023E86F17001F7CD9B15A5BC9AE07D, FC7EAA592C5F796E3BCD7F7EF261709CD899B33FC8486E594A480F143D0D6320 ] msahci          C:\Windows\system32\drivers\msahci.sys
09:14:06.0006 0x1518  msahci - ok
09:14:06.0053 0x1518  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
09:14:06.0084 0x1518  msdsm - ok
09:14:06.0100 0x1518  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
09:14:06.0146 0x1518  MSDTC - ok
09:14:06.0178 0x1518  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
09:14:06.0225 0x1518  Msfs - ok
09:14:06.0271 0x1518  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
09:14:06.0278 0x1518  msisadrv - ok
09:14:06.0342 0x1518  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
09:14:06.0404 0x1518  MSiSCSI - ok
09:14:06.0404 0x1518  msiserver - ok
09:14:06.0514 0x1518  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
09:14:06.0545 0x1518  MSKSSRV - ok
09:14:06.0560 0x1518  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
09:14:06.0576 0x1518  MSPCLOCK - ok
09:14:06.0592 0x1518  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
09:14:06.0623 0x1518  MSPQM - ok
09:14:06.0639 0x1518  [ B5614AECB05A9340AA0FB55BF561CC63, 8D1B5E958A0F721F5A81AD649CC5759B4DECB771FC4654F4EDEB29AC7DF1BD40 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
09:14:06.0654 0x1518  MsRPC - ok
09:14:06.0701 0x1518  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
09:14:06.0732 0x1518  mssmbios - ok
09:14:06.0748 0x1518  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
09:14:06.0795 0x1518  MSTEE - ok
09:14:06.0810 0x1518  [ 6DFD1D322DE55B0B7DB7D21B90BEC49C, 95149C41CC9F269C299541A97A9E2E2CCAEE34FE2362EEECD1F813EBC6D4CDC5 ] Mup             C:\Windows\system32\Drivers\mup.sys
09:14:06.0826 0x1518  Mup - ok
09:14:06.0873 0x1518  [ C43B25863FBD65B6D2A142AF3AE320CA, 88E147751CBECFF31CD65954BC978B86CEA74485EB60DBB25AABAB4601797A4E ] napagent        C:\Windows\system32\qagentRT.dll
09:14:06.0935 0x1518  napagent - ok
09:14:07.0029 0x1518  [ 3C21CE48FF529BB73DADB98770B54025, B8541E3D2B120B97947AE51B28A99E2623ACAD3790BC282B1251ACBEC7684F8D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
09:14:07.0045 0x1518  NativeWifiP - ok
09:14:07.0232 0x1518  [ 5E8EDD6A52E897C19EC6E149FE6C7A8E, 0ACF2237F5AFA72505FFE2C9639FFDBBB991EDF804376610B0719F0131F63E43 ] NBService       C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
09:14:07.0279 0x1518  NBService - ok
09:14:07.0374 0x1518  [ 9BDC71790FA08F0A0B5F10462B1BD0B1, 67605C7A0CB4D9F2C4D0A876651DEB92270B54D0231C35A994F9A739C6075BC0 ] NDIS            C:\Windows\system32\drivers\ndis.sys
09:14:07.0436 0x1518  NDIS - ok
09:14:07.0499 0x1518  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
09:14:07.0530 0x1518  NdisTapi - ok
09:14:07.0546 0x1518  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
09:14:07.0577 0x1518  Ndisuio - ok
09:14:07.0608 0x1518  [ 3D14C3B3496F88890D431E8AA022A411, 9B31451756A35314586F93996172E1039B2CD21132CCBE772B3E61A8D9454A30 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
09:14:07.0640 0x1518  NdisWan - ok
09:14:07.0671 0x1518  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
09:14:07.0686 0x1518  NDProxy - ok
09:14:07.0718 0x1518  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
09:14:07.0733 0x1518  NetBIOS - ok
09:14:07.0765 0x1518  [ 7C5FEE5B1C5728507CD96FB4A13E7A02, EDBA08442AD6AF20463A0610FF24D5929574E5EC012495A2C219F6BA84C97F57 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
09:14:07.0827 0x1518  netbt - ok
09:14:07.0843 0x1518  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] Netlogon        C:\Windows\system32\lsass.exe
09:14:07.0874 0x1518  Netlogon - ok
09:14:07.0905 0x1518  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
09:14:07.0952 0x1518  Netman - ok
09:14:07.0983 0x1518  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
09:14:08.0030 0x1518  netprofm - ok
09:14:08.0093 0x1518  [ 0AD5876EF4E9EB77C8F93EB5B2FFF386, 2F23B0979CF2E8DB013D8E58501ACC9265A860FD759E8B741F8FA64F7C2F7756 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:14:08.0124 0x1518  NetTcpPortSharing - ok
09:14:08.0155 0x1518  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
09:14:08.0171 0x1518  nfrd960 - ok
09:14:08.0218 0x1518  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
09:14:08.0265 0x1518  NlaSvc - ok
09:14:08.0344 0x1518  [ A328A46D87BB92CE4D8A4528E9D84787, D3245ED700151111592BA82FB675B284DA7FCE52B07A7F68352F64A402CAB37C ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
09:14:08.0376 0x1518  NMIndexingService - ok
09:14:08.0392 0x1518  [ ECB5003F484F9ED6C608D6D6C7886CBB, 45496B84B2FD156499E9F07FC82BC6F032B8F4D9DC194098CF9F5474D5642F9E ] Npfs            C:\Windows\system32\drivers\Npfs.sys
09:14:08.0423 0x1518  Npfs - ok
09:14:08.0454 0x1518  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
09:14:08.0485 0x1518  nsi - ok
09:14:08.0485 0x1518  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
09:14:08.0517 0x1518  nsiproxy - ok
09:14:08.0595 0x1518  [ B4EFFE29EB4F15538FD8A9681108492D, 12AF3C19DD2DE7D92EE4C03AD07BAFD77EB8BFF2333E6FBD9CAAA0F654A35F46 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
09:14:08.0688 0x1518  Ntfs - ok
09:14:08.0704 0x1518  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
09:14:08.0751 0x1518  ntrigdigi - ok
09:14:08.0782 0x1518  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
09:14:08.0813 0x1518  Null - ok
09:14:08.0938 0x1518  [ D815974EEC1EE6D2F3FE2BE8BD6F3619, CB65BB2F9990D4774C57059F0F002C844992EDB4B076332A584EF6DBE3DAA975 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
09:14:09.0095 0x1518  NVENETFD - ok
09:14:10.0018 0x1518  [ 9A77B1C13BCCEDDF78DFD7AFC25B4F5E, 88FA632754A20025F03FE0970C93F572055919F53C8A50E5DB6CF1EF7B00B7FD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
09:14:13.0514 0x1518  nvlddmkm - ok
09:14:13.0576 0x1518  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
09:14:13.0623 0x1518  nvraid - ok
09:14:13.0670 0x1518  [ 9AEBC32F9D6E02EBEE0369AB296FE7C8, 4B13E58E93856C6FFDE971593E0FAACDEEF56C9463FA6EB654312A71D10DF042 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys
09:14:13.0701 0x1518  nvsmu - ok
09:14:13.0717 0x1518  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
09:14:13.0748 0x1518  nvstor - ok
09:14:13.0842 0x1518  [ 31B8835B003CAA6D31BEAD83DDBF98E5, FB7C7BD1E95BEFB9A8FFEB3FB1B6D9BCD923E48498CB23169EDAA025C84CDD33 ] nvsvc           C:\Windows\system32\nvvsvc.exe
09:14:13.0951 0x1518  nvsvc - ok
09:14:14.0185 0x1518  [ F935E817409F78FA50C5921DB39124B3, E1AB4B69E9C0AD89A5B9E99C7A0D77A1A50B4823C89E8687686B716957FBA2B3 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
09:14:14.0310 0x1518  nvUpdatusService - ok
09:14:14.0357 0x1518  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
09:14:14.0373 0x1518  nv_agp - ok
09:14:14.0373 0x1518  NwlnkFlt - ok
09:14:14.0389 0x1518  NwlnkFwd - ok
09:14:14.0688 0x1518  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:14:14.0813 0x1518  odserv - ok
09:14:14.0845 0x1518  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
09:14:14.0923 0x1518  ohci1394 - ok
09:14:15.0048 0x1518  [ 45E422A6BF20D8C93DC75E6AF499ECD0, 5340CC7FD1526A11F27675D241E7A5CE6C0F6166CEA493DA59FA72510D77605B ] omniserv        C:\Program Files\Softex\OmniPass\OmniServ.exe
09:14:15.0079 0x1518  omniserv - detected UnsignedFile.Multi.Generic ( 1 )
09:14:15.0282 0x1518  omniserv ( UnsignedFile.Multi.Generic ) - warning
09:14:15.0598 0x1518  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:14:15.0629 0x1518  ose - ok
09:14:15.0723 0x1518  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
09:14:15.0879 0x1518  p2pimsvc - ok
09:14:15.0988 0x1518  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] p2psvc          C:\Windows\system32\p2psvc.dll
09:14:16.0066 0x1518  p2psvc - ok
09:14:16.0144 0x1518  [ 8A79FDF04A73428597E2CAF9D0D67850, DB438FDE5510AB2F350ED1AC4CF0E99D3CC665FE46533A438A8FDA4DAF950F93 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
09:14:16.0191 0x1518  Parport - ok
09:14:16.0254 0x1518  [ 3B38467E7C3DAED009DFE359E17F139F, 419BD726E511B3FEFBD8204C9E2BF6131EC05C71D15406070F834688EAFB694F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
09:14:16.0269 0x1518  partmgr - ok
09:14:16.0301 0x1518  [ 6C580025C81CAF3AE9E3617C22CAD00E, 64F9061196462085E5DCD3ACB97A0D8FC67CA9A96DDD6E2103AFFF1593AE236A ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
09:14:16.0316 0x1518  Parvdm - ok
09:14:16.0394 0x1518  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
09:14:16.0426 0x1518  PcaSvc - ok
09:14:16.0441 0x1518  [ 01B94418DEB235DFF777CC80076354B4, 091C4D5954C5CA1F783748C4D7287DD160C5F3357F2CC448DC5C2935B79AC1E9 ] pci             C:\Windows\system32\drivers\pci.sys
09:14:16.0457 0x1518  pci - ok
09:14:16.0475 0x1518  [ FC175F5DDAB666D7F4D17449A547626F, 7D6108213D1AD3F97A3B83E491BCCC7D6F5BC72C32A182BDDE8736851A26C8D2 ] pciide          C:\Windows\system32\drivers\pciide.sys
09:14:16.0491 0x1518  pciide - ok
09:14:16.0538 0x1518  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
09:14:16.0569 0x1518  pcmcia - ok
09:14:16.0647 0x1518  [ C1C3BAF078BE5A14384A4BA2D730817D, 6E4D2F73A1CB250B3EE270CCE806A37EB2140E34EAF9F48C45CC12D2A451AA16 ] PDFProFiltSrvPP C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
09:14:16.0679 0x1518  PDFProFiltSrvPP - ok
09:14:16.0757 0x1518  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
09:14:17.0038 0x1518  PEAUTH - ok
09:14:17.0226 0x1518  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
09:14:17.0538 0x1518  pla - ok
09:14:17.0616 0x1518  [ 78F975CB6D18265BE6F492EDB2D7BC7B, 112C6FB0A84E605B1EA87F98C8A4C210C9DB84C811029109444AB174011A158C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
09:14:17.0663 0x1518  PlugPlay - ok
09:14:17.0835 0x1518  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
09:14:17.0913 0x1518  PNRPAutoReg - ok
09:14:18.0054 0x1518  [ 5DE1A3972FD3112C75EB17BDCF454169, A3187A9ED867B3B1225A8C3CFB048360C1B92DA823C1B6FF5EF2C17F6BFB6602 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
09:14:18.0132 0x1518  PNRPsvc - ok
09:14:18.0194 0x1518  [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A, FAE64867CE80439735F88A9988243667BDE84486B5A768B650E55E1519C85C03 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
09:14:18.0366 0x1518  PolicyAgent - ok
09:14:18.0460 0x1518  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
09:14:18.0491 0x1518  PptpMiniport - ok
09:14:18.0507 0x1518  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
09:14:18.0554 0x1518  Processor - ok
09:14:18.0710 0x1518  [ 688DBB446B61E7AA9D0198A39B0D3A3F, A402FE2C5110C75111E3CA86FAA7F603A22F4465F86DB91ED2DA8AB800CBB16A ] Profos          C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys
09:14:18.0741 0x1518  Profos - detected UnsignedFile.Multi.Generic ( 1 )
09:14:18.0866 0x1518  Detect skipped due to KSN trusted
09:14:18.0866 0x1518  Profos - ok
09:14:19.0210 0x1518  [ B627E4FC8585E8843C5905D4D3587A90, 07D7BC1BF8CDD5E34155B260B914D4A9892D3CEAEACDE334D1AF2A608E1FA2D8 ] ProfSvc         C:\Windows\system32\profsvc.dll
09:14:19.0288 0x1518  ProfSvc - ok
09:14:19.0304 0x1518  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] ProtectedStorage C:\Windows\system32\lsass.exe
09:14:19.0366 0x1518  ProtectedStorage - ok
09:14:19.0397 0x1518  [ BFEF604508A0ED1EAE2A73E872555FFB, AC817FB5A6126475B4A3CA191AD49651B919FB55429B939D036BC564632E426D ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
09:14:19.0476 0x1518  PSched - ok
09:14:19.0585 0x1518  [ 175494C00A40925CEB6F71514734E8F2, 9E27ADB873CBC50D6406985A712A8F743089BF1EAF102973C2A118B46D1461B2 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
09:14:19.0601 0x1518  QBCFMonitorService - detected UnsignedFile.Multi.Generic ( 1 )
09:14:19.0741 0x1518  Detect skipped due to KSN trusted
09:14:19.0741 0x1518  QBCFMonitorService - ok
09:14:19.0866 0x1518  [ BAB30D2799754F6EA22F0B9076311793, 1544260A94EC0BB5342D42B760B32CFEACE8638956E7CB15ABD90F14E6F69137 ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
09:14:19.0897 0x1518  QBFCService - detected UnsignedFile.Multi.Generic ( 1 )
09:14:20.0022 0x1518  Detect skipped due to KSN trusted
09:14:20.0022 0x1518  QBFCService - ok
09:14:20.0366 0x1518  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
09:14:20.0679 0x1518  ql2300 - ok
09:14:20.0741 0x1518  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
09:14:20.0757 0x1518  ql40xx - ok
09:14:20.0851 0x1518  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
09:14:20.0944 0x1518  QWAVE - ok
09:14:20.0960 0x1518  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
09:14:20.0976 0x1518  QWAVEdrv - ok
09:14:20.0991 0x1518  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
09:14:21.0038 0x1518  RasAcd - ok
09:14:21.0069 0x1518  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
09:14:21.0101 0x1518  RasAuto - ok
09:14:21.0147 0x1518  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
09:14:21.0179 0x1518  Rasl2tp - ok
09:14:21.0226 0x1518  [ 6E7C284FC5C4EC07AD164D93810385A6, FDBF80C8DE53E56A3515353129C6912E8CAEC2B2DA9AB3A4B027CB73BDF1EC60 ] RasMan          C:\Windows\System32\rasmans.dll
09:14:21.0257 0x1518  RasMan - ok
09:14:21.0304 0x1518  [ 3E9D9B048107B40D87B97DF2E48E0744, F7B8DAE57B9372CEB21A912379FC7670B099A9642CF2E7EA8D335ADBD4CF86A2 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
09:14:21.0335 0x1518  RasPppoe - ok
09:14:21.0351 0x1518  [ A7D141684E9500AC928A772ED8E6B671, C9329ECA4190EE1F4A6F186D45EA42ACF60C04CDBAFEB19973F3C2DF04A1BCEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
09:14:21.0397 0x1518  RasSstp - ok
09:14:21.0476 0x1518  [ 6E1C5D0457622F9EE35F683110E93D14, 9C6BE049FDA5E6CBA486EE33F01AADDD6085CC5F1F08409EC439ADE9137D3F5F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
09:14:21.0522 0x1518  rdbss - ok
09:14:21.0538 0x1518  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
09:14:21.0554 0x1518  RDPCDD - ok
09:14:21.0601 0x1518  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\DRIVERS\rdpdr.sys
09:14:21.0647 0x1518  rdpdr - ok
09:14:21.0647 0x1518  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
09:14:21.0694 0x1518  RDPENCDD - ok
09:14:21.0741 0x1518  [ E1C18F4097A5ABCEC941DC4B2F99DB7E, B38AC355042F18A41F83BF088FE7EB867184C7FE37820365314419BD3810BB68 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
09:14:21.0772 0x1518  RDPWD - ok
09:14:21.0819 0x1518  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
09:14:21.0835 0x1518  RemoteAccess - ok
09:14:21.0866 0x1518  [ CC4E32400F3C7253400CF8F3F3A0B676, D2A874BE3D365260AD7C10C30F2DE22F818CBFC12D65AADE2203B9ED02C9BEB5 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
09:14:21.0897 0x1518  RemoteRegistry - ok
09:14:21.0929 0x1518  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
09:14:21.0960 0x1518  RpcLocator - ok
09:14:21.0991 0x1518  [ 301AE00E12408650BADDC04DBC832830, 405A392B83942A17F1EB78943C3A3046B5451EA8CB0082A53571CCC0609275A2 ] RpcSs           C:\Windows\system32\rpcss.dll
09:14:22.0022 0x1518  RpcSs - ok
09:14:22.0069 0x1518  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
09:14:22.0085 0x1518  rspndr - ok
09:14:22.0147 0x1518  [ A6B3A78DCB2A6049F31DD585CA41853E, AB6C7145B015CA87DC52CABE73D31C502675BA4EABC1664231987DD301E87BA3 ] rsyncd          C:\rsyncd\cygrunsrv.exe
09:14:22.0147 0x1518  rsyncd - detected UnsignedFile.Multi.Generic ( 1 )
09:14:22.0335 0x1518  Detect skipped due to KSN trusted
09:14:22.0335 0x1518  rsyncd - ok
09:14:22.0366 0x1518  [ A911ECAC81F94ADEAFBE8E3F7873EDB0, 5FC9667F306E16722A46FABCA8FB9C8E7AC24768B9D8415B03F45567F90B8438 ] SamSs           C:\Windows\system32\lsass.exe
09:14:22.0397 0x1518  SamSs - ok
09:14:22.0429 0x1518  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
09:14:22.0429 0x1518  sbp2port - ok
09:14:22.0572 0x1518  [ 3C1791B4E2BF1C02FF9CD6DFE89633BE, 46514A17FD8552BFD7CCE5F3FE67E98E64D8CEE399185864EAF96F7E3C7D1514 ] scan            C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll
09:14:22.0588 0x1518  scan - detected UnsignedFile.Multi.Generic ( 1 )
09:14:22.0728 0x1518  Detect skipped due to KSN trusted
09:14:22.0728 0x1518  scan - ok
09:14:22.0775 0x1518  [ 11387E32642269C7E62E8B52C060B3C6, 6225FA14CBDC1D30F2E4CDC2059773DA49C67BE2C00A1DE582E8E07717F20425 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
09:14:22.0822 0x1518  SCardSvr - ok
09:14:22.0916 0x1518  [ 7B587B8A6D4A99F79D2902D0385F29BD, C29F2EE25F7B11E1821832CB7F4F8506C2AB20804D6702CC5EAF5BA1F3FCA972 ] Schedule        C:\Windows\system32\schedsvc.dll
09:14:23.0041 0x1518  Schedule - ok
09:14:23.0057 0x1518  [ 87C2D0377B23E2D8A41093C2F5FB1A5B, 94725CD764318461A1163FCD1B507B92490C5F52CB5089E6C7245FD91F2D1D05 ] SCPolicySvc     C:\Windows\System32\certprop.dll
09:14:23.0088 0x1518  SCPolicySvc - ok
09:14:23.0166 0x1518  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
09:14:23.0260 0x1518  SDRSVC - ok
09:14:23.0291 0x1518  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
09:14:23.0322 0x1518  secdrv - ok
09:14:23.0353 0x1518  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
09:14:23.0385 0x1518  seclogon - ok
09:14:23.0416 0x1518  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\System32\sens.dll
09:14:23.0447 0x1518  SENS - ok
09:14:23.0510 0x1518  [ CE9EC966638EF0B10B864DDEDF62A099, 2DEC5A8C947D87C12B342F15B8A552A0D49B979A2AC32D2C97FC7A3A76C34524 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
09:14:23.0525 0x1518  Serenum - ok
09:14:23.0573 0x1518  [ 6D663022DB3E7058907784AE14B69898, 54263888C64A7F010D3B5E399369B0F3FF3AF0A0DE8ADB502B98277533E4D45F ] Serial          C:\Windows\system32\DRIVERS\serial.sys
09:14:23.0604 0x1518  Serial - ok
09:14:23.0636 0x1518  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
09:14:23.0651 0x1518  sermouse - ok
09:14:23.0714 0x1518  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
09:14:23.0729 0x1518  SessionEnv - ok
09:14:23.0761 0x1518  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
09:14:23.0808 0x1518  sffdisk - ok
09:14:23.0823 0x1518  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
09:14:23.0870 0x1518  sffp_mmc - ok
09:14:23.0901 0x1518  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
09:14:23.0933 0x1518  sffp_sd - ok
09:14:23.0948 0x1518  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
09:14:24.0011 0x1518  sfloppy - ok
09:14:24.0042 0x1518  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
09:14:24.0120 0x1518  SharedAccess - ok
09:14:24.0198 0x1518  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
09:14:24.0354 0x1518  ShellHWDetection - ok
09:14:24.0417 0x1518  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
09:14:24.0433 0x1518  sisagp - ok
09:14:24.0464 0x1518  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
09:14:24.0479 0x1518  SiSRaid2 - ok
09:14:24.0495 0x1518  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
09:14:24.0542 0x1518  SiSRaid4 - ok
09:14:25.0013 0x1518  [ 0BA91E1358AD25236863039BB2609A2E, ECB3C8E3D9C6FA77C0CF5A898FB90BB9474C6EFBE3698B56C93ECE44535EDACE ] slsvc           C:\Windows\system32\SLsvc.exe
09:14:26.0201 0x1518  slsvc - ok
09:14:26.0232 0x1518  [ 7C6DC44CA0BFA6291629AB764200D1D4, 747CDA89C6F94F8314E5E5C425387ABDF9FF8528D82422F8FF66D96307B47B13 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
09:14:26.0264 0x1518  SLUINotify - ok
09:14:26.0295 0x1518  [ 031E6BCD53C9B2B9ACE111EAFEC347B6, B934129BD77CA6A1434C59EA82B5E93FD4089608E0E41242B6E68070A0F33FB8 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
09:14:26.0326 0x1518  Smb - ok
09:14:26.0373 0x1518  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
09:14:26.0389 0x1518  SNMPTRAP - ok
09:14:26.0435 0x1518  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
09:14:26.0435 0x1518  spldr - ok
09:14:26.0482 0x1518  [ 3665F79026A3F91FBCA63F2C65A09B19, A9AAE9B4006B5BC6EF4A7AB4CAB131687E4055E7C56900BBD24F78BA155C458A ] Spooler         C:\Windows\System32\spoolsv.exe
09:14:26.0545 0x1518  Spooler - ok
09:14:26.0592 0x1518  [ 2252AEF839B1093D16761189F45AF885, D7B79E1B9CD73EDEA855DBE120ED470CC0F67D1AA44038E6051A4C5BCE361DE3 ] srv             C:\Windows\system32\DRIVERS\srv.sys
09:14:26.0639 0x1518  srv - ok
09:14:26.0685 0x1518  [ B7FF59408034119476B00A81BB53D5D1, 365D8E719D729D56082F5A6EEB65B31EB5DB5D15A5346D05E7130F41F2F97D46 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
09:14:26.0732 0x1518  srv2 - ok
09:14:26.0748 0x1518  [ 2ACCC9B12AF02030F531E6CCA6F8B76E, D1BA17C7BFE02347824DEEB1B7362FD251769ECB92B14EB3C600C85AB7E04D1B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
09:14:26.0764 0x1518  srvnet - ok
09:14:26.0810 0x1518  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
09:14:26.0904 0x1518  SSDPSRV - ok
09:14:26.0967 0x1518  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
09:14:27.0045 0x1518  SstpSvc - ok
09:14:27.0123 0x1518  [ EF70B3D22B4BFFDA6EA851ECB063EFAA, 1666572F8F988805C3A2E949FA6B060B35B72DBB115B86F4CFC710FB6A86C3E3 ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
09:14:27.0201 0x1518  StillCam - ok
09:14:27.0310 0x1518  [ 7DD08A597BC56051F320DA0BAF69E389, ACC59CF80765248705FFCE65DC9B5D072DC054F08C02FB4D16BA0E84D8BED0A4 ] stisvc          C:\Windows\System32\wiaservc.dll
09:14:27.0576 0x1518  stisvc - ok
09:14:27.0623 0x1518  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
09:14:27.0639 0x1518  swenum - ok
09:14:27.0748 0x1518  [ B36C7CDB86F7F7A8E884479219766950, F3EA381A84CD6950BF71A56E9ABAD5010F226C5254CB936699A38BA4C85F7367 ] swprv           C:\Windows\System32\swprv.dll
09:14:27.0889 0x1518  swprv - ok
09:14:27.0920 0x1518  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
09:14:27.0920 0x1518  Symc8xx - ok
09:14:28.0107 0x1518  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
09:14:28.0123 0x1518  Sym_hi - ok
09:14:28.0201 0x1518  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
09:14:28.0217 0x1518  Sym_u3 - ok
09:14:28.0264 0x1518  [ 8710A92D0024B03B5FB9540DF1F71F1D, B72A968A7966DC16A1D69A8D53012A4307EEBDC4CB8E1D9C93BFB88D996E490F ] SysMain         C:\Windows\system32\sysmain.dll
09:14:28.0404 0x1518  SysMain - ok
09:14:28.0435 0x1518  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
09:14:28.0498 0x1518  TabletInputService - ok
09:14:28.0514 0x1518  [ 680916BB09EE0F3A6ACA7C274B0D633F, 008B6EE41FA4D371258F0A656AE96B3E3F487BE5B9E0654B920013B4F1C0DFD8 ] TapiSrv         C:\Windows\System32\tapisrv.dll
09:14:28.0560 0x1518  TapiSrv - ok
09:14:28.0576 0x1518  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
09:14:28.0607 0x1518  TBS - ok
09:14:28.0701 0x1518  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
09:14:28.0967 0x1518  Tcpip - ok
09:14:29.0029 0x1518  [ 782568AB6A43160A159B6215B70BCCE9, 11FDD484743985D2F41098C191926BFE8010D4E432CA20CCEB6219B514F9838A ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
09:14:29.0139 0x1518  Tcpip6 - ok
09:14:29.0170 0x1518  [ D4A2E4A4B011F3A883AF77315A5AE76B, 29E18087236A592638570F76691BC5C64CCA383F43EE22DF122413860E2D882C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
09:14:29.0217 0x1518  tcpipreg - ok
09:14:29.0248 0x1518  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
09:14:29.0279 0x1518  TDPIPE - ok
09:14:29.0326 0x1518  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
09:14:29.0357 0x1518  TDTCP - ok
09:14:29.0404 0x1518  [ D09276B1FAB033CE1D40DCBDF303D10F, 2CB47CB522B4E1C091DE30AF0EB4E21D321C42D2A5BA9647CBD078652680D8FF ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
09:14:29.0420 0x1518  tdx - ok
09:14:29.0482 0x1518  [ A048056F5E1A96A9BF3071B91741A5AA, CFDE51D106A6CC4A5638BCD458505F5831636D2203F7C949273BDA446AC7C5F3 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
09:14:29.0482 0x1518  TermDD - ok
09:14:29.0545 0x1518  [ D605031E225AACCBCEB5B76A4F1603A6, 27D78644CADBC11C3AB5E0C10F854FD43BCD43B6E91C1ED1F6D35BC501147701 ] TermService     C:\Windows\System32\termsrv.dll
09:14:29.0639 0x1518  TermService - ok
09:14:29.0685 0x1518  [ 1E3FDB80E40A3CE645F229DFBDFB7694, C58D04CB86E314FC768F2729AC77A7097AFA9C80A35D8AB72690B7005E83D1D6 ] Themes          C:\Windows\system32\shsvcs.dll
09:14:29.0717 0x1518  Themes - ok
09:14:29.0748 0x1518  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
09:14:29.0779 0x1518  THREADORDER - ok
09:14:29.0810 0x1518  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
09:14:29.0904 0x1518  TrkWks - ok
09:14:29.0967 0x1518  [ 16613A1BAD034D4ECF957AF18B7C2FF5, 75499618187ED4385984F608D134BB298A4CCB339F70B31E4A8B2CF3E3558396 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
09:14:30.0014 0x1518  TrustedInstaller - ok
09:14:30.0076 0x1518  [ DCF0F056A2E4F52287264F5AB29CF206, D9F770BD65AE4320A8C130DEA1D093AA4E37FCA573BBE6A59D6D045452EA711D ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
09:14:30.0123 0x1518  tssecsrv - ok
09:14:30.0170 0x1518  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
09:14:30.0217 0x1518  tunmp - ok
09:14:30.0248 0x1518  [ 6042505FF6FA9AC1EF7684D0E03B6940, D09CF14A6C0C760238792DDA4ECB6FBB6CA645BB91BD62585EBD050226BDB5A7 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
09:14:30.0264 0x1518  tunnel - ok
09:14:30.0310 0x1518  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
09:14:30.0326 0x1518  uagp35 - ok
09:14:30.0357 0x1518  [ 8B5088058FA1D1CD897A2113CCFF6C58, 1616EDB66C3E2DA7B09EA4FE46A3FC7087D6201F2195D76118A93B0B065D1623 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
09:14:30.0404 0x1518  udfs - ok
09:14:30.0467 0x1518  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
09:14:30.0498 0x1518  UI0Detect - ok
09:14:30.0529 0x1518  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
09:14:30.0545 0x1518  uliagpkx - ok
09:14:30.0576 0x1518  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
09:14:30.0607 0x1518  uliahci - ok
09:14:30.0639 0x1518  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
09:14:30.0670 0x1518  UlSata - ok
09:14:30.0701 0x1518  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
09:14:30.0717 0x1518  ulsata2 - ok
09:14:30.0748 0x1518  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
09:14:30.0795 0x1518  umbus - ok
09:14:30.0889 0x1518  [ 909795B5B15047D9331F3D6B276B3993, BFB985FC69B0A3C2EDAA0D2FC260790D8AEFAC741A0FC42D425C22F6DF1EDCA9 ] UmRdpService    C:\Windows\System32\umrdp.dll
09:14:30.0998 0x1518  UmRdpService - ok
09:14:31.0060 0x1518  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
09:14:31.0123 0x1518  upnphost - ok
09:14:31.0185 0x1518  [ EAFE1E00739AFE6C51487A050E772E17, C005E635470AEB68131D922CAFFE2703626EAB4612932237B35F5562E559258A ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
09:14:31.0217 0x1518  USBAAPL - ok
09:14:31.0264 0x1518  [ CAF811AE4C147FFCD5B51750C7F09142, BD670CF88D8F932AD1C6BA91FB68A7204BC473657C6A057C92AFB84D164D393C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
09:14:31.0310 0x1518  usbccgp - ok
09:14:31.0342 0x1518  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
09:14:31.0420 0x1518  usbcir - ok
09:14:31.0451 0x1518  [ CEBE90821810E76320155BEBA722FCF9, AD27B032520BE2A45690DD1AFDDA632B934AB7F815CD313B19CD692790C761D8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
09:14:31.0467 0x1518  usbehci - ok
09:14:31.0498 0x1518  [ CC6B28E4CE39951357963119CE47B143, 0BC653B51A33709AADD8B5A2B8102DBCB3C1EE14BDDF4C58813FDCA43FF7C1B2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
09:14:31.0592 0x1518  usbhub - ok
09:14:31.0639 0x1518  [ 7BDB7B0E7D45AC0402D78B90789EF47C, 321C70DFB8F21AFF236C815F2BCC5F778177A83C7238177DA73B82A906CC116E ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
09:14:31.0654 0x1518  usbohci - ok
09:14:31.0685 0x1518  [ B51E52ACF758BE00EF3A58EA452FE360, 79E629EC5DE8AB7F31B0EE9AE94C71E8F703FED5C09A816228726974F7790C85 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
09:14:31.0748 0x1518  usbprint - ok
09:14:31.0764 0x1518  [ 87BA6B83C5D19B69160968D07D6E2982, 9E039DF4BBE53CA22A0ACE486B9867F99FFFE086CCAF6A83BD78770E4631F3F8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:14:31.0810 0x1518  USBSTOR - ok
09:14:31.0826 0x1518  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
09:14:31.0857 0x1518  usbuhci - ok
09:14:31.0904 0x1518  [ 032A0ACC3909AE7215D524E29D536797, 51E36ED5953C0880BE508837181925A0F677842E8A5BA98099700E6ED691A783 ] UxSms           C:\Windows\System32\uxsms.dll
09:14:31.0935 0x1518  UxSms - ok
09:14:31.0982 0x1518  [ B13BC395B9D6116628F5AF47E0802AC4, 36E023A07E56588A8C26EF95E4F99303659E4783E0D9E8AEF193CA77A7AF91BA ] vds             C:\Windows\System32\vds.exe
09:14:32.0045 0x1518  vds - ok
09:14:32.0076 0x1518  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
09:14:32.0107 0x1518  vga - ok
09:14:32.0139 0x1518  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
09:14:32.0170 0x1518  VgaSave - ok
09:14:32.0185 0x1518  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
09:14:32.0201 0x1518  viaagp - ok
09:14:32.0232 0x1518  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
09:14:32.0279 0x1518  ViaC7 - ok
09:14:32.0310 0x1518  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
09:14:32.0326 0x1518  viaide - ok
09:14:32.0357 0x1518  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
09:14:32.0373 0x1518  volmgr - ok
09:14:32.0435 0x1518  [ 98F5FFE6316BD74E9E2C97206C190196, CA9FA0EE5515D26F9406FF95F728E7F2CC29A8B7C97BC69FC2E95BBC60A2D261 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
09:14:32.0482 0x1518  volmgrx - ok
09:14:32.0498 0x1518  [ D8B4A53DD2769F226B3EB374374987C9, 49314B3E53FBF40A60E272C5B3B79FD1EFABFE1215DA5B030571B4DDF5592896 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
09:14:32.0545 0x1518  volsnap - ok
09:14:32.0576 0x1518  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
09:14:32.0593 0x1518  vsmraid - ok
09:14:32.0796 0x1518  [ D5FB73D19C46ADE183F968E13F186B23, D35432BE4FF462FCEA958CF646D5572B6D78058BC2F1F324C9F50A0B14B02259 ] VSS             C:\Windows\system32\vssvc.exe
09:14:32.0999 0x1518  VSS - ok
09:14:33.0030 0x1518  [ 1CF9206966A8458CDA9A8B20DF8AB7D3, 405D5FE96DA7ED03D4124EF6C692F80E88E5982B90DF46E353E94FFF576A5570 ] W32Time         C:\Windows\system32\w32time.dll
09:14:33.0108 0x1518  W32Time - ok
09:14:33.0155 0x1518  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
09:14:33.0233 0x1518  WacomPen - ok
09:14:33.0265 0x1518  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
09:14:33.0296 0x1518  Wanarp - ok
09:14:33.0311 0x1518  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
09:14:33.0343 0x1518  Wanarpv6 - ok
09:14:33.0405 0x1518  [ F0E594DD07B2163DF9F5D5B6B471DDFA, 1F23B34B1B8A081EC3D99E16B036C32B18B9F4D615725BBF474A3B5131F92BCD ] wbengine        C:\Windows\system32\wbengine.exe
09:14:33.0515 0x1518  wbengine - ok
09:14:33.0624 0x1518  [ F3A5C2E1A6533192B070D06ECF6BE796, CBA11D9E60A04A0B82C6934A53EA859513CD476FF047DD3D59727B10CE7DB2DA ] wcncsvc         C:\Windows\System32\wcncsvc.dll
09:14:33.0718 0x1518  wcncsvc - ok
09:14:33.0733 0x1518  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
09:14:33.0765 0x1518  WcsPlugInService - ok
09:14:33.0811 0x1518  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
09:14:33.0843 0x1518  Wd - ok
09:14:33.0905 0x1518  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96, 6A6EFFDB538DE1E201058A00F3E056F1256E92EED943FBFBCE28E54BE751E33D ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
09:14:33.0968 0x1518  Wdf01000 - ok
09:14:33.0999 0x1518  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
09:14:34.0077 0x1518  WdiServiceHost - ok
09:14:34.0108 0x1518  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
09:14:34.0140 0x1518  WdiSystemHost - ok
09:14:34.0186 0x1518  [ CF9A5F41789B642DB967021DE06A2713, A541F9D87CBDE2A4E48C5D5363736EF603B2701741D3044232474F179884AD7B ] WebClient       C:\Windows\System32\webclnt.dll
09:14:34.0233 0x1518  WebClient - ok
09:14:34.0265 0x1518  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
09:14:34.0343 0x1518  Wecsvc - ok
09:14:34.0358 0x1518  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
09:14:34.0390 0x1518  wercplsupport - ok
09:14:34.0436 0x1518  [ FD1965AAA112C6818A30AB02742D0461, 6779D836934412907390DC85FA2A8C3BB1CC31FD4151830275B773FD13CFFBC2 ] WerSvc          C:\Windows\System32\WerSvc.dll
09:14:34.0483 0x1518  WerSvc - ok
09:14:34.0577 0x1518  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
09:14:34.0624 0x1518  WinDefend - ok
09:14:34.0640 0x1518  WinHttpAutoProxySvc - ok
09:14:34.0718 0x1518  [ 00B79A7C984678F24CF052E5BEB3A2F5, 4D8E4394C926D2B1C71613D309F2D62A663B0ADB73A036F5E9E7D1AFF605CA2A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
09:14:34.0765 0x1518  Winmgmt - ok
09:14:34.0983 0x1518  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
09:14:35.0390 0x1518  WinRM - ok
09:14:35.0468 0x1518  [ 275F4346E569DF56CFB95243BD6F6FF0, 9C85246BF99119DBD6E0B5D38F96B8BC00F3C87618D17BC0E0A063A0D9A03440 ] Wlansvc         C:\Windows\System32\wlansvc.dll
09:14:35.0624 0x1518  Wlansvc - ok
09:14:35.0640 0x1518  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
09:14:35.0702 0x1518  WmiAcpi - ok
09:14:35.0780 0x1518  [ ABA4CF9F856D9A3A25F4DDD7690A6E9D, 07C1DAF3DA3CDA84FBE4C7576372115FCAAAAFC332F252C03625E53C7F3C6EE5 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
09:14:35.0811 0x1518  wmiApSrv - ok
09:14:35.0952 0x1518  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
09:14:36.0265 0x1518  WMPNetworkSvc - ok
09:14:36.0311 0x1518  [ 396D406292B0CD26E3504FFE82784702, 5F9015BB515AC13D4DFE8F4B532352CF2C5B61DEFD3D0D61BCD82C781D36E7AF ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
09:14:36.0390 0x1518  WPDBusEnum - ok
09:14:36.0436 0x1518  [ 0CEC23084B51B8288099EB710224E955, E1AAB1E08E1745313D0A149A645AA878148D2DBE5CCC23C4ECCFC5003945C22B ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
09:14:36.0483 0x1518  WpdUsb - ok
09:14:36.0749 0x1518  [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:14:36.0874 0x1518  WPFFontCache_v0400 - ok
09:14:36.0921 0x1518  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
09:14:36.0952 0x1518  ws2ifsl - ok
09:14:36.0968 0x1518  [ 683DD16B590372F2C9661D277F35E49C, 29D86389D95256EEF37BA01D403494385015D926E851A39EC7948FF6EF4E8481 ] wscsvc          C:\Windows\System32\wscsvc.dll
09:14:37.0015 0x1518  wscsvc - ok
09:14:37.0030 0x1518  WSearch - ok
09:14:37.0499 0x1518  [ 6298277B73C77FA99106B271A7525163, 9E076697F025167B57D8D66ED0862B184D70324E058BFA36E42D0C6728720B31 ] wuauserv        C:\Windows\system32\wuaueng.dll
09:14:38.0391 0x1518  wuauserv - ok
09:14:38.0453 0x1518  [ AC13CB789D93412106B0FB6C7EB2BCB6, 8F5B0BD0CBBAB182A400F8994D4727BC0C978D749B6429A2D41B412AE97428B6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
09:14:38.0516 0x1518  WUDFRd - ok
09:14:38.0562 0x1518  [ 575A4190D989F64732119E4114045A4F, 373C344B106AFDB1E6125A21DFE28CA6CFC77FA87FE904656A4F209DB2ED69C7 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
09:14:38.0609 0x1518  wudfsvc - ok
09:14:38.0641 0x1518  [ 979F6C6A2A1E31E7BCC6D5D527C98927, E06E749FD1CA2A23D8F005B95FC28385064D2591F84495F54AC5EB84E0C0A3E2 ] XCOMM           C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
09:14:38.0641 0x1518  XCOMM - detected UnsignedFile.Multi.Generic ( 1 )
09:14:38.0781 0x1518  Detect skipped due to KSN trusted
09:14:38.0781 0x1518  XCOMM - ok
09:14:38.0844 0x1518  ================ Scan global ===============================
09:14:38.0859 0x1518  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
09:14:38.0922 0x1518  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
09:14:38.0984 0x1518  [ F42F8855CB5C22E203C6672B124F17FD, 3A1BBCC916A02CFB5621FD32B336DDACCFBFB4E418B7FA48653DF2FA1CF563A5 ] C:\Windows\system32\winsrv.dll
09:14:39.0016 0x1518  [ 2B336AB6286D6C81FA02CBAB914E3C6C, C5ADF6D5BFC00375BA6D0E5D96F36D36ADFBF66325A48358C6317E387FB220EC ] C:\Windows\system32\services.exe
09:14:39.0047 0x1518  [ Global ] - ok
09:14:39.0047 0x1518  ================ Scan MBR ==================================
09:14:39.0062 0x1518  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
09:14:39.0672 0x1518  \Device\Harddisk0\DR0 - ok
09:14:39.0672 0x1518  ================ Scan VBR ==================================
09:14:39.0703 0x1518  [ DA04CF1F90EA020AE56EA4307A49F6E8 ] \Device\Harddisk0\DR0\Partition1
09:14:39.0734 0x1518  \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
09:14:39.0734 0x1518  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
09:14:39.0953 0x1518  Waiting for KSN requests completion. In queue: 166
09:14:41.0125 0x1518  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
09:14:41.0187 0x1518  Win FW state via NFP2: enabled
09:14:41.0406 0x1518  ============================================================
09:14:41.0406 0x1518  Scan finished
09:14:41.0406 0x1518  ============================================================
09:14:41.0422 0x1564  Detected object count: 2
09:14:41.0422 0x1564  Actual detected object count: 2
09:15:08.0277 0x1564  omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
09:15:08.0277 0x1564  omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:15:08.0277 0x1564  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - skipped by user
09:15:08.0277 0x1564  \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Skip
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users