Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BDS/ZeroAccess.Gen removed by Avira but Windows Update does not work


  • Please log in to reply
23 replies to this topic

#1 Jim2B

Jim2B

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 08 July 2014 - 05:04 PM

Computer began performing slowly.  I started my normal process of CClean + Disk defrag and update all anti-malware applications and updating windows.

Windows Update states that an update has never been performed on this system.  Windows update cannot update this system - generating a error (C80003FA).  Using Windows Update troubleshooter does not correct the problem.

Windows Backup fails with error code 0x81000037.

I've run sfc, it finds and corrects errors but cannot correct them all (I have that log).

Windows sometimes pops up a message that I am not running Genuine Windows.

Spybot SD found and correct numerous minor issues (nothing greater than threat level 3).

Malwarebytes found and corrected two detections (Vendor / file -> PUP.Optional.LoadMoney / ed_sheeran-give_me_lovedw_hqmp3_ru_mp3.exe & Adware.InstallBrain / CodecPerformerSetup.exe).

Avira found and corrected a detection (BDS/ZeroAccess.Gen).

One of them found a rootkit but I do not recall which application detected and I do not recall the name and don't see it in the logs.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 1.6.0_29
Run by Dad at 17:35:35 on 2014-07-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7671.5413 [GMT -4:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Overwolf\Overwolf.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Perfect World Entertainment\Arc\Arc.exe
C:\Program Files (x86)\Common Files\Overwolf\0.76.1.0\OverwolfHelper.exe
C:\Program Files (x86)\Common Files\Overwolf\0.76.1.0\OverwolfHelper64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mWinlogon: Userinit = userinit.exe
BHO: {41564952-412D-5637-4300-7A786E7484D7} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Arc] C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - <no file>
IE: Convert link target to Adobe PDF - <no file>
IE: Convert link target to existing PDF - <no file>
IE: Convert to Adobe PDF - <no file>
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522}\35562756E6964797 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522}\35562756E69647970223 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522}\35562756E6964797029494 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: {41564952-412D-5637-4300-7A786E7484D7} - <orphaned>
x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
x64-TB: <No Name>: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.168.0.1    loki
Hosts: 0.0.0.0    www.007guard.com
Hosts: 0.0.0.0    007guard.com
Hosts: 0.0.0.0    008i.com
Hosts: 0.0.0.0    www.008k.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
FF - ExtSQL: 2014-07-07 14:48; PrivDog@AdTrustMedia.com; C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64;ahcix64;C:\Windows\System32\drivers\ahcix64.sys [2008-10-13 226320]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2010-7-28 33800]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-3-2 28600]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2010-12-29 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-12-29 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-12-29 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-12 254528]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 202752]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-3-2 430160]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-3-2 430160]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-3-2 1039952]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-3-2 117712]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-3-2 84720]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-2-16 19432]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-2-17 68136]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2010-2-22 69632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-5 168384]
R3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-5 30528]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-17 236544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-7-19 231224]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-6-26 88400]
S3 atidgllk;atidgllk;C:\Program Files (x86)\Gigabyte\ET6\atidgllk.sys [2006-7-19 12048]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-7-7 2264280]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-4-9 25640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-17 1038088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-16 111616]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-6-10 976672]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-7-7 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-13 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736]
SUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2014-07-08 20:50:55    --------    d-----w-    C:\Users\Dad\AppData\Local\cache
2014-07-08 19:06:19    22752    ----a-w-    C:\Windows\System32\PCloudBroom64.exe
2014-07-08 18:58:43    388096    ----a-r-    C:\Users\Dad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-07-08 16:46:29    --------    d-----w-    C:\Users\Dad\AppData\Roaming\Mythicsoft
2014-07-08 16:46:20    --------    d-----w-    C:\Program Files\Mythicsoft
2014-07-07 21:49:11    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-07 21:49:01    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-07 21:49:01    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-07 21:49:01    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-07 19:27:39    47632    ----a-w-    C:\Windows\System32\drivers\PSKMAD.sys
2014-07-07 19:27:36    --------    d-----w-    C:\Windows\SysWow64\DASBOOT
2014-07-07 18:39:39    --------    d-----w-    C:\Users\Dad\AppData\Roaming\Comodo
2014-07-07 18:38:24    --------    d-----w-    C:\Program Files\AdTrustMedia
2014-07-07 18:38:24    --------    d-----w-    C:\Program Files (x86)\AdTrustMedia
2014-07-07 18:38:23    --------    d-----w-    C:\ProgramData\Adtrustmedia
2014-07-07 18:35:15    --------    d-----w-    C:\ProgramData\Shared Space
2014-07-07 18:34:46    45784    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2014-07-07 18:34:46    40664    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2014-07-07 18:34:46    352984    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2014-07-07 18:34:46    284888    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2014-06-27 23:38:35    --------    d-----w-    C:\Users\Dad\AppData\Local\AskPartnerNetwork
2014-06-24 17:12:14    822384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-06-24 17:12:14    10594416    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-06-24 17:12:14    1022576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
2014-06-13 13:03:44    --------    d-----w-    C:\Program Files (x86)\Common Files\Overwolf
.
==================== Find3M  ====================
.
2014-07-08 21:31:43    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2014-07-08 21:31:28    25640    ----a-w-    C:\Windows\gdrv.sys
2014-07-03 19:34:18    117712    ----a-w-    C:\Windows\System32\drivers\avgntflt.sys
2014-05-14 10:45:31    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 10:45:31    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-16 21:12:56    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2014-04-16 21:12:55    738472    ----a-w-    C:\Windows\System32\drivers\cmdGuard.sys
2014-04-16 21:12:55    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2011-11-02 18:13:03    226656    ------w-    C:\Program Files (x86)\cnsload_1320257583111.tmp
2011-11-02 18:13:03    226656    ------w-    C:\Program Files (x86)\cnsload_1320257583096.tmp
.
============= FINISH: 17:36:30.64 ===============
 


Edited by Jim2B, 08 July 2014 - 05:38 PM.


BC AdBot (Login to Remove)

 


#2 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 08 July 2014 - 05:47 PM

I forgot to attach the attach.log file - so I attached it here.

Attached Files



#3 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 10 July 2014 - 11:48 AM

I've gotten Windows Update to work, sort of.

It now downloads and installs all updates, except the security updates.  When it fails to install the updates, it generates 2 error messages 8E5E03FA & 80070490.

 

I ran MS "FixIt" and it claims it fixed the problem.  I reran the MS update.

 

MS update generated the same errors and I stepped through the MS update troubleshooter, which found and fixed problems.  Oe problem it couldn't fix was "Windows Update error 0x80070057".

Also, I am running Trend Micro House Call.  I'll post the results here later today when I get them.



#4 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 12 July 2014 - 12:36 AM

It took Trend Micro Housecall 36 hours to complete its scan.  It found the threat "Mal_Xin12" (?) and rated it as a high risk threat.  I'm cleaning it now and will reboot, followed by a "sfc /scannow" from the install disk to see if that fixes the windows update problems.



#5 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 12 July 2014 - 07:51 PM

Since my last update.

I have rebooted the computer and run sfc /scannow from the install disk.  It did not find any problems.
Once booted, I reran sfc /scannow.  It found problems but could not correct them.
I uninstalled Avira
I installed Avast
The Avast start-up scan found no problems.
I selected an Avast boot scan and rebooted.  It found and fixed 12 infected files.  The infections had these names
JS:Scriptip-inf[Trj] (in an mp3 file) [9 of these]

Win32:Malware-gen [2 of these]

HTML:Iframe-inf [1 of these]

 

I reran Windows update.  1 file of 22 updated, it was the Windows Defender definitions.  I tried launching Windows Defender.  One of its services wouldn't start and it generated the error 0x800106ba.

I plan to download and run Kaspersky and the the Microsoft Malicious Software Removal Tool overnight if I can.



#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,744 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:08 PM

Posted 13 July 2014 - 05:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/540326 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 13 July 2014 - 06:17 PM

The MS Malicious Software Removal Tool found the Malware: HackTool:Win32/Keygen.  I am having it remove the malware.

 

I had been runing Kaspersky Virus Removal software.  The last I checked it had detected 5 infections and it had about 5 hours left to run.  However, when I got back to the computer, Kaspersky had restarted.  I'm now rerunning it.



#8 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 13 July 2014 - 06:49 PM

I reviewed the Kaspersky log.  It revealed 5 vulnerabilities but no malware.

 

I've attached my latest DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 1.6.0_29
Run by Dad at 19:44:03 on 2014-07-13
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.7671.4817 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
mRun: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Arc] C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRunOnce: [GrpConv] grpconv -o
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RALINK~1.LNK - C:\Program Files (x86)\Ralink\Common\RaUI.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append to existing PDF - <no file>
IE: Convert link target to Adobe PDF - <no file>
IE: Convert link target to existing PDF - <no file>
IE: Convert to Adobe PDF - <no file>
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522}\35562756E6964797 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522}\35562756E69647970223 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{E82B3F65-13BC-4FC5-873B-E67DF7355522}\35562756E6964797029494 : DHCPNameServer = 192.168.0.1
SSODL: WebCheck - <orphaned>
x64-BHO: {41564952-412D-5637-4300-7A786E7484D7} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: PrivDog Extension: {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
x64-TB: <No Name>: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.168.0.1    loki
Hosts: 0.0.0.0    www.007guard.com
Hosts: 0.0.0.0    007guard.com
Hosts: 0.0.0.0    008i.com
Hosts: 0.0.0.0    www.008k.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: F:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
FF - ExtSQL: 2014-07-07 14:48; PrivDog@AdTrustMedia.com; C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\extensions\PrivDog@AdTrustMedia.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64;ahcix64;C:\Windows\System32\drivers\ahcix64.sys [2008-10-13 226320]
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-7-12 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-7-12 224896]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2010-7-28 33800]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-7-12 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-7-12 427360]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2010-12-29 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdGuard.sys [2010-12-29 738472]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\System32\drivers\cmdhlp.sys [2010-12-29 48360]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-12 254528]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-4-20 202752]
R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2009-10-22 136544]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-7-12 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-7-12 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-7-12 50344]
R2 cpuz132;cpuz132;C:\Windows\System32\drivers\cpuz132_x64.sys [2010-2-16 19432]
R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-2-17 68136]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-12-7 202328]
R2 RalinkRegistryWriter;Ralink Registry Writer;C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [2010-2-22 69632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-1-5 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-1-5 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-1-5 168384]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2013-4-10 11576]
R3 AODDriver;AODDriver;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [2009-10-22 21048]
R3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-5 30528]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-2-17 236544]
RUnknown 12354009;12354009; [x]
RUnknown 5583540drv;5583540drv; [x]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-7-12 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe [2009-4-28 29184]
S3 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-7-19 231224]
S3 ArcService;Arc Service;C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [2014-6-26 88400]
S3 atidgllk;atidgllk;C:\Program Files (x86)\Gigabyte\ET6\atidgllk.sys [2006-7-19 12048]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2014-7-7 2264280]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2010-4-9 25640]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-17 1038088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-16 111616]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 OverwolfUpdater;Overwolf Updater Windows SCM;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-6-10 976672]
S3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2014-7-7 47632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-5 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-4-13 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-31 1255736]
SUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2014-07-13 01:11:01    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2014-07-13 01:03:08    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-07-13 00:27:17    10779000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0837D125-CE2C-41E2-A7FF-FDBEA6FF0474}\mpengine.dll
2014-07-12 15:45:52    --------    d-----w-    C:\Users\Dad\AppData\Roaming\AVAST Software
2014-07-12 15:45:24    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-07-12 15:45:24    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-12 15:45:24    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-07-12 15:45:23    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-12 15:45:23    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-12 15:45:23    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-07-12 15:45:22    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-07-12 15:45:18    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-12 15:42:45    --------    d-----w-    C:\Program Files\AVAST Software
2014-07-10 14:37:57    --------    d-----w-    C:\Windows\Migration
2014-07-10 14:22:17    175528    ----a-w-    C:\Windows\System32\drivers\tmcomm.sys
2014-07-09 09:56:43    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-07-09 09:56:43    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-07-09 09:56:41    27584    ----a-w-    C:\Windows\System32\drivers\Diskdump.sys
2014-07-09 09:56:41    274880    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-07-09 09:56:41    2048    ----a-w-    C:\Windows\SysWow64\iologmsg.dll
2014-07-09 09:56:41    2048    ----a-w-    C:\Windows\System32\iologmsg.dll
2014-07-09 09:56:41    190912    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-07-09 09:56:29    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-07-09 05:19:56    --------    d-----w-    C:\Users\Dad\AppData\Roaming\Samsung
2014-07-09 05:19:55    --------    d-----w-    C:\Program Files\Common Files\Common Desktop Agent
2014-07-09 05:19:55    --------    d-----w-    C:\Program Files (x86)\Common Files\Common Desktop Agent
2014-07-09 05:19:06    687152    ----a-w-    C:\Windows\System32\eed_sl.exe
2014-07-09 05:19:05    3069952    ----a-w-    C:\Windows\System32\eed_ec.dll
2014-07-09 05:18:52    94208    ------w-    C:\Windows\SysWow64\ssdevm.dll
2014-07-09 05:18:52    91136    ------w-    C:\Windows\System32\ssdevm64.dll
2014-07-09 05:15:15    --------    d-----w-    C:\ProgramData\Samsung
2014-07-09 05:15:14    --------    d-----w-    C:\Program Files (x86)\SamsungPrinterLiveUpdateInstaller
2014-07-09 05:15:14    --------    d-----w-    C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-07-09 05:15:11    41984    ----a-w-    C:\Windows\System32\Spool\prtprocs\x64\ssj2mpc.dll
2014-07-08 20:50:55    --------    d-----w-    C:\Users\Dad\AppData\Local\cache
2014-07-08 19:06:19    22752    ----a-w-    C:\Windows\System32\PCloudBroom64.exe
2014-07-08 18:58:43    388096    ----a-r-    C:\Users\Dad\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-07-08 16:46:29    --------    d-----w-    C:\Users\Dad\AppData\Roaming\Mythicsoft
2014-07-08 16:46:20    --------    d-----w-    C:\Program Files\Mythicsoft
2014-07-07 21:49:11    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-07 21:49:01    91352    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-07 21:49:01    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-07-07 21:49:01    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-07 19:27:39    47632    ----a-w-    C:\Windows\System32\drivers\PSKMAD.sys
2014-07-07 19:27:36    --------    d-----w-    C:\Windows\SysWow64\DASBOOT
2014-07-07 18:39:39    --------    d-----w-    C:\Users\Dad\AppData\Roaming\Comodo
2014-07-07 18:38:24    --------    d-----w-    C:\Program Files\AdTrustMedia
2014-07-07 18:38:24    --------    d-----w-    C:\Program Files (x86)\AdTrustMedia
2014-07-07 18:38:23    --------    d-----w-    C:\ProgramData\Adtrustmedia
2014-07-07 18:35:15    --------    d-----w-    C:\ProgramData\Shared Space
2014-07-07 18:34:46    45784    ----a-w-    C:\Windows\System32\cmdkbd64.dll
2014-07-07 18:34:46    40664    ----a-w-    C:\Windows\SysWow64\cmdkbd32.dll
2014-07-07 18:34:46    352984    ----a-w-    C:\Windows\System32\cmdvrt64.dll
2014-07-07 18:34:46    284888    ----a-w-    C:\Windows\SysWow64\cmdvrt32.dll
2014-06-24 17:12:14    822384    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-06-24 17:12:14    10594416    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icudt52.dll
2014-06-24 17:12:14    1022576    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\icuin52.dll
.
==================== Find3M  ====================
.
2014-07-13 00:20:57    30528    ----a-w-    C:\Windows\GVTDrv64.sys
2014-07-13 00:20:42    25640    ----a-w-    C:\Windows\gdrv.sys
2014-07-09 20:46:23    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-09 20:46:23    699056    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-12 11:25:56    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-04-16 21:12:56    48360    ----a-w-    C:\Windows\System32\drivers\cmdhlp.sys
2014-04-16 21:12:55    738472    ----a-w-    C:\Windows\System32\drivers\cmdGuard.sys
2014-04-16 21:12:55    23168    ----a-w-    C:\Windows\System32\drivers\cmderd.sys
2011-11-02 18:13:03    226656    ------w-    C:\Program Files (x86)\cnsload_1320257583111.tmp
2011-11-02 18:13:03    226656    ------w-    C:\Program Files (x86)\cnsload_1320257583096.tmp
.
============= FINISH: 19:45:00.69 ===============
 

 

After running dds, I have reactivated Spybot SD, Avast, and Comodo.



#9 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 14 July 2014 - 12:13 AM

I do have my original Win 7 64 bit install disk available.

I have attempted to perform "System Repair" both automatic and manual with the disk.  Automatic repair cannot repair the problems and sfc does not see issues when booting from the disk.

I have also performed a diskrec.exe /mbr & diskrec.exe /bootdir from this disk.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,256 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:08 PM

Posted 14 July 2014 - 08:16 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======


Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the correct version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Let me know what problem persists.

#11 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 14 July 2014 - 09:07 AM

RogueKiller64 could not complete the prescan from a normal boot.  It was trying to kill a process (svchost.exe) which kept popping back up.  I stopped it and restarted the computer in Safe Mode with Networking and retried.

 

RogueKiller report:

RogueKiller V9.2.3.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Dad [Admin rights]
Mode : Remove -- Date : 07/14/2014  10:05:10

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\etdrv -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\gdrv -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GVTDrv64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\etdrv -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gdrv -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GVTDrv64 -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\etdrv -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\gdrv -> DELETED
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\GVTDrv64 -> DELETED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> REPLACED (0)
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS722020ALA3 SCSI Disk Device +++++
--- User ---
[MBR] 611f60279e2243604900211c368bea2a
[BSP] 13bbf58c49674f86644acca82c6705cb : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: WDC WD20 EARS-00J99B0 SCSI Disk Device +++++
Error reading User MBR! NOT VALID!
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive2: AMD 2+1 Disk RAID5 SCSI Disk Device +++++
Error reading User MBR! ([57] The parameter is incorrect. )
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )


============================================
RKreport_SCN_07142014_100408.log



#12 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 14 July 2014 - 09:30 AM

Good morning Nasdaq,

I apologize for the delay.  I have actually completed the adwcleaner step (it found infected files & registry entries, and other bad stuff), but after clean-up it required a system reboot.

Upon reboot, avast decided to do another boot time scan.  So my system is busy doing that.  This will likely take several hours :(

I'll post the results when it finishes.

Jim



#13 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 14 July 2014 - 02:18 PM

adwcleaner log:

# AdwCleaner v3.215 - Report created 14/07/2014 at 10:09:54
# Updated 09/07/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dad - BALDUR
# Running from : C:\Users\Dad\Downloads\adwcleaner_3.215.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Program Files (x86)\Astroburn Toolbar
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\WinZip Registry Optimizer
Folder Deleted : C:\Users\Dad\AppData\Roaming\Nico Mak Computing
Folder Deleted : C:\Users\Meghan\AppData\Roaming\Nico Mak Computing
Folder Deleted : C:\Users\Mom\AppData\Roaming\Nico Mak Computing
Folder Deleted : C:\Users\Rachel.Baldur\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Rachel.Baldur\AppData\Roaming\Nico Mak Computing
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\searchplugins\daemon-search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cmaiofennmphjldldcpphcechfnnohja
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : HKCU\Software\dt soft\daemon tools toolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v17.0.1 (en-US)

[ File : C:\Users\Aaron\AppData\Roaming\Mozilla\Firefox\Profiles\y3vyul1a.default\prefs.js ]


[ File : C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\prefs.js ]


[ File : C:\Users\Meghan\AppData\Roaming\Mozilla\Firefox\Profiles\ft57eah7.default\prefs.js ]


[ File : C:\Users\Mom\AppData\Roaming\Mozilla\Firefox\Profiles\hxh4nzuy.default\prefs.js ]


[ File : C:\Users\Noel\AppData\Roaming\Mozilla\Firefox\Profiles\eyaez424.default\prefs.js ]


[ File : C:\Users\Rachel.Baldur\AppData\Roaming\Mozilla\Firefox\Profiles\f6nimp4v.default\prefs.js ]


[ File : C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\c56v5b6d.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [3263 octets] - [14/07/2014 10:08:03]
AdwCleaner[S0].txt - [2877 octets] - [14/07/2014 10:09:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2937 octets] ##########
 



#14 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 14 July 2014 - 02:34 PM

And finally the results of the FRST scans:

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014
Ran by Dad (administrator) on BALDUR on 14-07-2014 15:28:07
Running from C:\Users\Dad\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
(Ralink Technology, Corp.) C:\Program Files (x86)\Ralink\Common\RaUI.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
() C:\Program Files (x86)\Gigabyte\ET6\GUI.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO)
HKLM-x32\...\Run: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe [20480 2007-07-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-08-03] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-12] (AVAST Software)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: E - E:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: I - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4b4e-1779-11e2-b86f-00241dccca17} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\TL-Bootstrap.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {033f4cc1-1779-11e2-b86f-00241dccca17} - I:\TLBootstrap_WPP.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {18abe7c9-745e-11e1-a614-00241dccca17} - E:\LaunchU3.exe -a
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca868eb-70f9-11e0-8f0e-00241dccca17} - H:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {1ca86b87-70f9-11e0-8f0e-00241dccca17} - G:\Autorun.exe
HKU\S-1-5-21-618570333-1535794558-3025776438-1001\...\MountPoints2: {d8a136ad-4fa7-11df-a815-000272a9ef50} - E:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
ShortcutTarget: Ralink Wireless Utility.lnk -> C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicyUsers\S-1-5-21-618570333-1535794558-3025776438-1003\User: Group Policy restriction detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8DEE3044B12ECB01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: PrivDog Extension - {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - C:\Program Files\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll (AdTrustMedia)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO-x32: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default
FF Homepage: hxxp://www.facebook.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @pandasecurity.com/activescan - C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\searchplugins\absearch-search.xml
FF Extension: Flashblock - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-25]
FF Extension: WOT - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-04]
FF Extension: DownloadHelper - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-07-11]
FF Extension: Element Hiding Helper for Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\elemhidehelper@adblockplus.org.xpi [2011-11-11]
FF Extension: Ghostery - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\firefox@ghostery.com.xpi [2013-08-13]
FF Extension: Karma Blocker - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\kabl@trac.arantius.com.xpi [2011-04-10]
FF Extension: NoScript - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-18]
FF Extension: Adblock Plus - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\epai9j1g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-12]

==================== Services (Whitelisted) =================

S3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation) [File not signed]
R2 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [202752 2009-07-29] (AMD) [File not signed]
R2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136544 2009-10-22] ()
S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-06-26] (Perfect World Entertainment Inc)
R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed]
R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-12] (AVAST Software)
S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed]
S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation) [File not signed]
R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed]
R3 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed]
R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-04] (Microsoft Corporation) [File not signed]
S3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO)
S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2011-03-03] (Microsoft Corporation) [File not signed]
S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed]
R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation) [File not signed]
S3 EFS; C:\Windows\System32\lsass.exe [30720 2013-09-24] (Microsoft Corporation) [File not signed]
S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed]
S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()
R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed]
R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed]
R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation) [File not signed]
R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-06-05] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed]
S3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-03-01] (Microsoft Corporation) [File not signed]
R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-11] (Microsoft Corporation) [File not signed]
S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation) [File not signed]
R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed]
R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2013-09-24] (Microsoft Corporation) [File not signed]
R2 KSS; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202328 2012-12-07] (Kaspersky Lab ZAO)
S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation) [File not signed]
R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed]
S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S2 lxdnCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.) [File not signed]
S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed]
R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed]
S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2013-09-24] (Microsoft Corporation) [File not signed]
R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation) [File not signed]
R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation) [File not signed]
S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [976672 2014-06-10] (Overwolf LTD)
S3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation) [File not signed]
R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation) [File not signed]
S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed]
R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2011-05-24] (Microsoft Corporation) [File not signed]
S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed]
S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2013-09-24] (Microsoft Corporation) [File not signed]
S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files (x86)\Ralink\Common\RalinkRegistryWriter.exe [69632 2008-05-13] (Ralink Technology, Corp.) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-13] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SamSs; C:\Windows\system32\lsass.exe [30720 2013-09-24] (Microsoft Corporation) [File not signed]
S3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed]
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed]
R2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation) [File not signed]
S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed]
S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation) [File not signed]
R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed]
S4 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed]
S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [File not signed]
S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation) [File not signed]
R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation) [File not signed]
R3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation) [File not signed]
R2 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation) [File not signed]
R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation) [File not signed]
S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2013-09-24] (Microsoft Corporation) [File not signed]
S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed]
S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed]
S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation) [File not signed]
R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed]
R2 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed]
R3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation) [File not signed]
R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation) [File not signed]
R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation) [File not signed]
S4 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2011-05-04] (Microsoft Corporation) [File not signed]
S4 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2011-05-04] (Microsoft Corporation) [File not signed]
S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-27] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

S3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed]
S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed]
R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-27] (Microsoft Corporation) [File not signed]
S3 AmdK8; C:\Windows\system32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation) [File not signed]
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6103552 2009-07-29] (ATI Technologies Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [306176 2011-04-20] (Advanced Micro Devices, Inc.) [File not signed]
R3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R3 AODDriver; C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver.sys [21048 2009-10-22] (Advanced Micro Devices)
S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-12] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-12] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-12] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-12] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-12] ()
R3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation) [File not signed]
S3 atidgllk; C:\Program Files (x86)\Gigabyte\ET6\atidgllk.sys [12048 2006-07-19] (ATI Technologies Inc.)
R3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6103552 2009-07-29] (ATI Technologies Inc.) [File not signed]
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation) [File not signed]
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation) [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-23] (Microsoft Corporation) [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation) [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation) [File not signed]
S3 CmBatt; C:\Windows\system32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO)
R3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed]
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation) [File not signed]
S1 dsload; C:\Windows\SysWOW64\drivers\dsload.sys [10848 2008-05-23] (Oracle Corp.) [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-21] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed]
S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation) [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-07-14] ()
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed]
R3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation) [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed]
R3 i8042prt; C:\Windows\system32\drivers\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation) [File not signed]
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO)
S3 intelppm; C:\Windows\system32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation) [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation) [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation) [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation) [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation) [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2011-04-26] (Microsoft Corporation) [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2011-07-08] (Microsoft Corporation) [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2011-04-26] (Microsoft Corporation) [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation) [File not signed]
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation) [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation) [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation) [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed]
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation) [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed]
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [620544 2009-06-10] (Ralink Technology, Corp.) [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation) [File not signed]
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation) [File not signed]
S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation) [File not signed]
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation) [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed]
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation) [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation) [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation) [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation) [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RdpVideoMiniport; C:\Windows\System32\drivers\rdpvideominiport.sys [19456 2012-08-23] (Microsoft Corporation) [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-27] (Microsoft Corporation) [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIVX.sys [201472 2009-07-17] (Realtek Semiconductor Corp.) [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation) [File not signed]
S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation) [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2011-04-28] (Microsoft Corporation) [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2011-04-28] (Microsoft Corporation) [File not signed]
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation) [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation) [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30312 2014-07-14] ()
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation) [File not signed]
S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [56832 2013-10-01] (Microsoft Corporation) [File not signed]
R3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed]
R4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed]
R3 umbus; C:\Windows\system32\drivers\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [51712 2011-05-10] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.) [File not signed]
S3 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [99840 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [53248 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-26] (Microsoft Corporation) [File not signed]
R3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2013-11-26] (Microsoft Corporation) [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation) [File not signed]
S3 usbscan; C:\Windows\system32\drivers\usbscan.sys [42496 2013-07-03] (Microsoft Corporation) [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2011-03-11] (Microsoft Corporation) [File not signed]
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-26] (Microsoft Corporation) [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation) [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] (Microsoft Corporation) [File not signed]
R3 vwifimp; C:\Windows\System32\DRIVERS\vwifimp.sys [17920 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed]
R3 WmiAcpi; C:\Windows\system32\drivers\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation) [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation) [File not signed]
S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-25] (Microsoft Corporation) [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] (Microsoft Corporation) [File not signed]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
S3 X6va017; \??\C:\Windows\SysWOW64\Drivers\X6va017 [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-14 15:28 - 2014-07-14 15:28 - 00050212 _____ () C:\Users\Dad\Downloads\FRST.txt
2014-07-14 15:22 - 2014-07-14 15:12 - 00048412 _____ () C:\Users\Dad\Desktop\aswBoot.txt
2014-07-14 15:18 - 2014-07-14 15:18 - 00003025 _____ () C:\Users\Dad\Desktop\AdwCleaner[S0].txt
2014-07-14 15:12 - 2014-07-14 15:24 - 00076418 _____ () C:\Windows\setupact.log
2014-07-14 15:12 - 2014-07-14 15:23 - 00000628 _____ () C:\Windows\PFRO.log
2014-07-14 15:12 - 2014-07-14 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 10:07 - 2014-07-14 15:22 - 00000000 ____D () C:\AdwCleaner
2014-07-14 10:06 - 2014-07-14 10:06 - 00003147 _____ () C:\Users\Dad\Desktop\RKreport_DEL_07142014_100510.log
2014-07-14 10:00 - 2014-07-14 15:28 - 00000000 ____D () C:\FRST
2014-07-14 09:39 - 2014-07-14 10:00 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-14 09:39 - 2014-07-14 09:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-14 09:32 - 2014-07-14 09:55 - 00052708 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ___HD () C:\VTRoot
2014-07-14 09:20 - 2014-07-14 09:20 - 02086912 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2014-07-14 09:19 - 2014-07-14 09:19 - 05336664 _____ () C:\Users\Dad\Downloads\RogueKillerX64.exe
2014-07-14 09:19 - 2014-07-14 09:19 - 01348263 _____ () C:\Users\Dad\Downloads\adwcleaner_3.215.exe
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\Users\Dad\AppData\Local\Adobe
2014-07-14 09:15 - 2014-07-14 09:15 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-14 09:15 - 2014-07-14 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-14 09:14 - 2014-07-14 09:15 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-13 20:53 - 2014-07-13 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 20:52 - 2014-07-13 20:53 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 20:52 - 2014-07-13 20:53 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 20:52 - 2014-07-13 20:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-13 20:52 - 2014-07-13 20:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 20:48 - 2014-07-13 20:48 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-13 20:48 - 2014-07-13 20:48 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-13 20:45 - 2014-07-13 20:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Oracle
2014-07-13 20:43 - 2014-07-13 20:42 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-13 20:43 - 2014-07-13 20:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-13 20:42 - 2014-07-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 20:40 - 2014-07-13 20:40 - 00918952 _____ (Oracle Corporation) C:\Users\Dad\Downloads\jxpiinstall(1).exe
2014-07-13 20:37 - 2014-07-13 20:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-13 20:35 - 2014-07-13 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-13 20:33 - 2014-07-13 20:33 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 20:33 - 2014-07-13 20:33 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-13 20:30 - 2014-07-13 20:30 - 12846640 _____ (Adobe Systems Inc.) C:\Users\Dad\Downloads\Shockwave_Installer_Full.exe
2014-07-13 20:15 - 2014-07-13 20:20 - 141929872 _____ () C:\Users\Dad\Downloads\setup_11.0.1.1245.x01_2014_07_09_23_33(1).exe
2014-07-13 19:18 - 2014-07-13 19:18 - 00688992 ____R (Swearware) C:\Users\Dad\Downloads\dds(1).com
2014-07-12 21:11 - 2014-07-12 21:11 - 00001097 _____ () C:\Users\Dad\Desktop\Kaspersky Security Scan.lnk
2014-07-12 21:11 - 2014-07-12 21:11 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-07-12 21:11 - 2014-07-12 21:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-12 21:07 - 2014-07-12 21:07 - 00180000 _____ (Kaspersky Lab) C:\Users\Dad\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-07-12 21:03 - 2014-07-12 21:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-12 20:52 - 2014-07-12 20:56 - 110462208 _____ (Microsoft Corporation) C:\Users\Dad\Downloads\msert.exe
2014-07-12 20:45 - 2014-07-12 20:56 - 141929872 _____ () C:\Users\Dad\Downloads\setup_11.0.1.1245.x01_2014_07_09_23_33.exe
2014-07-12 11:45 - 2014-07-14 15:15 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-12 11:45 - 2014-07-12 11:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-12 11:45 - 2014-07-12 11:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-12 11:45 - 2014-07-12 11:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVAST Software
2014-07-12 11:45 - 2014-07-12 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-12 11:42 - 2014-07-12 11:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-12 11:36 - 2014-07-12 11:39 - 04862664 _____ (AVAST Software) C:\Users\Dad\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 09:19 - 2014-07-07 14:53 - 00414371 _____ () C:\Windows\system32\Drivers\etc\hosts.20140712-091908.backup
2014-07-12 09:16 - 2014-07-07 14:53 - 00414371 _____ () C:\Windows\system32\Drivers\etc\hosts.20140712-091635.backup
2014-07-10 12:00 - 2014-07-10 12:00 - 00985600 _____ () C:\Users\Dad\Downloads\MicrosoftFixit50123.msi
2014-07-10 10:31 - 2014-07-10 10:31 - 00000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2014-07-10 10:22 - 2013-09-02 03:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-07-10 10:15 - 2014-07-10 10:15 - 02473936 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\HousecallLauncher64.exe
2014-07-09 05:56 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 05:56 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 05:56 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-07-09 05:56 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-07-09 05:56 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-07-09 05:56 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-07-09 05:56 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-07-09 05:56 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-07-09 01:21 - 2014-07-09 01:21 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-07-09 01:19 - 2014-07-09 01:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-07-09 01:19 - 2014-07-09 01:19 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Samsung
2014-07-09 01:19 - 2014-07-09 01:19 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2014-07-09 01:19 - 2013-12-27 05:33 - 03069952 _____ () C:\Windows\system32\eed_ec.dll
2014-07-09 01:19 - 2013-12-27 05:33 - 00687152 _____ (Samsung Electronics) C:\Windows\system32\eed_sl.exe
2014-07-09 01:19 - 2013-12-06 04:24 - 00101518 ____N () C:\Windows\ssj2mLTR.prn
2014-07-09 01:19 - 2013-12-06 04:23 - 00107317 ____N () C:\Windows\ssj2mA4.prn
2014-07-09 01:18 - 2013-07-05 02:20 - 00094208 ____N () C:\Windows\SysWOW64\ssdevm.dll
2014-07-09 01:18 - 2013-07-05 02:20 - 00091136 ____N () C:\Windows\system32\ssdevm64.dll
2014-07-09 01:15 - 2014-07-09 01:21 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-07-09 01:15 - 2014-07-09 01:19 - 00000000 ____D () C:\ProgramData\Samsung
2014-07-08 18:46 - 2014-07-08 18:46 - 00075153 _____ () C:\Users\Dad\Documents\Attach-140708a.zip
2014-07-08 18:22 - 2014-07-08 18:22 - 00000000 ____D () C:\Users\Dad\Documents\ProcAlyzer Dumps
2014-07-08 18:06 - 2014-07-08 18:06 - 00536142 _____ () C:\Users\Dad\Documents\Attach-140708a.txt
2014-07-08 18:05 - 2014-07-08 18:05 - 00017092 _____ () C:\Users\Dad\Documents\DDS-140708a.txt
2014-07-08 17:36 - 2014-07-13 19:45 - 00535499 _____ () C:\Users\Dad\Desktop\attach.txt
2014-07-08 17:36 - 2014-07-13 19:45 - 00019473 _____ () C:\Users\Dad\Desktop\dds.txt
2014-07-08 17:34 - 2014-07-08 17:34 - 00688992 ____R (Swearware) C:\Users\Dad\Downloads\dds.com
2014-07-08 16:50 - 2014-07-08 16:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\cache
2014-07-08 16:49 - 2014-07-08 16:49 - 08790287 _____ (MusicBrainz) C:\Users\Dad\Downloads\picard-setup-1.2.exe
2014-07-08 15:21 - 2014-07-08 15:21 - 00030655 _____ () C:\Users\Dad\Documents\CisReport_x64_v7.0.317799.4142_20140708-152116.zip
2014-07-08 15:06 - 2014-07-08 15:06 - 00008276 _____ () C:\Windows\SysWOW64\BroomData.bit
2014-07-08 15:06 - 2013-04-08 16:30 - 00022752 _____ () C:\Windows\system32\PCloudBroom64.exe
2014-07-08 14:59 - 2014-07-08 18:11 - 00010521 _____ () C:\Users\Dad\Desktop\hijackthis.log
2014-07-08 14:58 - 2014-07-08 14:58 - 00002997 _____ () C:\Users\Dad\Desktop\HiJackThis.lnk
2014-07-08 14:45 - 2014-07-08 14:45 - 00001413 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-08 14:29 - 2014-07-08 14:29 - 08420211 _____ (Macrovision Corporation) C:\Users\Dad\Downloads\20070813082717640_Samsung_USB_Driver_Installer(1).exe
2014-07-08 13:36 - 2014-07-07 14:53 - 00414371 _____ () C:\Windows\system32\Drivers\etc\hosts.20140708-133658.backup
2014-07-08 12:46 - 2014-07-08 12:46 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Mythicsoft
2014-07-08 12:46 - 2014-07-08 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
2014-07-08 12:46 - 2014-07-08 12:46 - 00000000 ____D () C:\Program Files\Mythicsoft
2014-07-08 12:42 - 2014-07-08 12:44 - 14326992 _____ (Mythicsoft Ltd) C:\Users\Dad\Downloads\AgentRansack_822.exe
2014-07-07 17:49 - 2014-07-13 20:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-07 17:49 - 2014-07-07 21:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-07 17:49 - 2014-07-07 17:49 - 00159144 _____ (Microsoft Corporation) C:\Users\Meghan\Downloads\WindowsActivationUpdate(1).exe
2014-07-07 17:49 - 2014-07-07 17:49 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 17:49 - 2014-07-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 17:49 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-07 17:49 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-07 15:27 - 2014-07-07 15:27 - 00001296 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-07-07 15:27 - 2014-07-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-07-07 15:27 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-07-07 15:22 - 2014-07-07 15:23 - 30412088 _____ (Panda Security ) C:\Users\Meghan\Downloads\PandaCloudCleaner.exe
2014-07-07 15:16 - 2014-07-07 15:16 - 01057176 _____ (Adobe) C:\Users\Meghan\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-07-07 14:52 - 2013-01-05 13:13 - 00415667 _____ () C:\Windows\system32\Drivers\etc\hosts - Copy
2014-07-07 14:48 - 2014-07-07 15:04 - 00000000 ____D () C:\Users\Meghan\Downloads\backups
2014-07-07 14:47 - 2014-07-07 14:47 - 00000000 ____D () C:\Users\Meghan\AppData\Local\AdTrustMedia
2014-07-07 14:39 - 2014-07-07 14:54 - 00012139 _____ () C:\Users\Meghan\Desktop\hijackthis.log
2014-07-07 14:39 - 2014-07-07 14:39 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Comodo
2014-07-07 14:38 - 2014-07-07 14:38 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-07 14:38 - 2014-07-07 14:38 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-07-07 14:38 - 2014-07-07 14:38 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-07-07 14:35 - 2014-07-08 10:11 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-07-07 14:35 - 2014-07-07 14:35 - 00000000 ____D () C:\ProgramData\Shared Space
2014-07-07 14:34 - 2014-03-25 15:22 - 00352984 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2014-07-07 14:34 - 2014-03-25 15:22 - 00284888 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2014-07-07 14:34 - 2014-03-25 15:22 - 00045784 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2014-07-07 14:34 - 2014-03-25 15:22 - 00040664 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2014-07-07 14:33 - 2014-07-07 14:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Meghan\Downloads\HijackThis.exe
2014-07-07 14:27 - 2014-07-07 14:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Meghan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Meghan\AppData\Roaming\Auslogics
2014-07-07 13:48 - 2014-07-07 13:48 - 01141680 _____ () C:\Users\Meghan\Downloads\SteamSetup.exe
2014-07-07 13:08 - 2014-07-07 13:08 - 00000222 _____ () C:\Users\Meghan\Desktop\Mabinogi.url
2014-07-07 13:08 - 2014-07-07 13:08 - 00000000 ____D () C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-07 12:53 - 2014-07-07 12:53 - 00000176 _____ () C:\console.log
2014-07-07 12:50 - 2014-07-07 12:50 - 02556712 _____ () C:\Users\Meghan\Downloads\Mabinogi_Downloader.exe

==================== One Month Modified Files and Folders =======

2014-07-14 15:28 - 2014-07-14 15:28 - 00050212 _____ () C:\Users\Dad\Downloads\FRST.txt
2014-07-14 15:28 - 2014-07-14 10:00 - 00000000 ____D () C:\FRST
2014-07-14 15:27 - 2011-07-21 20:46 - 01778723 _____ () C:\Windows\WindowsUpdate.log
2014-07-14 15:26 - 2012-12-19 21:50 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-14 15:26 - 2011-01-05 22:41 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-07-14 15:26 - 2011-01-05 19:23 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-07-14 15:26 - 2010-02-17 21:20 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-07-14 15:25 - 2013-01-06 02:16 - 00000144 _____ () C:\service.log
2014-07-14 15:25 - 2012-12-19 21:50 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-14 15:24 - 2014-07-14 15:12 - 00076418 _____ () C:\Windows\setupact.log
2014-07-14 15:24 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-14 15:23 - 2014-07-14 15:12 - 00000628 _____ () C:\Windows\PFRO.log
2014-07-14 15:22 - 2014-07-14 10:07 - 00000000 ____D () C:\AdwCleaner
2014-07-14 15:21 - 2009-07-14 01:13 - 00716144 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-14 15:19 - 2009-07-14 00:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-14 15:19 - 2009-07-14 00:45 - 00013440 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-14 15:18 - 2014-07-14 15:18 - 00003025 _____ () C:\Users\Dad\Desktop\AdwCleaner[S0].txt
2014-07-14 15:15 - 2014-07-12 11:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-14 15:12 - 2014-07-14 15:22 - 00048412 _____ () C:\Users\Dad\Desktop\aswBoot.txt
2014-07-14 15:12 - 2014-07-14 15:12 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 10:06 - 2014-07-14 10:06 - 00003147 _____ () C:\Users\Dad\Desktop\RKreport_DEL_07142014_100510.log
2014-07-14 10:00 - 2014-07-14 09:39 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-14 09:55 - 2014-07-14 09:32 - 00052708 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-07-14 09:45 - 2013-12-01 13:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-14 09:39 - 2014-07-14 09:39 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-14 09:32 - 2014-07-14 09:32 - 00000000 ___HD () C:\VTRoot
2014-07-14 09:20 - 2014-07-14 09:20 - 02086912 _____ (Farbar) C:\Users\Dad\Downloads\FRST64.exe
2014-07-14 09:19 - 2014-07-14 09:19 - 05336664 _____ () C:\Users\Dad\Downloads\RogueKillerX64.exe
2014-07-14 09:19 - 2014-07-14 09:19 - 01348263 _____ () C:\Users\Dad\Downloads\adwcleaner_3.215.exe
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-14 09:16 - 2014-07-14 09:16 - 00000000 ____D () C:\Users\Dad\AppData\Local\Adobe
2014-07-14 09:16 - 2010-04-17 01:55 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-14 09:15 - 2014-07-14 09:15 - 00001851 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-07-14 09:15 - 2014-07-14 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-07-14 09:15 - 2014-07-14 09:14 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-07-14 09:00 - 2010-02-22 20:33 - 00000322 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-07-13 22:12 - 2011-01-07 22:07 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-13 20:53 - 2014-07-13 20:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-13 20:53 - 2014-07-13 20:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-13 20:53 - 2014-07-13 20:52 - 00000000 ____D () C:\Program Files\iTunes
2014-07-13 20:53 - 2014-07-13 20:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-13 20:52 - 2014-07-13 20:52 - 00000000 ____D () C:\Program Files\iPod
2014-07-13 20:48 - 2014-07-13 20:48 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-13 20:48 - 2014-07-13 20:48 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-13 20:48 - 2011-10-10 23:59 - 00000000 ____D () C:\ProgramData\Apple
2014-07-13 20:47 - 2014-07-07 17:49 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-13 20:46 - 2013-10-23 20:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-13 20:45 - 2014-07-13 20:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Oracle
2014-07-13 20:44 - 2014-07-13 20:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-13 20:42 - 2014-07-13 20:43 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-13 20:42 - 2014-07-13 20:43 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-13 20:42 - 2014-07-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-13 20:42 - 2011-11-01 13:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-13 20:42 - 2011-11-01 13:40 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-13 20:40 - 2014-07-13 20:40 - 00918952 _____ (Oracle Corporation) C:\Users\Dad\Downloads\jxpiinstall(1).exe
2014-07-13 20:35 - 2014-07-13 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-13 20:33 - 2014-07-13 20:33 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-13 20:33 - 2014-07-13 20:33 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-07-13 20:32 - 2010-04-17 01:56 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-13 20:30 - 2014-07-13 20:30 - 12846640 _____ (Adobe Systems Inc.) C:\Users\Dad\Downloads\Shockwave_Installer_Full.exe
2014-07-13 20:30 - 2010-02-17 20:03 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-13 20:20 - 2014-07-13 20:15 - 141929872 _____ () C:\Users\Dad\Downloads\setup_11.0.1.1245.x01_2014_07_09_23_33(1).exe
2014-07-13 20:05 - 2011-08-09 11:06 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-07-13 19:45 - 2014-07-08 17:36 - 00535499 _____ () C:\Users\Dad\Desktop\attach.txt
2014-07-13 19:45 - 2014-07-08 17:36 - 00019473 _____ () C:\Users\Dad\Desktop\dds.txt
2014-07-13 19:18 - 2014-07-13 19:18 - 00688992 ____R (Swearware) C:\Users\Dad\Downloads\dds(1).com
2014-07-12 21:24 - 2010-07-28 21:59 - 00000000 ____D () C:\Windows\pss
2014-07-12 21:11 - 2014-07-12 21:11 - 00001097 _____ () C:\Users\Dad\Desktop\Kaspersky Security Scan.lnk
2014-07-12 21:11 - 2014-07-12 21:11 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2014-07-12 21:11 - 2014-07-12 21:11 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-07-12 21:11 - 2014-07-12 21:03 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-12 21:07 - 2014-07-12 21:07 - 00180000 _____ (Kaspersky Lab) C:\Users\Dad\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2014-07-12 20:56 - 2014-07-12 20:52 - 110462208 _____ (Microsoft Corporation) C:\Users\Dad\Downloads\msert.exe
2014-07-12 20:56 - 2014-07-12 20:45 - 141929872 _____ () C:\Users\Dad\Downloads\setup_11.0.1.1245.x01_2014_07_09_23_33.exe
2014-07-12 20:44 - 2011-08-09 11:06 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-12 20:44 - 2011-08-09 11:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-12 20:21 - 2013-12-15 12:23 - 00000000 ____D () C:\Users\Dad\AppData\Local\Overwolf
2014-07-12 11:45 - 2014-07-12 11:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-12 11:45 - 2014-07-12 11:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-12 11:45 - 2014-07-12 11:45 - 00001972 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-12 11:45 - 2014-07-12 11:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\AVAST Software
2014-07-12 11:45 - 2014-07-12 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-12 11:45 - 2011-07-30 12:10 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-12 11:42 - 2014-07-12 11:42 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-12 11:42 - 2011-07-30 12:09 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-12 11:39 - 2014-07-12 11:36 - 04862664 _____ (AVAST Software) C:\Users\Dad\Downloads\avast_free_antivirus_setup_online.exe
2014-07-12 09:13 - 2010-02-22 20:06 - 00000000 ____D () C:\ProgramData\TEMP
2014-07-12 09:13 - 2010-02-22 20:05 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-07-12 01:32 - 2012-01-11 14:50 - 00000000 __SHD () C:\Users\Rachel.Baldur\AppData\Local\{8c91dc32-6109-d60f-fc59-f65eb2a7b092}
2014-07-12 01:27 - 2011-07-30 01:32 - 13010620 _____ () C:\Users\Dad\AppData\Local\census.cache
2014-07-11 22:26 - 2011-07-30 01:32 - 00149191 _____ () C:\Users\Dad\AppData\Local\ars.cache
2014-07-10 12:00 - 2014-07-10 12:00 - 00985600 _____ () C:\Users\Dad\Downloads\MicrosoftFixit50123.msi
2014-07-10 11:52 - 2011-07-21 19:57 - 00708266 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-07-10 10:34 - 2013-07-19 01:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 10:31 - 2014-07-10 10:31 - 00000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2014-07-10 10:15 - 2014-07-10 10:15 - 02473936 _____ (Trend Micro Inc.) C:\Users\Dad\Downloads\HousecallLauncher64.exe
2014-07-10 02:01 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-09 16:46 - 2013-12-01 13:20 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 16:46 - 2012-08-15 20:55 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 16:46 - 2011-12-26 21:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-09 01:21 - 2014-07-09 01:21 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-07-09 01:21 - 2014-07-09 01:15 - 00000000 ____D () C:\Program Files (x86)\SamsungPrinterLiveUpdate
2014-07-09 01:20 - 2014-07-09 01:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers
2014-07-09 01:20 - 2014-01-24 19:39 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-07-09 01:19 - 2014-07-09 01:19 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Samsung
2014-07-09 01:19 - 2014-07-09 01:19 - 00000000 ____D () C:\Program Files\Common Files\Common Desktop Agent
2014-07-09 01:19 - 2014-07-09 01:15 - 00000000 ____D () C:\ProgramData\Samsung
2014-07-09 01:06 - 2010-03-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2014-07-09 01:00 - 2010-02-22 20:34 - 00000296 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-07-08 18:49 - 2011-07-21 19:58 - 00000000 ____D () C:\Users\Dad
2014-07-08 18:49 - 2011-04-17 22:19 - 00000000 ____D () C:\ProgramData\WinZip
2014-07-08 18:46 - 2014-07-08 18:46 - 00075153 _____ () C:\Users\Dad\Documents\Attach-140708a.zip
2014-07-08 18:22 - 2014-07-08 18:22 - 00000000 ____D () C:\Users\Dad\Documents\ProcAlyzer Dumps
2014-07-08 18:22 - 2010-02-22 20:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-08 18:11 - 2014-07-08 14:59 - 00010521 _____ () C:\Users\Dad\Desktop\hijackthis.log
2014-07-08 18:06 - 2014-07-08 18:06 - 00536142 _____ () C:\Users\Dad\Documents\Attach-140708a.txt
2014-07-08 18:05 - 2014-07-08 18:05 - 00017092 _____ () C:\Users\Dad\Documents\DDS-140708a.txt
2014-07-08 18:05 - 2012-12-19 21:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-08 17:34 - 2014-07-08 17:34 - 00688992 ____R (Swearware) C:\Users\Dad\Downloads\dds.com
2014-07-08 16:50 - 2014-07-08 16:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\cache
2014-07-08 16:50 - 2011-01-21 20:36 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
2014-07-08 16:50 - 2011-01-21 20:36 - 00000000 ____D () C:\Program Files (x86)\MusicBrainz Picard
2014-07-08 16:49 - 2014-07-08 16:49 - 08790287 _____ (MusicBrainz) C:\Users\Dad\Downloads\picard-setup-1.2.exe
2014-07-08 15:22 - 2013-01-05 12:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-08 15:21 - 2014-07-08 15:21 - 00030655 _____ () C:\Users\Dad\Documents\CisReport_x64_v7.0.317799.4142_20140708-152116.zip
2014-07-08 15:06 - 2014-07-08 15:06 - 00008276 _____ () C:\Windows\SysWOW64\BroomData.bit
2014-07-08 14:58 - 2014-07-08 14:58 - 00002997 _____ () C:\Users\Dad\Desktop\HiJackThis.lnk
2014-07-08 14:58 - 2011-07-12 21:04 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-07-08 14:45 - 2014-07-08 14:45 - 00001413 _____ () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-08 14:29 - 2014-07-08 14:29 - 08420211 _____ (Macrovision Corporation) C:\Users\Dad\Downloads\20070813082717640_Samsung_USB_Driver_Installer(1).exe
2014-07-08 14:11 - 2010-03-17 18:21 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-07-08 13:31 - 2011-10-21 13:54 - 00000000 ____D () C:\Windows\Minidump
2014-07-08 13:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-07-08 13:22 - 2010-07-29 22:11 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-07-08 13:22 - 2010-07-29 22:11 - 00001908 _____ () C:\Windows\diagerr.xml
2014-07-08 12:46 - 2014-07-08 12:46 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Mythicsoft
2014-07-08 12:46 - 2014-07-08 12:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agent Ransack
2014-07-08 12:46 - 2014-07-08 12:46 - 00000000 ____D () C:\Program Files\Mythicsoft
2014-07-08 12:44 - 2014-07-08 12:42 - 14326992 _____ (Mythicsoft Ltd) C:\Users\Dad\Downloads\AgentRansack_822.exe
2014-07-08 12:31 - 2009-07-14 03:45 - 00000000 ____D () C:\Windows\ShellNew
2014-07-08 12:31 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-08 12:31 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-08 10:11 - 2014-07-07 14:35 - 00000000 ____D () C:\Windows\System32\Tasks\COMODO
2014-07-08 10:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\Speech
2014-07-07 21:41 - 2014-07-07 17:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-07 17:49 - 2014-07-07 17:49 - 00159144 _____ (Microsoft Corporation) C:\Users\Meghan\Downloads\WindowsActivationUpdate(1).exe
2014-07-07 17:49 - 2014-07-07 17:49 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-07 17:49 - 2014-07-07 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-07 17:49 - 2010-02-17 20:07 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-07 15:27 - 2014-07-07 15:27 - 00001296 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2014-07-07 15:27 - 2014-07-07 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2014-07-07 15:23 - 2014-07-07 15:22 - 30412088 _____ (Panda Security ) C:\Users\Meghan\Downloads\PandaCloudCleaner.exe
2014-07-07 15:16 - 2014-07-07 15:16 - 01057176 _____ (Adobe) C:\Users\Meghan\Downloads\install_flashplayer14x32_mssa_aaa_aih.exe
2014-07-07 15:04 - 2014-07-07 14:48 - 00000000 ____D () C:\Users\Meghan\Downloads\backups
2014-07-07 14:54 - 2014-07-07 14:39 - 00012139 _____ () C:\Users\Meghan\Desktop\hijackthis.log
2014-07-07 14:53 - 2014-07-12 09:19 - 00414371 _____ () C:\Windows\system32\Drivers\etc\hosts.20140712-091908.backup
2014-07-07 14:53 - 2014-07-12 09:16 - 00414371 _____ () C:\Windows\system32\Drivers\etc\hosts.20140712-091635.backup
2014-07-07 14:53 - 2014-07-08 13:36 - 00414371 _____ () C:\Windows\system32\Drivers\etc\hosts.20140708-133658.backup
2014-07-07 14:53 - 2012-11-23 23:14 - 00000000 ____D () C:\Temp
2014-07-07 14:53 - 2012-02-05 11:54 - 00001308 _____ () C:\Users\Meghan\_viminfo
2014-07-07 14:53 - 2011-07-21 19:58 - 00000000 ____D () C:\Users\Meghan
2014-07-07 14:47 - 2014-07-07 14:47 - 00000000 ____D () C:\Users\Meghan\AppData\Local\AdTrustMedia
2014-07-07 14:39 - 2014-07-07 14:39 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Comodo
2014-07-07 14:38 - 2014-07-07 14:38 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-07 14:38 - 2014-07-07 14:38 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-07-07 14:38 - 2014-07-07 14:38 - 00000000 ____D () C:\Program Files (x86)\AdTrustMedia
2014-07-07 14:36 - 2010-11-06 10:37 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-07-07 14:35 - 2014-07-07 14:35 - 00000000 ____D () C:\ProgramData\Shared Space
2014-07-07 14:33 - 2014-07-07 14:33 - 00388608 _____ (Trend Micro Inc.) C:\Users\Meghan\Downloads\HijackThis.exe
2014-07-07 14:27 - 2014-07-07 14:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Meghan\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-07 14:23 - 2014-07-07 14:23 - 00000000 ____D () C:\Users\Meghan\AppData\Roaming\Auslogics
2014-07-07 14:09 - 2011-08-26 20:04 - 00076176 _____ () C:\Users\Meghan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-07 14:04 - 2012-08-12 13:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-07 13:49 - 2011-01-07 22:07 - 00000963 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-07-07 13:48 - 2014-07-07 13:48 - 01141680 _____ () C:\Users\Meghan\Downloads\SteamSetup.exe
2014-07-07 13:31 - 2011-01-07 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-07 13:08 - 2014-07-07 13:08 - 00000222 _____ () C:\Users\Meghan\Desktop\Mabinogi.url
2014-07-07 13:08 - 2014-07-07 13:08 - 00000000 ____D () C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-07 12:53 - 2014-07-07 12:53 - 00000176 _____ () C:\console.log
2014-07-07 12:50 - 2014-07-07 12:50 - 02556712 _____ () C:\Users\Meghan\Downloads\Mabinogi_Downloader.exe
2014-07-07 12:47 - 2010-03-18 15:28 - 00000000 ____D () C:\Users\Meghan\AppData\Local\Mozilla
2014-07-07 12:46 - 2011-12-21 14:11 - 00000000 ____D () C:\Users\Meghan\AppData\Roaming\Apple Computer
2014-07-07 12:46 - 2011-08-19 17:52 - 00001413 _____ () C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-26 17:40 - 2011-08-11 19:57 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-23 04:21 - 2012-12-19 21:50 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-23 04:21 - 2012-12-19 21:50 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-22 21:03 - 2013-12-15 12:24 - 00000000 ____D () C:\Program Files (x86)\Overwolf
2014-06-22 17:23 - 2013-12-07 22:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Arc

ZeroAccess:
C:\Users\Rachel.Baldur\AppData\Local\{8c91dc32-6109-d60f-fc59-f65eb2a7b092}

Files to move or delete:
====================
C:\Users\Dad\100730_registry.reg


Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Meghan\AppData\Local\Temp\avgnt.exe
C:\Users\Mom\AppData\Local\Temp\AskSLib.dll
C:\Users\Rachel.Baldur\AppData\Local\Temp\AskSLib.dll
C:\Users\Rachel.Baldur\AppData\Local\Temp\avgnt.exe
C:\Users\Terry\AppData\Local\Temp\AskSLib.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 14:05

==================== End Of Log ============================

 

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014
Ran by Dad at 2014-07-14 15:29:18
Running from C:\Users\Dad\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}

==================== Installed Programs ======================

@BIOS Ver.2.06 (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.06 - GIGABYTE)
AC3Filter (remove only) (HKLM-x32\...\AC3Filter) (Version:  - )
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS4 (x32 Version: 4 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Premium (HKLM-x32\...\Adobe_55230b0b70661df0f212e88f0b655f7) (Version: 4.0 - Adobe Systems Incorporated)
Adobe CSI CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS4 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Dynamiclink Support (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Extension Manager CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Flash CS4 STI-en (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (x32 Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Encoder CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe SGM CS4 (x32 Version: 3.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe SING CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (x32 Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
Agent Ransack x64 (HKLM\...\{D7DDA334-FF1D-4A04-B056-22AB301026C8}) (Version: 7.0.822.1 - Mythicsoft Ltd)
Amazon MP3 Downloader 1.0.12 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.12 - Amazon Services LLC)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
AMD OverDrive (HKLM-x32\...\{EA18DE8E-B3E6-4D82-A086-9BE2316FA5A5}) (Version: 3.1.0.0342 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
Assassin's Creed (HKLM-x32\...\{8CFA9151-6404-409A-AF22-4632D04582FD}) (Version: 1.02 - Ubisoft)
Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.4.0.0115 - Disk Software Ltd)
ASUS VGA Driver (x32 Version: 3.0.0.1 - ASUSTek) Hidden
ATI AVIVO64 Codecs (Version: 10.12.0.41118 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{CCC7BD30-07DB-9C0E-9140-3DE62BFF7E93}) (Version: 3.0.754.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version:  - Audacity Team)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: version 3.2 - Auslogics Software Pty Ltd)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avencast™ - Rise of The Mage (v1.04b) (HKLM-x32\...\Avencast™ - Rise of The Mage_is1) (Version:  - Clockstone Software, Ltd.)
Baldur's Gate™ II - Shadows of Amn™ (HKLM-x32\...\{8DAE4336-2B71-11D4-9A6C-006067325E47}) (Version:  - )
Barbarian Invasion (HKLM-x32\...\{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}) (Version: 1.4 - )
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version:  - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version:  - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version:  - )
Battlefield Vietnam™ (HKLM-x32\...\{E35B3C63-E958-4E31-A178-95D22024109A}) (Version:  - )
Battlefield Vietnam: WW2 Mod (HKLM-x32\...\{F989306B-9287-444F-AE73-E30C7E4AF0F5}) (Version:  - )
BioWare Premium Module: Neverwinter Nights™ Kingmaker (HKLM-x32\...\Neverwinter Nights™ Kingmaker) (Version:  - BioWare Corp.)
Black & White® 2 (HKLM-x32\...\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}) (Version: 1.00.0000 - Lionhead Studios)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® 4 - Modern Warfare™ Demo (HKLM-x32\...\InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ Demo (x32 Version: 1.00.0000 - Activision) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.1118.1260.23275 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.0803.2125.36577 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
CCC Help English (x32 Version: 2009.1118.1259.23275 - ATI) Hidden
CCC Help English (x32 Version: 2010.0803.2124.36577 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0730.58.43017 - ATI) Hidden
ccc-core-static (x32 Version: 2009.1118.1260.23275 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0803.2125.36577 - ATI) Hidden
ccc-utility64 (Version: 2009.1118.1260.23275 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.08 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Cisco EAP-FAST Module (HKLM-x32\...\{415B2719-AD3A-4944-B404-C472DB6085B3}) (Version: 2.1.6 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Combat Arms (HKLM-x32\...\Combat Arms) (Version:  - )
Combined Community Codec Pack 2009-09-09 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2009.09.09.0 - CCCP Project)
Command & Conquer Generals (HKLM-x32\...\InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}) (Version: 0.50.0000 - Electronic Arts)
Command & Conquer Generals (x32 Version: 0.50.0000 - Electronic Arts) Hidden
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
COMODO Internet Security (HKLM\...\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}) (Version: 5.3.43550.1216 - COMODO Group Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
CPUID CPU-Z 1.53.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
DMIView B8.0717.01 (HKLM-x32\...\{3EE1008C-11A1-4F4F-8DB7-27573924DE78}) (Version: 1.4 - Gigabyte)
Dungeon and Dragons: Neverwinter Nights Complete (HKLM-x32\...\{053FFC87-C5BD-4B3C-9D3E-783902D83D21}) (Version: 1.0.0 - Atari)
Dungeons and Dragons Anthology: The Master Collection (HKLM-x32\...\{A1B2F73A-F5D0-49FB-A114-652B85F71ECB}) (Version: 1.0.0 - Atari)
Easy Tune 6 B09.0918.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B09.0918.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
EasySaver B9.0904.1  (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version:  - The Creative Assembly)
Exact Audio Copy 1.0beta1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta1 - Andre Wiethoff)
FreeSpace (HKLM-x32\...\Freespace) (Version:  - )
FreeSpace 2 (HKLM-x32\...\FreeSpace2) (Version:  - )
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}) (Version: 12.0.1.340 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 12.0.1.340 - Kaspersky Lab) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version:  - )
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
Mabinogi (HKLM-x32\...\Steam App 212200) (Version:  - NEXON Korea Corp.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Medieval II Total War Demo Gold (HKLM-x32\...\{4A665599-6771-4732-BE74-06B43B9F611B}) (Version: 1.00.0000 - SEGA)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office XP Professional (HKLM-x32\...\{90110409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Morrowind (HKLM-x32\...\{C325F588-D6B1-4A7F-B6A2-914C75DDA348}) (Version:  - )
Mozilla Firefox 17.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 17.0.1 (x86 en-US)) (Version: 17.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
Neverwinter Nights 2 (HKLM-x32\...\{F20C1251-1D0A-4944-B2AE-678581B33B19}) (Version: 1.00.0000 - Obsidian)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oracle Web Conferencing Console (HKLM-x32\...\OracleRTCClient) (Version:  - )
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.76.1.0 - Overwolf Ltd.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.103 - Panda Security)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.3.4.3 - Pando Networks Inc.)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
Pixel Bender Toolkit (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Postal 2_is1) (Version:  - )
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PrivDog (HKLM-x32\...\PrivDog) (Version: 1.8.0.15 - privdog.com)
PunkBuster for Battlefield 1942 (HKLM-x32\...\{127B684B-A002-44C8-99A7-6CF8F1E26873}) (Version:  - )
PunkBuster for Battlefield Vietnam (HKLM-x32\...\{D07643A3-CE41-4286-8C78-EB9C83E76DDB}) (Version:  - )
Q-Share Ver.1.2 (HKLM-x32\...\{F308B531-AB20-4A79-8F5E-83071FE5BE60}) (Version: 1.2 - GIGABYTE)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.0.3.0 - Ralink)
Realtek Ethernet Controller  Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5897 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5919 - Realtek Semiconductor Corp.)
RIFT (HKLM-x32\...\InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}) (Version: 1.0.0 - Trion Worlds, Inc.)
RIFT (x32 Version: 1.0.0 - Trion Worlds, Inc.) Hidden
Rise and Fall (HKLM-x32\...\{D078226E-83F2-45FD-9CDE-5DA66E5ADB51}) (Version: 1.00.0000 - Midway Home Entertainment)
Rome - Total War (HKLM-x32\...\{51D386C4-0227-46A9-AC45-61F0A50E7AFF}) (Version: 1.5 - The Creative Assembly)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.03.60.00(7/23/2013) - Samsung Electronics Co., Ltd.)
Samsung Easy Wireless Setup (HKLM-x32\...\Easy Wireless Setup) (Version: 3.60.47.0 - Samsung Electronics Co., Ltd.)
Samsung M2020 Series (HKLM-x32\...\Samsung M2020 Series) (Version: 1.10 (2/12/2014) - Samsung Electronics Co., Ltd.)
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
Sins of a Solar Empire (HKLM-x32\...\Sins of a Solar Empire) (Version:  - Stardock Entertainment)
Sins of a Solar Empire (x32 Version: 1.00.00 - Stardock Entertainment, Inc.) Hidden
Smart Recovery B09.0911.1  (x64) (HKLM-x32\...\InstallShield_{FAE188FD-A941-49E9-A5E9-F6D88517EC40}) (Version:  - )
Smart Recovery B09.0911.1  (x64) (Version: 1.00.0002 - GIGABYTE) Hidden
SmartMusic 2011a (HKLM-x32\...\SmartMusic 2011a) (Version: 13.0.0 - MakeMusic)
SmartMusic 2012b (HKLM-x32\...\SmartMusic 2012b) (Version: 14.2.0 - MakeMusic)
Sniper Elite V2 Demo (HKLM-x32\...\Steam App 210470) (Version:  - )
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Star Trek Legacy (HKLM-x32\...\{287A4E96-AC57-4A19-9B51-C5EED2EAB382}) (Version: 1.00.0000 - Bethesda Softworks)
Star Trek Legacy 1.4.080 Patch (HKLM-x32\...\Star Trek Legacy 1.4.080 Patch) (Version:  - )
Star Trek Online (HKLM-x32\...\Star Trek Online) (Version:  - Cryptic Studios)
Star Wars Empire at War (HKLM-x32\...\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}) (Version: 1.0 - LucasArts)
Star Wars Jedi Knight Jedi Academy (HKLM-x32\...\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}) (Version:  - )
Star Wars™: Knights of the Old Republic ™ (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version:  - )
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Stronghold 2 Deluxe (HKLM-x32\...\{16D2C649-CBA8-44EE-B730-12584667D487}) (Version: 1.40.000 - Firefly Studios)
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Teamcenter Application Sharing (HKLM-x32\...\{36B0C1C6-4AD8-40F1-8B2E-656F119E9DC4}) (Version: 9.0.11187 - Siemens PLM Solutions)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
TES Construction Set (HKLM-x32\...\{DB3C800B-081B-4146-B4E3-EFB5B77AA913}) (Version:  - )
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
The Sims Medieval (HKLM-x32\...\{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}) (Version: 1.0.0 - Electronic Arts)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.5.82 - Electronic Arts)
Ultima IX: Ascension (HKLM-x32\...\{2E38F875-8285-4453-0089-542B10175A54}) (Version:  - )
Ultima Online: AoS (HKLM-x32\...\{7AC5D2AD-F559-461B-0081-283D0566F3A5}) (Version:  - )
Update Manager B09.0908.1 (HKLM-x32\...\InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}) (Version: 1.00.0000 - GIGABYTE)
Update Manager B09.0908.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
View User's Guide (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - )
Vim 7.2 (self-installing) (HKLM-x32\...\Vim 7.2) (Version:  - )
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.500 - Broadcom Corporation)
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000) (HKLM\...\6B8550A319DDC8B17F35F4A89988705E4592349B) (Version: 06/15/2009 6.2.0.9000 - Broadcom)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
X3 REUNION (HKLM-x32\...\{A8E414A8-9E31-40E6-B13B-5F1FCA00EF9F}) (Version: 1.00.0000 - EGOSOFT)

==================== Restore Points  =========================

14-07-2014 06:00:23 Automatic creation

==================== Hosts content: ==========================

2014-07-07 14:53 - 2014-07-12 09:19 - 00420256 ____R C:\Windows\system32\Drivers\etc\hosts
192.168.0.1    loki
127.0.0.1    localhost
0.0.0.0    www.007guard.com
0.0.0.0    007guard.com
0.0.0.0    008i.com
0.0.0.0    www.008k.com
0.0.0.0    008k.com
0.0.0.0    www.00hq.com
0.0.0.0    00hq.com
0.0.0.0    010402.com
0.0.0.0    www.032439.com
0.0.0.0    032439.com
0.0.0.0    www.0scan.com
0.0.0.0    0scan.com
0.0.0.0    1000gratisproben.com
0.0.0.0    www.1000gratisproben.com
0.0.0.0    1001namen.com
0.0.0.0    www.1001namen.com
0.0.0.0    100888290cs.com
0.0.0.0    www.100888290cs.com
0.0.0.0    www.100sexlinks.com
0.0.0.0    100sexlinks.com
0.0.0.0    10sek.com
0.0.0.0    www.10sek.com
0.0.0.0    www.1-2005-search.com
0.0.0.0    1-2005-search.com
0.0.0.0    www.123fporn.info
0.0.0.0    123fporn.info
0.0.0.0    123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {09DD604E-9593-42DE-B26F-7389249798DE} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {193734F3-8146-402C-8C4F-2894C449F1F1} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {4573C457-18A8-4FA9-92B0-015E83F67644} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {48AA01F0-A999-4298-BE00-826EC72332AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4ED9B216-D80E-45D4-8B90-C630F4B20BB8} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {5E23DFBC-251D-465F-AB3C-E8A069A69FF2} - System32\Tasks\ccleaner => C:\Program Files (x86)\CCleaner\CCleaner.exe [2011-06-24] (Piriform Ltd)
Task: {692815B2-4530-4A74-BF28-8DDD79C1E1CA} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {71424C4E-C8EA-43D2-BF4D-FA7EEA556483} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {7602ADA3-ACBC-4CCD-872E-DFC619D6EF3F} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-06-10] (Overwolf LTD)
Task: {7F64719B-71D7-4C7A-AD28-AA3F12CD4D7C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-12] (AVAST Software)
Task: {7FEC4C0B-334F-4097-BD6A-BF2FD0CE8394} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRFilter => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\SmartRecovery\SRFilter.exe" /GBSMART6 -kdl
Task: {816B6256-F809-420C-9F88-A379B31B46F6} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {82C233BE-C8AF-4D74-B0D6-89E68D56EA9D} - \SidebarExecute No Task File <==== ATTENTION
Task: {96414F7A-43C2-4C3E-8134-8733304E344A} - System32\Tasks\Malwarebytes Scanner => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {9E6CA771-8635-449B-99C5-E5A91081381D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {ACC8EAC4-3A96-420D-81F9-DAE384374D53} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO)
Task: {B3C6192C-1A0E-420E-A3B0-26813FF68F90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-19] (Google Inc.)
Task: {C61112DE-254D-41D5-8411-C8BCD3D453DA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {C94AE7DB-B4EE-4F7E-BBF6-DB4C3C1FC4AD} - System32\Tasks\Malwarebytes Update => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {D0C3BBC8-A4E1-4898-B243-C142263DABB3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {DA4E2A15-F661-4D15-A070-0CDA6C82A853} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SDUpdate.exe
Task: {E33BACF9-9D15-459A-BC06-D7A8674BBE01} - System32\Tasks\Microsoft\Windows\SmartRecovery\SRCreate => Rundll32.exe CommCmd.dll,RunScript "%ProgramFiles%\GIGABYTE\SmartRecovery\SrCmdCLR.exe" -c 1
Task: {FA0D8E52-D5CF-43C6-B587-F5F28E52DC56} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-04-14 09:22 - 2014-04-14 09:22 - 00034304 _____ () C:\Windows\System32\ssj2mlm.dll
2010-05-09 16:34 - 2009-08-13 12:06 - 00177152 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2009-10-22 04:49 - 2009-10-22 04:49 - 00136544 _____ () C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
2010-02-17 19:26 - 2009-08-24 15:38 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
2008-03-25 18:21 - 2008-03-25 18:21 - 00219656 _____ () C:\Program Files (x86)\Gigabyte\ET6\GUI.exe
2014-07-12 11:45 - 2014-07-12 11:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-14 15:15 - 2014-07-14 15:15 - 02792960 _____ () C:\Program Files\AVAST Software\Avast\defs\14071401\algo.dll
2009-10-22 04:49 - 2009-10-22 04:49 - 00423256 _____ () C:\Program Files (x86)\AMD\OverDrive\Device.dll
2009-10-22 04:49 - 2009-10-22 04:49 - 04101472 _____ () C:\Program Files (x86)\AMD\OverDrive\Platform.dll
2009-10-22 04:49 - 2009-10-22 04:49 - 01586528 _____ () C:\Program Files (x86)\AMD\OverDrive\QtCore4.dll
2009-10-22 04:49 - 2009-10-22 04:49 - 00361816 _____ () C:\Program Files (x86)\AMD\OverDrive\QtXml4.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-17 19:26 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL
2013-01-05 12:29 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-05 12:29 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-05 12:29 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-05 12:29 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-05 12:29 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2012-12-07 15:15 - 2012-12-07 15:15 - 02126264 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 07422392 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 02453944 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 01270200 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00192952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
2012-12-07 15:15 - 2012-12-07 15:15 - 00795064 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
2013-01-05 12:29 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-07-12 11:45 - 2014-07-12 11:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-09-04 13:15 - 2009-09-04 13:15 - 02232391 _____ () C:\Program Files (x86)\Gigabyte\ET6\Normal.dll
2009-09-04 11:45 - 2009-09-04 11:45 - 00331843 _____ () C:\Program Files (x86)\Gigabyte\ET6\work.dll
2008-09-01 15:26 - 2008-09-01 15:26 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\ET6\SF.dll
2008-05-07 16:22 - 2008-05-07 16:22 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\ET6\CIAMIB.dll
2009-08-28 12:28 - 2009-08-28 12:28 - 00135168 _____ () C:\Program Files (x86)\Gigabyte\ET6\OCK.dll
2009-03-13 12:30 - 2009-03-13 12:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\ET6\ycc.dll
2009-04-16 15:31 - 2009-04-16 15:31 - 00106496 _____ () C:\Program Files (x86)\Gigabyte\ET6\HM.dll
2009-06-16 17:06 - 2009-06-16 17:06 - 00192512 _____ () C:\Program Files (x86)\Gigabyte\ET6\GVTunner.dll
2003-02-14 15:11 - 2003-02-14 15:11 - 00102400 _____ () C:\Program Files (x86)\Gigabyte\ET6\Sound.dll
2009-09-17 11:40 - 2009-09-17 11:40 - 00262144 _____ () C:\Program Files (x86)\Gigabyte\ET6\MFCCPU.DLL
2009-02-23 01:21 - 2009-02-23 01:21 - 04296704 _____ () C:\Program Files (x86)\Gigabyte\ET6\AODAPI.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\B-Day Zombie.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Don't Stop Believing.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\Pretty Things.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Dad\Documents\PT 1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: FLEXnet Licensing Service 64 => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\Windows\pss\Microsoft Office.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Assassin's Creed.LNK => C:\Windows\pss\Registration Assassin's Creed.LNK.Startup
MSCONFIG\startupfolder: C:^Users^Dad^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^_uninst_12354009.lnk => C:\Windows\pss\_uninst_12354009.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeCS4ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Arc => C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcLauncher.exe /autorun
MSCONFIG\startupreg: ATICustomerCare => "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
MSCONFIG\startupreg: avast => "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
MSCONFIG\startupreg: CDAServer => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "F:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: lxdnmon.exe => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 03:29:26 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 196608 (0x0000000000030000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [0b6c756c9e34717c] and the actual checksum was [7f6c7f6c9e34717c].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:24 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 196608 (0x0000000000030000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [0b6c756c9e34717c] and the actual checksum was [7f6c7f6c9e34717c].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:23 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 442368 (0x000000000006c000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [3a113a111f8eb543] and the actual checksum was [3e113e111f8eb543].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:22 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 196608 (0x0000000000030000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [0b6c756c9e34717c] and the actual checksum was [7f6c7f6c9e34717c].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:21 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 425984 (0x0000000000068000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [68a5695a0c235ddd] and the actual checksum was [5ca5235a0c235ddd].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:21 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 196608 (0x0000000000030000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [0b6c756c9e34717c] and the actual checksum was [7f6c7f6c9e34717c].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:21 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 442368 (0x000000000006c000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [3a113a111f8eb543] and the actual checksum was [3e113e111f8eb543].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:20 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 1110016 (0x000000000010f000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [575556aa637b36da] and the actual checksum was [21555eaa637b36da].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:19 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 196608 (0x0000000000030000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [0b6c756c9e34717c] and the actual checksum was [7f6c7f6c9e34717c].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Error: (07/14/2014 03:28:19 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database (276) Catalog Database: The database page read from the file "C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb" at offset 425984 (0x0000000000068000) (database page Catalog Database0) for 4096 (0x00001000) bytes failed verification due to a page checksum mismatch.  The expected checksum was [68a5695a0c235ddd] and the actual checksum was [5ca5235a0c235ddd].  The read operation will fail with error -1018 (0xfffffc06).  If this condition persists then please restore the database from a previous backup.  This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


System errors:
=============
Error: (07/14/2014 03:27:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2146762496

Error: (07/14/2014 03:24:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (07/14/2014 03:24:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (07/14/2014 03:24:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active

Error: (07/14/2014 03:24:43 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (07/14/2014 03:23:54 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\dsload.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/14/2014 03:21:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Defender service terminated with the following error:
%%-2146762496

Error: (07/14/2014 03:13:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxdnCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (07/14/2014 03:13:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxdnCATSCustConnectService service to connect.

Error: (07/14/2014 03:12:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active


Microsoft Office Sessions:
=========================
Error: (07/14/2014 03:29:26 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb196608 (0x0000000000030000)4096 (0x00001000)-1018 (0xfffffc06)[0b6c756c9e34717c][7f6c7f6c9e34717c]47 (0x2F)

Error: (07/14/2014 03:28:24 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb196608 (0x0000000000030000)4096 (0x00001000)-1018 (0xfffffc06)[0b6c756c9e34717c][7f6c7f6c9e34717c]47 (0x2F)

Error: (07/14/2014 03:28:23 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb442368 (0x000000000006c000)4096 (0x00001000)-1018 (0xfffffc06)[3a113a111f8eb543][3e113e111f8eb543]107 (0x6B)

Error: (07/14/2014 03:28:22 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb196608 (0x0000000000030000)4096 (0x00001000)-1018 (0xfffffc06)[0b6c756c9e34717c][7f6c7f6c9e34717c]47 (0x2F)

Error: (07/14/2014 03:28:21 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb425984 (0x0000000000068000)4096 (0x00001000)-1018 (0xfffffc06)[68a5695a0c235ddd][5ca5235a0c235ddd]103 (0x67)

Error: (07/14/2014 03:28:21 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb196608 (0x0000000000030000)4096 (0x00001000)-1018 (0xfffffc06)[0b6c756c9e34717c][7f6c7f6c9e34717c]47 (0x2F)

Error: (07/14/2014 03:28:21 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb442368 (0x000000000006c000)4096 (0x00001000)-1018 (0xfffffc06)[3a113a111f8eb543][3e113e111f8eb543]107 (0x6B)

Error: (07/14/2014 03:28:20 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb1110016 (0x000000000010f000)4096 (0x00001000)-1018 (0xfffffc06)[575556aa637b36da][21555eaa637b36da]270 (0x10E)

Error: (07/14/2014 03:28:19 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb196608 (0x0000000000030000)4096 (0x00001000)-1018 (0xfffffc06)[0b6c756c9e34717c][7f6c7f6c9e34717c]47 (0x2F)

Error: (07/14/2014 03:28:19 PM) (Source: ESENT) (EventID: 474) (User: )
Description: Catalog Database276Catalog Database: C:\Windows\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb425984 (0x0000000000068000)4096 (0x00001000)-1018 (0xfffffc06)[68a5695a0c235ddd][5ca5235a0c235ddd]103 (0x67)


CodeIntegrity Errors:
===================================
  Date: 2011-07-21 18:19:21.077
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-21 18:19:21.046
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.843
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 20:01:20.796
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 19:53:41.099
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.308
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 18:43:04.292
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.350
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2011-07-20 17:56:06.334
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 7671.06 MB
Available physical RAM: 5301.05 MB
Total Pagefile: 24053.24 MB
Available Pagefile: 21734.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1863.01 GB) (Free:1565.37 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (ga-ma790gpt-ud3h) (CDROM) (Total:0.47 GB) (Free:0 GB) UDF
Drive f: (New RAID5) (Fixed) (Total:3725.16 GB) (Free:2482.41 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#15 Jim2B

Jim2B
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:08 PM

Posted 14 July 2014 - 02:38 PM

Windows is still not able to perform Windows Updates.  Windows still thinks that it is not a genuine windows installation.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users