Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Svchost spawning multiple iexplore in background eating memory and highjacking


  • This topic is locked This topic is locked
21 replies to this topic

#1 jlbob

jlbob

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 12:16 AM

A few days ago i noticed a high number of instances of iexplorer running eating up a lot of memory even though i had no web sites open. Thinking i had a small problem I ran malwarebytes and was shocked to see a high number of infections including, spyware.zbot.msxgen and a few trojan.agent. No problem I  thought as MB quickly cleaned all that out, but upon restarting the problem continued. In addition an attempt to check my email resulted in a slightly convincing looking error page, with microsoft verisign still highlighted, but obvious phishing attempt to gather my credit card information to prove my identity. Another MB scan shows a clean bill of health. I also noticed that my google searches were now being filtered through russian google instead of english. I checked both the email site and google and both were occuring in firefox as well as iexplorer.

 

I managed to work my way around the internet, avoiding any log in or anything else that may have been highjacked, by constantly closing processes as they climbed in memory usage, and ran an online ESET virus scan which also revealed and cleaned numerous infections. Once again upon restart the problem persisted. I then downloaded and used aavast, which cleaned a lot of things with a boot scan a few things with a quickscan but was never able to perform a full scan always hanging up on the same file a few moments into the scan. Still the problem persisted.

 

Thanks to aavast's active monitoring system i now realized that the problem was even worse than i had realized as every minute a new popup showing a blocked harmful webpage showed up. many of these were objects of different websites, usually with "search" somewhere in the name, a URL:MAL infection and iexplorer as the listed process. Others were objects of other websites with different names usually ending in .biz/task/3037  also URL:MAL this time with process of C:windows\system32\svchost.exe.

 

I managed to ease my journey by disabling internet explorer which stopped the memory drain and the aavast popups from the iexplorer process, but not the svchost.exe popups that are still regularly occurring.

 

Also, each time i open firefox i get this warning that prefs.js is a threat that disables security. I clean it each time but it keeps coming back.

 

I attempted to do some system restores, but each one hit an error point and was unable to complete the process. I've scanned with a few other programs, each unable to fix the problem and at this point i am not sure what to do short of a reinstall. Can you help me out?

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer:   BrowserJavaVersion: 10.65.2
Run by Mickey at 0:20:51 on 2014-07-31
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files\AVAST Software\Avast\setup\instup.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pclportal.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Auto] D:\autorun.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Anworks] regsvr32.exe C:\Users\Mickey\AppData\Local\Anworks\CNHW06A.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -update activex
uExplorerRun: [Apple Computer, Inc.] C:\Users\Mickey\AppData\Roaming\ruuwustb\jihbrjhv.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: TaskbarNoNotification = dword:0
uPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: TaskbarNoNotification = dword:0
mPolicies-Explorer: HideSCAHealth = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C}\0757070797 : DHCPNameServer = 68.87.66.246 162.150.8.37
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C}\2656C6B696E6E2162636 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C}\2656C6B696E6E2265643 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C}\8496A7A797 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C}\84F4D454D203830314D223E243 : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{DD7E3C01-AAE7-4F18-A8D1-40794E59846C}\94D61646564584943566F62795F455 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://www.google.com
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [THXCfg64] C:\Windows\System32\RunDLL32.exe C:\Windows\System32\THXCfg64.dll,RunDLLEntry THXCfg64
x64-Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [Ywzuexvuulf] "C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe"
x64-IE: {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://us.search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=chrf-appattach&type=113
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com?fr=appattach&type=94
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mickey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mickey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mickey\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
.
============= SERVICES / DRIVERS ===============
.
R? asahci64;asahci64
R? Bluetooth Media Service;Bluetooth Media Service
R? BTMCOM;Bluetooth Serial Port
R? BTMHID;BTMHID
R? BTMUSB;Motorola Bluetooth Radio Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? cpudrv64;cpudrv64
R? Disc Soft Bus Service;Disc Soft Bus Service
R? dmvsc;dmvsc
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? fttxr5_O;fttxr5_O
R? fttxr52P;fttxr52P
R? iaStorA;iaStorA
R? IAStorDataMgrSvc;Intel® Rapid Storage Technology
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? JMCR;JMCR
R? JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits)
R? mv61xx;mv61xx
R? mv91xx;mv91xx
R? nusb3hub;Renesas Electronics USB 3.0 Hub Driver
R? nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? SkypeUpdate;Skype Updater
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? USBAAPL64;Apple Mobile USB Driver
R? viamrx64;viamrx64
R? videX64;videX64
R? ViPrtX64;ViPrtX64
R? WatAdminSvc;Windows Activation Technologies Service
R? wlcrasvc;Windows Live Mesh remote connections service
R? WSDScan;WSD Scan Support via UMB
S? {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/16 23:35:03]
S? aswHwid;avast! HardwareID
S? aswMonFlt;aswMonFlt
S? aswRvrt;avast! Revert
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswStm;aswStm
S? aswVmm;avast! VM Monitor
S? avast! Antivirus;avast! Antivirus
S? avgtp;avgtp
S? Bluetooth Device Manager;Bluetooth Device Manager
S? Bluetooth OBEX Service;Bluetooth OBEX Service
S? cvhsvc;Client Virtualization Handler
S? dtscsibus;DAEMON Tools Virtual SCSI Bus
S? eamonm;eamonm
S? ekrn;ESET Service
S? epfwwfpr;epfwwfpr
S? FLEXnet Licensing Service 64;FLEXnet Licensing Service 64
S? iaStorF;iaStorF
S? ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS
S? IntcDAud;Intel® Display Audio
S? johci;JMicron 1394 Filter Driver
S? NvNetworkService;NVIDIA Network Service
S? nvpciflt;nvpciflt
S? NvStreamSvc;NVIDIA Streamer Service
S? nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM)
S? RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver
S? ScrybeUpdater;Scrybe Updater
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? tihub3;TI USB3 Hub Service
S? tixhci;TI XHCI Service
S? ViBusX64;ViBusX64
S? xfiltx64;VIA SATA IDE Hot-plug Driver
.
=============== Created Last 30 ================
.
2014-07-31 03:44:14    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-07-31 03:43:27    --------    d-----w-    C:\AdwCleaner
2014-07-31 03:41:48    --------    d-----w-    C:\ProgramData\Oracle
2014-07-31 03:41:36    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-31 03:33:37    --------    d-----w-    C:\FRST
2014-07-30 18:25:03    --------    d-----w-    C:\Users\Mickey\AppData\Roaming\AVAST Software
2014-07-30 18:24:39    92008    ----a-w-    C:\Windows\System32\drivers\aswStm.sys
2014-07-30 18:24:39    224896    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2014-07-30 18:24:38    93568    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2014-07-30 18:24:38    79184    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2014-07-30 18:24:38    65776    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2014-07-30 18:24:38    29208    ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
2014-07-30 18:24:38    1041168    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2014-07-30 18:24:32    43152    ----a-w-    C:\Windows\avastSS.scr
2014-07-30 18:15:55    --------    d-----w-    C:\Program Files\AVAST Software
2014-07-30 18:14:33    --------    d-----w-    C:\ProgramData\AVAST Software
2014-07-30 17:07:43    --------    d-----w-    C:\Program Files (x86)\ESET
2014-07-30 16:22:47    --------    d-----w-    C:\Users\Mickey\AppData\Roaming\Teurex
2014-07-30 01:30:03    --------    d-----w-    C:\Users\Mickey\AppData\Roaming\Hydihaef
2014-07-30 00:12:14    --------    d-----w-    C:\Users\Mickey\AppData\Roaming\Hokuyqoq
2014-07-30 00:11:12    --------    d-----w-    C:\Users\Mickey\AppData\Roaming\Gyux
2014-07-26 02:30:45    10924376    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E895C031-EA16-422F-97D9-E4355ADCA0F3}\mpengine.dll
2014-07-19 10:22:13    --------    d-----w-    C:\ProgramData\IlavhUfezs
2014-07-19 09:20:22    --------    d-----w-    C:\ProgramData\OcegAglel
2014-07-19 07:47:10    --------    d-----w-    C:\ProgramData\ObawVodze
2014-07-19 02:57:54    --------    d-----w-    C:\ProgramData\UlasoWutro
2014-07-17 13:33:31    --------    d-----w-    C:\ProgramData\IfekQitso
2014-07-17 10:27:33    --------    d-----w-    C:\ProgramData\AwquvOlcik
2014-07-17 04:57:01    --------    d-----w-    C:\ProgramData\Riot Games
2014-07-17 00:09:12    --------    d-----w-    C:\ProgramData\IlfujYehwu
2014-07-16 21:19:37    --------    d-----w-    C:\ProgramData\AttiPlamb
2014-07-09 04:08:39    1719296    ----a-w-    C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-09 04:03:21    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-07-09 04:03:20    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-07-09 04:03:20    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
.
==================== Find3M  ====================
.
2014-06-30 02:09:33    519168    ----a-w-    C:\Windows\System32\aepdu.dll
2014-06-30 02:04:49    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-06-21 05:38:45    29184    ----a-w-    C:\Users\Mickey\AppData\Roaming\kdgemxw.dll
2014-06-19 01:06:55    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38    5721088    ----a-w-    C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55    62464    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45    1249280    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07    2040832    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27    2266112    ----a-w-    C:\Windows\System32\wininet.dll
2014-06-18 22:52:18    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23    1068032    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59    1964544    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59    1791488    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30    692736    ----a-w-    C:\Windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36    3157504    ----a-w-    C:\Windows\System32\win32k.sys
2014-06-06 10:10:34    624128    ----a-w-    C:\Windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\Windows\SysWow64\qedit.dll
2014-06-04 22:18:03    50464    ----a-w-    C:\Windows\System32\drivers\avgtpx64.sys
2014-05-30 08:08:52    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\Windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\Windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2014-05-30 06:45:52    497152    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-05-08 09:32:11    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-05-08 09:32:11    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
.
============= FINISH:  0:24:40.38 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 31 July 2014 - 10:10 AM

Hello and welcome!

Let's see if we can get this fixed.

I ran malwarebytes and was shocked to see a high number of infections including, spyware.zbot.msxgen and a few trojan.agent. No problem I thought as MB quickly cleaned all that out
and ran an online ESET virus scan which also revealed and cleaned numerous infections.
I then downloaded and used aavast, which cleaned a lot of things with a boot scan a few things with a quickscan

Can you please post up all those log files that show what exactly has been found and where.

In addition, please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 01:15 PM

Hello Aharonov and thanks for your assistance,

 

below are the logs from previous as well as the ones from the programs you requested I run. However, the eset logs are in .dat format and not .txt so how shall i open them to copy them over to you? Anything i have tried so far looks unreadable.

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.07.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.11.9600.17207
Mickey :: MICKEY-PC [administrator]

7/29/2014 1:03:43 AM
mbam-log-2014-07-29 (01-03-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292653
Time elapsed: 5 minute(s), 43 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|2823002439 (Trojan.AGent.VXGen) -> Data: C:\PROGRA~3\msigp.exe -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AttiPlamb (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\AttiPlamb\AttiPlamb.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IlfujYehwu (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\IlfujYehwu\IlfujYehwu.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AwquvOlcik (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\AwquvOlcik\AwquvOlcik.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IfekQitso (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\IfekQitso\IfekQitso.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|UlasoWutro (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\UlasoWutro\UlasoWutro.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ObawVodze (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\ObawVodze\ObawVodze.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|OcegAglel (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\OcegAglel\OcegAglel.dat" -> Quarantined and deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|IlavhUfezs (Trojan.Tepfer.FA) -> Data: regsvr32.exe "C:\ProgramData\IlavhUfezs\IlavhUfezs.dat" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RestServiceWindows2014 (Trojan.Agent.Gen) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\psvchost.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
C:\ProgramData\msigp.exe (Trojan.AGent.VXGen) -> Quarantined and deleted successfully.
C:\ProgramData\AttiPlamb\AttiPlamb.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\IlfujYehwu\IlfujYehwu.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\AwquvOlcik\AwquvOlcik.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\IfekQitso\IfekQitso.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\UlasoWutro\UlasoWutro.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\ObawVodze\ObawVodze.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\OcegAglel\OcegAglel.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\ProgramData\IlavhUfezs\IlavhUfezs.dat (Trojan.Tepfer.FA) -> Quarantined and deleted successfully.
C:\Windows\Temp\43nV.dll (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Windows\Temp\KB65340503.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\psvchost.exe (Trojan.Agent.Gen) -> Delete on reboot.


Database version: v2014.07.29.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.11.9600.17207
Mickey :: MICKEY-PC [administrator]

7/30/2014 12:32:10 PM
mbam-log-2014-07-30 (12-32-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 342754
Time elapsed: 10 minute(s), 5 second(s)

Memory Processes Detected: 4
C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe (Spyware.Zbot.MSXGen) -> 2796 -> Delete on reboot.
C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe (Spyware.Zbot.MSXGen) -> 9176 -> Delete on reboot.
C:\Windows\SysWOW64\yxsoe.exe (Spyware.Zbot.MSXGen) -> 2884 -> Delete on reboot.
C:\Windows\SysWOW64\yfgailte.exe (Spyware.Zbot.MSXGen) -> 3236 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer1892368984 (Spyware.Zbot.MSXGen) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\SecurityCenterServer483983361 (Spyware.Zbot.MSXGen) -> Quarantined and deleted successfully.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ywzuexvuulf (Spyware.Zbot.MSXGen) -> Data: C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ywzuexvuulf (Spyware.Zbot.MSXGen) -> Data: C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Isxuagaxoc (Spyware.Zbot.MSXGen) -> Data: "C:\Users\Mickey\AppData\Roaming\Hydihaef\amitl.exe" -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RestServiceWindows2014 (Trojan.Agent.Gen) -> Data: C:\Windows\system32\config\systemprofile\AppData\Roaming\psvchost.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|2823002439 (Trojan.Agent.PL) -> Data: C:\PROGRA~3\msigp.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 13
C:\Users\Mickey\Local Settings\Temporary Internet Files\Content.IE5\718BTXZM\jv_setup[1].exe (PUP.Optional.iBryte) -> No action taken.
C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe (Spyware.Zbot.MSXGen) -> Delete on reboot.
C:\Windows\SysWOW64\yxsoe.exe (Spyware.Zbot.MSXGen) -> Delete on reboot.
C:\Windows\SysWOW64\yfgailte.exe (Spyware.Zbot.MSXGen) -> Delete on reboot.
C:\Users\Mickey\AppData\Roaming\Hydihaef\amitl.exe (Spyware.Zbot.MSXGen) -> Delete on reboot.
C:\Windows\System32\yfgailte.exe (Spyware.Zbot.MSXGen) -> Delete on reboot.
C:\Windows\System32\yxsoe.exe (Spyware.Zbot.MSXGen) -> Delete on reboot.
C:\Users\Mickey\AppData\Local\Temp\UpdateFlashPlayer_7334f66c.exe (Spyware.Zbot.MSXGen) -> Quarantined and deleted successfully.
C:\Users\Mickey\AppData\Local\Temp\UpdateFlashPlayer_8b9d49db.exe (Spyware.Zbot.MSXGen) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Roaming\psvchost.exe (Trojan.Agent.Gen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 1892368984.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Security Center Update - 483983361.job (Trojan.Agent.RvGen) -> Quarantined and deleted successfully.
C:\ProgramData\msigp.exe (Trojan.Agent.PL) -> Quarantined and deleted successfully.

(end)






Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Mickey (administrator) on MICKEY-PC on 30-07-2014 23:33:39
Running from C:\Users\Mickey\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Motorola, Inc.) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
() C:\Program Files (x86)\Hotkey\Hotkey.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2538280 2010-12-22] (Synaptics Incorporated)
HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [4081008 2012-03-07] (ESET)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
HKLM\...\Run: [Ywzuexvuulf] => "C:\Users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe"
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-03-19] (cyberlink)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2567192 2014-06-04] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-30] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe [531336 2014-01-10] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Run: [Auto] => D:\autorun.exe
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1753280 2014-07-15] (Valve Corporation)
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-31] (Google Inc.)
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Run: [Google Update] => C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-04-01] (Google Inc.)
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Run: [Anworks] => regsvr32.exe C:\Users\Mickey\AppData\Local\Anworks\CNHW06A.dll <===== ATTENTION
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Policies\Explorer\Run: [Apple Computer, Inc.] => C:\Users\Mickey\AppData\Roaming\ruuwustb\jihbrjhv.exe
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\MountPoints2: {51fc5554-ed14-11e2-92b3-0090f5c78f54} - F:\launcher.exe
HKU\S-1-5-21-868025771-2946992039-2155595165-1001\...\MountPoints2: {51fc555a-ed14-11e2-92b3-0090f5c78f54} - G:\Setup.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\Hotkey.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
ShortcutTarget: Scrybe.lnk -> C:\Windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pclportal.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0CtGzz0FyE0CtGtA0AtC0BtGtDyBtAtBtBzytA0DyC0EyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCzy0FyCyDtDtAtGzzzz0A0EtG0DtByEyBtGtDtD0BtBtGtDzztB0B0FyEyE0AzytByE0B2Q&cr=863376723&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0CtGzz0FyE0CtGtA0AtC0BtGtDyBtAtBtBzytA0DyC0EyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCzy0FyCyDtDtAtGzzzz0A0EtG0DtByEyBtGtDtD0BtBtGtDzztB0B0FyEyE0AzytByE0B2Q&cr=863376723&ir=
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {E5C38932-76FB-477D-8842-F1D9EE5D7FEC} URL = https://www.google.com/search?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.7.598\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.7\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://us.yahoo.com?fr=appattach&type=94
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.7\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Mickey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Mickey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Mickey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Mickey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF user.js: detected! => C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Mickey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mickey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\searchplugins\Mysearchdial.xml
FF Extension: MySearchDial - C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-04-28]
FF Extension: Search App - C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\Extensions\{cf4032f0-2dc7-4311-8516-8f8b0da1a903}.xpi [2014-07-22]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012-08-10]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.7.598 [2014-06-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-30]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://mysearch.avg.com?cid={08887332-62A2-47B1-93D7-839AC4C498CA}&mid=6c3b81dba9ed47d3b977d1d9b32366a7-0fc170a845ca3f55f1bf7eaaeb9c10dd90380b1b&lang=en&ds=ty011&coid=avgtbdisty&cmpid=&pr=sa&d=2014-02-09 01:40:15&v=18.1.7.598&pid=safeguard&sg=0&sap=hp
CHR StartupUrls: "hxxp://mysearch.avg.com?cid={08887332-62A2-47B1-93D7-839AC4C498CA}&mid=6c3b81dba9ed47d3b977d1d9b32366a7-0fc170a845ca3f55f1bf7eaaeb9c10dd90380b1b&lang=en&ds=ty011&coid=avgtbdisty&cmpid=&pr=sa&d=2014-02-09 01:40:15&v=18.1.0.443&pid=safeguard&sg=0&sap=hp"
CHR DefaultSearchKeyword: mysearch.avg.com
CHR DefaultSearchURL: http://mysearch.avg.com/search?cid={08887332-62A2-47B1-93D7-839AC4C498CA}&mid=6c3b81dba9ed47d3b977d1d9b32366a7-0fc170a845ca3f55f1bf7eaaeb9c10dd90380b1b&lang=en&ds=ty011&coid=avgtbdisty&cmpid=&pr=sa&d=2014-02-09 01:40:15&v=18.0.5.292&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-09]
CHR Extension: (Google Search) - C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-09]
CHR Extension: (MySearchDial __MSG_newtab__) - C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa [2014-04-26]
CHR Extension: (No Name) - C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-04-26]
CHR Extension: (Google Wallet) - C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-09]
CHR Extension: (Gmail) - C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-09]
CHR HKLM\...\Chrome\Extension: [iagcajndpnfncplednpbnkahadegklfa] - C:\Users\Mickey\AppData\Local\speedial.crx [2014-04-16]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-30]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.3.1.204\avg.crx [2014-02-09]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-30] (AVAST Software)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [632352 2013-06-25] (Disc Soft Ltd)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [913144 2012-03-07] (ESET)
R3 FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [1028096 2011-03-22] (Macrovision Europe Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
R2 RpcSs; C:\Windows\system32\rpcss.dll [528384 2010-11-20] (Microsoft Corporation) [File not signed]
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1294848 2011-01-14] (Synaptics, Inc.) [File not signed]
R2 vToolbarUpdater18.1.7; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\ToolbarUpdater.exe [1808408 2014-06-04] (AVG Secure Search)
S2 Winmgmt; C:\PROGRA~3\80D3EF08CF6A7FC515A580B87DB7E6B0\frzjwwy7t.dot [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 asahci64; C:\Windows\system32\drivers\asahci64.sys [36448 2011-03-23] (Asmedia Technology)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-30] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-30] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-30] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-04] (AVG Technologies)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-07-18] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [209768 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [148528 2012-03-14] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2012-03-14] (ESET)
S3 fttxr52P; C:\Windows\system32\drivers\fttxr52P.sys [191384 2007-02-15] (Promise Technology, Inc.)
S3 fttxr5_O; C:\Windows\system32\drivers\fttxr5_O.sys [227224 2007-02-15] (Promise Technology, Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [23832 2011-08-26] (Intel Corporation)
R0 johci; C:\Windows\System32\drivers\johci.sys [26200 2010-12-23] (JMicron Technology Corp.)
S3 mv61xx; C:\Windows\system32\drivers\mv61xx.sys [179752 2009-10-11] (Marvell Semiconductor, Inc.)
R0 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [175136 2009-04-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 Ultra; C:\Windows\system32\drivers\Ultra.sys [36248 2007-03-22] (Promise Technology, Inc.)
S3 viamrx64; C:\Windows\system32\drivers\viamrx64.sys [157336 2008-09-26] (VIA Technologies Inc.,Ltd)
R0 ViBusX64; C:\Windows\System32\drivers\ViBusX64.sys [21504 2007-12-07] (VIA Technologies, Inc.)
S3 videX64; C:\Windows\system32\drivers\videX64.sys [15000 2008-12-16] (VIA Technologies, Inc.)
S3 ViPrtX64; C:\Windows\system32\drivers\ViPrtX64.sys [62976 2007-12-07] (VIA Technologies, Inc.)
R0 xfiltx64; C:\Windows\System32\drivers\xfiltx64.sys [24728 2008-12-16] (VIA Technologies,Inc)
R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
S3 cpudrv64; \??\C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 23:33 - 2014-07-30 23:33 - 02094080 _____ (Farbar) C:\Users\Mickey\Downloads\FRST64.exe
2014-07-30 23:33 - 2014-07-30 23:33 - 00025647 _____ () C:\Users\Mickey\Downloads\FRST.txt
2014-07-30 23:33 - 2014-07-30 23:33 - 00000000 ____D () C:\FRST
2014-07-30 23:24 - 2014-07-30 23:26 - 00000224 _____ () C:\Windows\setupact.log
2014-07-30 23:24 - 2014-07-30 23:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 18:01 - 2014-07-30 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 17:59 - 2014-07-30 18:00 - 00067072 ___SH () C:\Users\Mickey\Documents\Thumbs.db
2014-07-30 14:25 - 2014-07-30 14:25 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\AVAST Software
2014-07-30 14:24 - 2014-07-30 14:25 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-30 14:24 - 2014-07-30 14:24 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-30 14:24 - 2014-07-30 14:24 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-30 14:24 - 2014-07-30 14:24 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-30 14:24 - 2014-07-30 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-30 14:15 - 2014-07-30 14:15 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-30 14:14 - 2014-07-30 14:15 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-30 14:13 - 2014-07-30 14:14 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-30 14:13 - 2014-07-30 14:14 - 04862664 _____ (AVAST Software) C:\Users\Mickey\Downloads\avast_free_antivirus_setup_online.exe
2014-07-30 13:07 - 2014-07-30 13:07 - 02347384 _____ (ESET) C:\Users\Mickey\Downloads\esetsmartinstaller_enu.exe
2014-07-30 13:07 - 2014-07-30 13:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-30 12:54 - 2014-07-30 12:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mickey\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Teurex
2014-07-29 21:30 - 2014-07-30 12:43 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Hydihaef
2014-07-29 20:12 - 2014-07-30 12:43 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Hokuyqoq
2014-07-29 20:11 - 2014-07-30 12:24 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Gyux
2014-07-25 03:27 - 2014-07-25 03:32 - 00000000 ____D () C:\Users\Mickey\Documents\wld
2014-07-21 20:44 - 2014-07-21 22:31 - 00000075 _____ () C:\Users\Mickey\Documents\vent info.txt
2014-07-19 06:22 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\IlavhUfezs
2014-07-19 05:20 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\OcegAglel
2014-07-19 03:47 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\ObawVodze
2014-07-18 22:57 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\UlasoWutro
2014-07-17 09:33 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\IfekQitso
2014-07-17 06:27 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\AwquvOlcik
2014-07-17 00:57 - 2014-07-17 00:57 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:05 - 2014-07-16 21:07 - 47958037 _____ () C:\Users\Mickey\Desktop\NFCA_Yes, You Can Eat! When Gluten Is...he Only Ingredient You Avoid_6-20-12.mp4
2014-07-16 21:04 - 2014-07-16 21:06 - 50085241 _____ () C:\Users\Mickey\Desktop\2014-03-26 20.30 Is Gluten Really the... FODMAPs in Gluten-Related Disorders.wmv
2014-07-16 21:02 - 2014-07-16 21:04 - 40461769 _____ () C:\Users\Mickey\Desktop\2014-07-15 14.30 Gluten-Free For All_ Separating Facts from Fiction.wmv
2014-07-16 20:09 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\IlfujYehwu
2014-07-16 17:19 - 2014-07-29 01:10 - 00000000 ____D () C:\ProgramData\AttiPlamb
2014-07-12 09:20 - 2014-07-12 11:23 - 00030328 _____ () C:\ProgramData\RUNDLL32.EXE-5848-F.txt
2014-07-09 00:13 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 00:13 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 00:13 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 00:13 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 00:13 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 00:13 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 00:13 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 00:13 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 00:13 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 00:13 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 00:13 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 00:13 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 00:13 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 00:13 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 00:13 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 00:13 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 00:13 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 00:13 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 00:13 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 00:13 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 00:13 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 00:13 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 00:13 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 00:13 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 00:13 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 00:13 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 00:13 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 00:13 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 00:13 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 00:13 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 00:13 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 00:13 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 00:13 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 00:13 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 00:13 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 00:13 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 00:13 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 00:13 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 00:13 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 00:13 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 00:13 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 00:13 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 00:13 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 00:13 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 00:13 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 00:13 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 00:13 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 00:13 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 00:13 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 00:13 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 00:13 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 00:13 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 00:13 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 00:13 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 00:13 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 00:13 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 00:08 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 00:08 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 00:08 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 00:08 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 00:08 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 00:08 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 00:08 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 00:08 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 00:08 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 00:08 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 00:03 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 00:03 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 00:03 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-06 01:29 - 2014-07-11 13:13 - 02994387 _____ () C:\ProgramData\RUNDLL32.EXE-6028-F.txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-30 23:33 - 2014-07-30 23:33 - 02094080 _____ (Farbar) C:\Users\Mickey\Downloads\FRST64.exe
2014-07-30 23:33 - 2014-07-30 23:33 - 00025647 _____ () C:\Users\Mickey\Downloads\FRST.txt
2014-07-30 23:33 - 2014-07-30 23:33 - 00000000 ____D () C:\FRST
2014-07-30 23:30 - 2012-08-10 14:50 - 01798061 _____ () C:\Windows\WindowsUpdate.log
2014-07-30 23:29 - 2009-07-14 00:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-30 23:29 - 2009-07-14 00:45 - 00025632 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-30 23:27 - 2012-12-19 23:35 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-30 23:27 - 2012-08-10 14:44 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 23:26 - 2014-07-30 23:24 - 00000224 _____ () C:\Windows\setupact.log
2014-07-30 23:26 - 2012-08-10 14:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 23:26 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-30 23:24 - 2014-07-30 23:24 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-30 23:10 - 2012-08-10 14:44 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-30 23:04 - 2014-04-12 13:28 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001UA.job
2014-07-30 18:01 - 2014-07-30 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-30 18:00 - 2014-07-30 17:59 - 00067072 ___SH () C:\Users\Mickey\Documents\Thumbs.db
2014-07-30 17:58 - 2011-02-17 02:32 - 00000000 ____D () C:\Temp
2014-07-30 17:27 - 2010-11-20 23:47 - 00141356 _____ () C:\Windows\PFRO.log
2014-07-30 14:25 - 2014-07-30 14:25 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\AVAST Software
2014-07-30 14:25 - 2014-07-30 14:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-30 14:25 - 2011-03-22 10:59 - 00000000 ____D () C:\Program Files (x86)\Hotkey
2014-07-30 14:24 - 2014-07-30 14:24 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-30 14:24 - 2014-07-30 14:24 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-30 14:24 - 2014-07-30 14:24 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-30 14:24 - 2014-07-30 14:24 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-30 14:24 - 2014-07-30 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-30 14:15 - 2014-07-30 14:15 - 00000000 ____D () C:\Program Files\AVAST Software
2014-07-30 14:15 - 2014-07-30 14:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-07-30 14:14 - 2014-07-30 14:13 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-07-30 14:14 - 2014-07-30 14:13 - 04862664 _____ (AVAST Software) C:\Users\Mickey\Downloads\avast_free_antivirus_setup_online.exe
2014-07-30 13:07 - 2014-07-30 13:07 - 02347384 _____ (ESET) C:\Users\Mickey\Downloads\esetsmartinstaller_enu.exe
2014-07-30 13:07 - 2014-07-30 13:07 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-30 12:55 - 2014-07-30 12:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mickey\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-30 12:43 - 2014-07-29 21:30 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Hydihaef
2014-07-30 12:43 - 2014-07-29 20:12 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Hokuyqoq
2014-07-30 12:24 - 2014-07-29 20:11 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Gyux
2014-07-30 12:22 - 2014-07-30 12:22 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\Teurex
2014-07-30 10:04 - 2014-04-12 13:28 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001Core.job
2014-07-29 21:28 - 2013-10-09 23:40 - 00000000 __SHD () C:\Users\Mickey\AppData\Roaming\ruuwustb
2014-07-29 01:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-29 01:10 - 2014-07-19 06:22 - 00000000 ____D () C:\ProgramData\IlavhUfezs
2014-07-29 01:10 - 2014-07-19 05:20 - 00000000 ____D () C:\ProgramData\OcegAglel
2014-07-29 01:10 - 2014-07-19 03:47 - 00000000 ____D () C:\ProgramData\ObawVodze
2014-07-29 01:10 - 2014-07-18 22:57 - 00000000 ____D () C:\ProgramData\UlasoWutro
2014-07-29 01:10 - 2014-07-17 09:33 - 00000000 ____D () C:\ProgramData\IfekQitso
2014-07-29 01:10 - 2014-07-17 06:27 - 00000000 ____D () C:\ProgramData\AwquvOlcik
2014-07-29 01:10 - 2014-07-16 20:09 - 00000000 ____D () C:\ProgramData\IlfujYehwu
2014-07-29 01:10 - 2014-07-16 17:19 - 00000000 ____D () C:\ProgramData\AttiPlamb
2014-07-29 01:10 - 2012-08-12 14:46 - 00000000 ____D () C:\Users\Mickey\AppData\Local\PMB Files
2014-07-29 00:45 - 2012-08-12 14:46 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-28 18:55 - 2012-09-12 14:22 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\SoftGrid Client
2014-07-28 00:49 - 2013-07-08 19:19 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\.minecraft
2014-07-25 23:07 - 2014-02-02 07:22 - 00000000 ____D () C:\Users\Mickey\AppData\Local\Battle.net
2014-07-25 23:07 - 2014-02-02 07:22 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-25 03:32 - 2014-07-25 03:27 - 00000000 ____D () C:\Users\Mickey\Documents\wld
2014-07-24 03:00 - 2014-02-02 18:36 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-21 22:31 - 2014-07-21 20:44 - 00000075 _____ () C:\Users\Mickey\Documents\vent info.txt
2014-07-20 20:17 - 2012-08-10 14:51 - 00064024 _____ () C:\Users\Mickey\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-17 00:57 - 2014-07-17 00:57 - 00000000 ____D () C:\ProgramData\Riot Games
2014-07-16 21:08 - 2014-03-14 13:24 - 00000000 ____D () C:\Users\Mickey\AppData\Roaming\vlc
2014-07-16 21:07 - 2014-07-16 21:05 - 47958037 _____ () C:\Users\Mickey\Desktop\NFCA_Yes, You Can Eat! When Gluten Is...he Only Ingredient You Avoid_6-20-12.mp4
2014-07-16 21:06 - 2014-07-16 21:04 - 50085241 _____ () C:\Users\Mickey\Desktop\2014-03-26 20.30 Is Gluten Really the... FODMAPs in Gluten-Related Disorders.wmv
2014-07-16 21:04 - 2014-07-16 21:02 - 40461769 _____ () C:\Users\Mickey\Desktop\2014-07-15 14.30 Gluten-Free For All_ Separating Facts from Fiction.wmv
2014-07-16 15:30 - 2012-10-03 07:19 - 00000000 ____D () C:\Users\Mickey\Documents\tOSU
2014-07-16 03:41 - 2013-02-22 17:27 - 00000000 ____D () C:\Users\Mickey\Desktop\Audrie's newjobstuff
2014-07-12 17:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-12 11:23 - 2014-07-12 09:20 - 00030328 _____ () C:\ProgramData\RUNDLL32.EXE-5848-F.txt
2014-07-12 11:23 - 2014-06-26 05:24 - 00000000 ____D () C:\ProgramData\3AA72C84C6A930846A35D67A97245E73
2014-07-12 11:23 - 2014-06-18 04:24 - 00000000 ____D () C:\ProgramData\B4083EEED9698A2440F0B6258E4B5FB8
2014-07-12 11:13 - 2014-05-22 07:58 - 00000000 ____D () C:\Users\Mickey\Downloads\Home Improvement (DVD-RIPS COMPLETE)
2014-07-12 09:18 - 2014-05-18 05:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-12 09:18 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 09:18 - 2009-07-14 00:45 - 00294568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-12 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-12 09:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-11 13:46 - 2013-07-21 05:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-11 13:44 - 2012-08-10 15:07 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-11 13:13 - 2014-07-06 01:29 - 02994387 _____ () C:\ProgramData\RUNDLL32.EXE-6028-F.txt
2014-07-05 00:12 - 2014-06-28 01:08 - 04954369 _____ () C:\ProgramData\RUNDLL32.EXE-1832-F.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 23:24] - [2010-11-20 23:24] - 0528384 ____A (Microsoft Corporation) 7A001AC0DE8A7385AAECE1CD9C98D42C

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-28 14:12

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Mickey at 2014-07-30 23:34:08
Running from C:\Users\Mickey\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader X (10.1.8) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.8 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.7.598 - AVG Technologies)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version:  - )
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - ‎Canon Inc.‬)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon MG3200 series User Registration (HKLM-x32\...\Canon MG3200 series User Registration) (Version:  - Canon Inc.‎)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.09 - Piriform)
Chinese Traditional Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-2448-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
CrystalDiskInfo 6.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.0.4 - Crystal Dew World)
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2626.50 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.2626.50 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Ultra (HKLM-x32\...\DAEMON Tools Ultra) (Version: 1.1.0.0103 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
ESET NOD32 Antivirus (HKLM\...\{5972F3C3-5563-47D2-BEE3-1AFEBDD17DA2}) (Version: 5.2.9.1 - ESET, spol. s r.o.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
GameRanger (HKCU\...\GameRanger) (Version:  - GameRanger Technologies)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GOG.com Heroes of Might and Magic 3 (HKLM\...\{1d3c859c-1028-4822-b0a7-da4f7bbc18bc}.sdb) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HandBrake 0.9.9.1 (HKLM-x32\...\HandBrake) (Version: 0.9.9.1 - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of Might and Magic 3 Complete (HKLM-x32\...\GOGPACKHOMM3COMPLETE_is1) (Version: 2.0.0.16 - GOG.com)
Hotkey 3.3023 (HKLM-x32\...\InstallShield_{164714B6-46BC-4649-9A30-A6ED32F03B5A}) (Version: 3.3023 - NoteBook)
Hotkey 3.3023 (x32 Version: 3.3023 - NoteBook) Hidden
iCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}) (Version: 11.0.0.163 - Apple Inc.)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
JMicron Ethernet Adapter NDIS Driver (HKLM-x32\...\{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}) (Version: 6.0.27.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Malwarebytes Anti-Malware version 1.62.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Motorola Bluetooth (HKLM\...\Motorola Bluetooth_is1) (Version: 3.0.12.267 - Motorola, Inc.)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA Control Panel 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4123-B2B9-173F09590E16}) (Version: 1.00.0168 - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{13061CAA-0284-4F9A-B460-3D4699575B35}) (Version: 1.5.81.13070 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.7.0 - Synaptics Incorporated)
THX TruStudio Pro (HKLM-x32\...\{82F99DC9-389A-4528-940C-88248731A620}) (Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
Tower Wars (HKLM-x32\...\Steam App 214360) (Version:  - SuperVillain Studios)
Typing Trainer 8.0 (HKLM-x32\...\{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1) (Version:  - Typing Innovation Group Ltd)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 7 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.7 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-868025771-2946992039-2155595165-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mickey\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-868025771-2946992039-2155595165-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mickey\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-868025771-2946992039-2155595165-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mickey\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-868025771-2946992039-2155595165-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mickey\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {8EE2348C-1665-482F-AB73-AA6FD3698887} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
Task: {9E781624-81CB-4F6C-8D82-87281095BE02} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {BCCC626A-85CB-45FC-B694-B443AF46F130} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001UA => C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {DCD827EC-36C8-41D2-ADD6-0AB014424BE7} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-30] (AVAST Software)
Task: {FB5A4801-6D32-4CEC-8B49-2BC0E79456AA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001Core => C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-01] (Google Inc.)
Task: {FD6FC28C-06B3-46AF-AEDB-C1D537780B1F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001Core.job => C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001UA.job => C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-06-04 18:18 - 2014-06-04 18:18 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\loggingserver.exe
2013-09-05 03:36 - 2014-03-04 10:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-12-25 02:44 - 2014-03-04 09:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-03-22 11:11 - 2010-12-22 23:17 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2011-03-22 11:15 - 2010-11-12 14:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2010-11-28 22:34 - 2010-11-28 22:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-01-28 13:20 - 2011-01-28 13:20 - 03075072 _____ () C:\Program Files (x86)\Hotkey\Hotkey.exe
2013-02-15 21:22 - 2014-06-04 18:18 - 02567192 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
2014-07-30 14:24 - 2014-07-30 14:24 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-30 14:24 - 2014-07-30 14:24 - 02795008 _____ () C:\Program Files\AVAST Software\Avast\defs\14073002\algo.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-06-04 18:18 - 2014-06-04 18:18 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.7\log4cplusU.dll
2011-03-22 10:31 - 2014-03-04 10:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2011-01-14 11:56 - 2011-01-14 11:56 - 00013096 _____ () C:\Program Files (x86)\Synaptics\Scrybe\MouseHelper.dll
2011-03-22 11:11 - 2010-12-22 23:17 - 00066856 _____ () C:\Windows\SysWOW64\SynTPEnhPS.dll
2014-07-30 14:24 - 2014-07-30 14:24 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-07-30 18:01 - 2014-07-30 18:01 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-30 23:43 - 2014-07-30 23:43 - 01361309 _____ () C:\Users\Mickey\Downloads\AdwCleaner.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: THX Audio Control Panel => "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 11:21:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/30/2014 06:20:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 31.0.0.5310, time stamp: 0x53c75e72
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01a4f19f
Faulting process id: 0xb7c
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/30/2014 06:17:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 28.0.0.5186, time stamp: 0x53240e37
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01a9f19f
Faulting process id: 0x1adc
Faulting application start time: 0xfirefox.exe0
Faulting application path: firefox.exe1
Faulting module path: firefox.exe2
Report Id: firefox.exe3

Error: (07/30/2014 06:05:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17207, time stamp: 0x53a20c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0208eb58
Faulting process id: 0x1a20
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/30/2014 06:05:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17207, time stamp: 0x53a20c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0208eb58
Faulting process id: 0x2300
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/30/2014 06:05:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17207, time stamp: 0x53a20c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0208eb58
Faulting process id: 0x1dfc
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/30/2014 06:05:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17207, time stamp: 0x53a20c50
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0208eb58
Faulting process id: 0x1e3c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (07/30/2014 05:57:43 PM) (Source: Game of Thrones RPG) (EventID: 28672) (User: )
Description: Internal error (error code: 0xE2000020). Close all appplications and try again. If this does not help, contact product customer support.
UK: M3JB-JFR6N6-5ZJQWL-E235LC-6JKRND-REGZ5P
5.70.31.4; E2000020; ES: 185, 186, 97, D7, BE, C7, 95, 1011C, 1011B, 184, 0

Error: (07/30/2014 05:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/30/2014 02:09:35 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070057.


System errors:
=============
Error: (07/30/2014 11:45:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:44:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:44:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:43:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:43:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:42:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:42:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:41:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:41:29 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126

Error: (07/30/2014 11:40:59 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Management Instrumentation service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (07/30/2014 11:21:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mickey\Downloads\esetsmartinstaller_enu.exe

Error: (07/30/2014 06:20:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe31.0.0.531053c75e72unknown0.0.0.000000000c000000501a4f19fb7c01cfac4475959890C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknownb4c5f297-1837-11e4-a3f6-a2dea061e530

Error: (07/30/2014 06:17:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37unknown0.0.0.000000000c000000501a9f19f1adc01cfac44136fa5a9C:\Program Files (x86)\Mozilla Firefox\firefox.exeunknown57d5b177-1837-11e4-a3f6-a2dea061e530

Error: (07/30/2014 06:05:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1720753a20c50unknown0.0.0.000000000c00000050208eb581a2001cfac426a36dd8eC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna8a0fe7d-1835-11e4-a3f6-a2dea061e530

Error: (07/30/2014 06:05:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1720753a20c50unknown0.0.0.000000000c00000050208eb58230001cfac426a2d8e9bC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna89bf55a-1835-11e4-a3f6-a2dea061e530

Error: (07/30/2014 06:05:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1720753a20c50unknown0.0.0.000000000c00000050208eb581dfc01cfac4266aac352C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna689af67-1835-11e4-a3f6-a2dea061e530

Error: (07/30/2014 06:05:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.1720753a20c50unknown0.0.0.000000000c00000050208eb581e3c01cfac42669c6b3cC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEunknowna67c1aa4-1835-11e4-a3f6-a2dea061e530

Error: (07/30/2014 05:57:43 PM) (Source: Game of Thrones RPG) (EventID: 28672) (User: )
Description: Internal error (error code: 0xE2000020). Close all appplications and try again. If this does not help, contact product customer support.
UK: M3JB-JFR6N6-5ZJQWL-E235LC-6JKRND-REGZ5P
5.70.31.4; E2000020; ES: 185, 186, 97, D7, BE, C7, 95, 1011C, 1011B, 184, 0

Error: (07/30/2014 05:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Mickey\Downloads\esetsmartinstaller_enu.exe

Error: (07/30/2014 02:09:35 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070057


CodeIntegrity Errors:
===================================
  Date: 2013-12-09 16:30:54.563
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 16:08:00.820
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 15:56:53.708
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 15:30:34.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 15:13:48.686
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 15:06:19.005
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 15:01:14.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 14:39:46.926
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-09 14:26:30.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.


# AdwCleaner v3.302 - Report created 30/07/2014 at 23:43:50
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mickey - MICKEY-PC
# Running from : C:\Users\Mickey\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

File Found : C:\Users\Mickey\AppData\Local\speedial.crx
File Found : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
File Found : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\user.js
Folder Found : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found : C:\ProgramData\AVG SafeGuard toolbar
Folder Found : C:\ProgramData\AVG Secure Search
Folder Found : C:\Users\Mickey\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
Folder Found : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Mickey\AppData\LocalLow\AVG SafeGuard toolbar

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0CtGzz0FyE0CtGtA0AtC0BtGtDyBtAtBtBzytA0DyC0EyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEtCzy0FyCyDtDtAtGzzzz0A0EtG0DtByEyBtGtDtD0BtBtGtDzztB0B0FyEyE0AzytByE0B2Q&cr=863376723&ir=

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\prefs.js ]

Line Found : user_pref("extensions.irmysearch.aflt", "dsites02_14_16_ie");
Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0Ct[...]
Line Found : user_pref("extensions.irmysearch.cr", "863376723");
Line Found : user_pref("extensions.irmysearch.instlRef", "140305_b");
Line Found : user_pref("extensions.mysearchdial.AL", 2);
Line Found : user_pref("extensions.mysearchdial.aflt", "dsites02_14_16_ie");
Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0[...]
Line Found : user_pref("extensions.mysearchdial.cr", "863376723");
Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
Line Found : user_pref("extensions.mysearchdial.hmpg", true);
Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1Czu[...]
Line Found : user_pref("extensions.mysearchdial.id", "001C7BA55420A97E");
Line Found : user_pref("extensions.mysearchdial.instlDay", "16176");
Line Found : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1C[...]
Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L[...]
Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.05:53:14");

-\\ Google Chrome v

[ File : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : iagcajndpnfncplednpbnkahadegklfa
Found [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [11813 octets] - [30/07/2014 23:43:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [11874 octets] ##########


# AdwCleaner v3.302 - Report created 30/07/2014 at 23:52:30
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mickey - MICKEY-PC
# Running from : C:\Users\Mickey\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.1.7

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Users\Mickey\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Mickey\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\iagcajndpnfncplednpbnkahadegklfa
Folder Deleted : C:\Users\Mickey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi
File Deleted : C:\Users\Mickey\AppData\Local\speedial.crx
File Deleted : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\user.js

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\iagcajndpnfncplednpbnkahadegklfa
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BrowseMark_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBrowseMark_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v0.0.0.0

Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Mickey\AppData\Roaming\Mozilla\Firefox\Profiles\6y0ey4g0.default\prefs.js ]

Line Deleted : user_pref("extensions.irmysearch.aflt", "dsites02_14_16_ie");
Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0Ct[...]
Line Deleted : user_pref("extensions.irmysearch.cr", "863376723");
Line Deleted : user_pref("extensions.irmysearch.instlRef", "140305_b");
Line Deleted : user_pref("extensions.mysearchdial.AL", 2);
Line Deleted : user_pref("extensions.mysearchdial.aflt", "dsites02_14_16_ie");
Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyB0AyE0Dzz0C0AyCtGtDtBzz0[...]
Line Deleted : user_pref("extensions.mysearchdial.cr", "863376723");
Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1Czu[...]
Line Deleted : user_pref("extensions.mysearchdial.id", "001C7BA55420A97E");
Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16176");
Line Deleted : user_pref("extensions.mysearchdial.instlRef", "140305_b");
Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L1C[...]
Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=dsites02_14_16_ie&cd=2XzuyEtN2Y1L1QzutDtDtC0CyB0B0AyDyDyEtBtD0AzyyB0EtN0D0Tzu0SzztAyCtN1L2XzutBtFtBtDtFtCtFtDtN1L[...]
Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.05:53:14");

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [12043 octets] - [30/07/2014 23:43:50]
AdwCleaner[S0].txt - [11341 octets] - [30/07/2014 23:52:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11402 octets] ##########


07/30/2014 14:29
Scan of all local drives

File C:\games\sega\genesis roms\Comix Zone (Beta) [b2].zip|>Comix Zone (beta) [b2].bin Error 42125 {ZIP archive is corrupted.}
File C:\TDSSKiller_Quarantine\09.12.2013_16.36.07\mbr0000\mbr0000\tsk0000.dta is infected by MBR:Alureon-O [Rtk], Moved to chest
File C:\TDSSKiller_Quarantine\09.12.2013_16.36.07\mbr0000\mbr0000\tsk0001.dta is infected by MBR:Alureon-O [Rtk], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XB4R14N\beauty[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0XB4R14N\MaWhMKO1pKMzpTWcpzImqzSkYaOvrt==[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\212KQB71\EA7C1H7C.htm is infected by JS:Includer-AWP [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\237BUJJU\druyfw6[1].htm is infected by JS:Includer-BCO [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\237BUJJU\5FG577JW.htm is infected by JS:Includer-AWP [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ZR7VMI3\pretty-in-pink-25th-anniversary[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ES0ATQQ\pretty-in-pink-25th-anniversary[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TPYYJ1M3\MaWhMKO1pKMzpTWcpzImqzSkYaOvrt==[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V7O03SF2\beauty[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V8WSJ8DZ\how-i-met-your-mother-before-the-fame[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8MCKGFHM\from-child-star-to-happily-married-snakkle-looks-back-at-leann-rimes[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MKBM9QV\from-child-star-to-happily-married-snakkle-looks-back-at-leann-rimes[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9MKBM9QV\WhiteLabelBidRequestHandlerServlet[10] is infected by HTML:Script-inf, Moved to chest
File C:\Users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EXCF1EL1\beauty[1].htm is infected by JS:ScriptIP-inf [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Temp\tmp65fad92b.bat is infected by BV:Agent-ANZ [Trj], Moved to chest
File C:\Users\Mickey\AppData\Local\Temp\tmpe3b4ffc6.bat is infected by BV:Agent-ANZ [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>sfdg.class is infected by Java:Agent-GFN [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>rem.class is infected by Java:Agent-ECX [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>otts.class is infected by Java:CVE-2011-3544-LU [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>dvs.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>lang.class is infected by Java:Downloader-MC [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>gfh.class is infected by Java:Agent-FZK [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>dsdd$1.class is infected by Java:Agent-FDR [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>dsdd.class is infected by Java:Agent-FUL [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>dsdssd.class is infected by Java:CVE-2013-1493-CJ [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\2a1ef896-616e31e7|>vds.class is infected by Java:Agent-FZK [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>lang.class is infected by Java:Downloader-MC [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>yt.class is infected by Java:Agent-ELI [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>ore.class is infected by Java:Agent-EKA [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>dsdd$1.class is infected by Java:Agent-FDR [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>dsdd.class is infected by Java:Agent-FUL [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>vd.class is infected by Java:CVE-2011-3544-LU [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>oiut.class is infected by Java:Agent-GFB [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>as.class is infected by Java:Agent-EJN [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>qw.class is infected by Java:Agent-GMB [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\5c6df9e7-241a56be|>hyt.class is infected by Java:Agent-FUL [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>dsdd$1.class is infected by Java:Agent-FDR [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>dsdd.class is infected by Java:Agent-FUL [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>qwer.class is infected by Java:Agent-FDR [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>sq.class is infected by Java:Agent-GBO [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>bytecodes.class is infected by Java:Agent-ENP [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>iow.class is infected by Java:Malware-gen [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>xs.class is infected by Java:Agent-GRL [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>sress.class is infected by Java:CVE-2011-3544-LK [Expl], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>lang.class is infected by Java:Downloader-MC [Trj], Moved to chest
File C:\Users\Mickey\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1333d147-1e1e7dd9|>fwe.class is infected by Java:Agent-FFZ [Trj], Moved to chest
File C:\Users\Mickey\Downloads\Inside.HBOs.Game.Of.Thrones.2012.RETAiL.ePUB.eBOOK-DiSTRiBUTiON\dn-1655l.zip|>Inside.HBOs.Game.Of.Thrones.2012.RETAiL.ePUB.eBOOK-DiSTRiBUTiON.rar|>inside.hbos.game.of.thrones.2012.retail.epub.ebook-distribution.epub|>OEBPS\images\z21.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Windows\Options\Drivers\Hotkey.zip|>07Hotkey\3.3023\Data1.cab|>powerbiosserver.exe4 is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Windows\Options\Drivers\Hotkey.zip|>07Hotkey\3.3023\Data1.cab|>powerbiosserver.exe5 is infected by Win32:Rootkit-gen [Rtk], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\95b809202f529e4fd5f9b057d8ff8f98103fc5da[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12ec915f60f74dd3949593c0327e618e3f3d8845[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\05b245c1fdec5a2076a3f70a55f3df2f7faf5ce5[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\838ef33d289bc7ffa1060eb0aa39f644476cbdfb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0e8c9141dca13f735b7258822533b0d36dc7d1cc[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6ddfda307163bcdd2976398eaef7678ef0a8f21b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8ea172d08a94c96cc94ef3ed884fcad631059269[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\83f647ffaef4084be78ff2d0ee555aca5b6ed9cb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4473aa0cc96f4754d40ab63bf858caf8c1d53b18[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\990536bb53bfb90a2756b14cf9948cd1860670c6[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rekketus2[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\rekketus2[2].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7f79ac83edce20bb77b01757180bb0d9ba3e4d9f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainAUQXNE5B.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainBGPEF2A8.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainBULXQF7V.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\61b4c9295ecd3fccca3ca0d41f5684ee46279135[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\85e8dfbccaba9a93090c68062b1c0afd7c65ce40[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\157caf827e062c045882f4c9fe86a85c5fec18e0[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ec1751d8f3c256aefa6b0c14877439e20d378f2[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9f4bbfa4a11db3c877f7bed03a775142ea82bba8[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f9fdd4e896c2cedc3cf00b0f3fe013767520a4df[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4f9e2817334edb773c3af539ddf900875011cfa4[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\226fc760f998fe4851085dea26e897ea8eba22f3[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7e599d157045a2caec875e5204e2fa633173d9bb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\682f5e78f60a02791e66b8af156bc8139df6a4ce[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6838b4f1e39431da44e859794877a311dac631ad[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3e446b4bec2d23ca0edf9be5929ee7d807b9d20a[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\50163a20de985af4b8011c51fae4849723d79f56[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b511b16e8ff2907afbad9ec5d8486f5a2d350a50[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5ce82a368b88d7342c1ce9833e61b9dcb85fe4d5[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\afd41ece7a05697ba596b6d592c30543bbb43924[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\43c0ad4d652ed05b034a47d3885a7ca947142cda[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainLHN45UQ5.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainLPOLX33E.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainN7T6Q57B.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\079ab6e6b4ee3628b7f8c5ddd5d819694d52fd01[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\112fc271de88344fc4125a38364010191a41d8c8[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b5cba9a6f2116a78cccde176276a181dc2db98dd[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fdd181ad3191118d2f29c4cd808e7358247d1a6b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7e6f8127608842364692a905c7e59f29e53c870f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\e41cae2051021b7b3d6133c515649d0cf89df6cd[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\52b03cc186996cca68d31ddacb4a86bdd9a2211e[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1803199d36d1e2495534c0b8f9eb6463627d757f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ff18ffd323fb5e92ae6a5de1f1ecd13800544c85[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a689e621859fbc5020fa79cd9dd0b7720412b98c[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a70a83188d8aaed0c5cb0b9964b44fff091e8089[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b817950cb6ea82fbe8b3ebedc43ab3a872897546[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainPZMS1VFH.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainQZXKA299.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainROESUJIH.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main2GQN2XLX.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main2HG71H3B.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main2UPY6JIP.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\256573cdd071a819e77e2e266117ac86ad2c02ad[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AN2MyMWJjMGE2YjUwOWJiZDZkZDA3OTA2Y2IwZTZhYTUvZmRiYThiMWIwNzkwZWI3YzA1ZTBmOGRmYzdhNjgxMGYvNDMwLzkyMTZmYmRkOTY5OTA5NGE4NmFiZjE2ODRlYzE3ZWFiLzc1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c077989938fef26b68e6f9e82f5aa79400a67606[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0374dbedf3a68b805c628145f6ecb2e90c504101[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\163a9d9d5438affb00608c921f390239231176cd[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4871f6eae701816f7f421c4792fb1bf5ab522efe[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ff1a2f7ad670a342659f70273c5832aa9a2feec[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6d436196aa0357f1dcc79b26d071449098f33b8a[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fd72d591651ef0869344faec933a2345abe4561e[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b45354f28887dc065d6172cd3fc094f057a696cb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\909ad73e0da8694474c4d458926d7b2d72bd6dfa[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\952690b176a62bb7c0605815269879722acbefa8[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\e384b0e31486bdb3b3c5eb37c472c77c2890210d[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b4187991fcab9b785de55a26ffc1418f89bba073[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1504f9180660a40a421cd1662cbcad5339ea9711[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09981c6e18f4c3e1db4fb9eed1011dc941671315[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73a52cef4dc2de24cf5ec25522f0e511ab9580cf[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73bc64c811aacf1e5adf5baf07eaa7c826fe1f41[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMzI5YzQ5YjAxMTg4MDQ0MDZmOTBlNmZiNTE1ZDRkZjYvZmRiYThiMWIwNzkwZWI3YzA1ZTBmOGRmYzdhNjgxMGYvNDMwLzk1NjVlMmZiNThjMGU3ZGYwMjY4ZGVlZTQ2YmJhZDE5Lzc1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ca6808f79c05a44f85500602d49504dfafdfe728[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\025300c938f4e40d3aca9b84ecaf6563b493f0a0[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\99746c6799269ff5e90bce4866e3cadb34556c2f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9b4c7cc1e70c641fa251698b92ced27e27959611[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainAABEVIVA.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\757314d015b257d33aedf1f7ec3a53bbce2f233b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f120e0575d722906879d8fd8d911de3e671aefee[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainYK7OPY7Q.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainEAS6J74T.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainEJ4WGVT2.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainEOU9GMO0.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainES0TNF2O.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainF6E1Q9B8.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainFN842TOU.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DZU1WKNQ.htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b244175d914ef2ed13f322f1bc3aba68ab531e91[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMzI5YzQ5YjAxMTg4MDQ0MDZmOTBlNmZiNTE1ZDRkZjYvMjBmZTEyZDIxNzBmYjEwNDMyMzM3YjUxZjY5NTMzYjgvNDAzLzcyZWY0ZjYwNTNlZDdlMDI0MmRlZDIyYzc5NTlkNTUxLzc1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AMzI5YzQ5YjAxMTg4MDQ0MDZmOTBlNmZiNTE1ZDRkZjYvZmRiYThiMWIwNzkwZWI3YzA1ZTBmOGRmYzdhNjgxMGYvNDMwL2VkYzI4YjllOTE4MDk4Zjk2ZjdlOTI3MGIwYjVhZTA2Lzc1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\d199985449cac4907ae31739831f58b528712f50[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74c06b00d0d5a2c7f78dfec3f6001716e10b9569[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main40YCDNT8.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main5H75JF68.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main5LKAP75R.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main5U5L2HSM.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\d926d5e06d4695b943a8e6f1f91db9b384e97cdb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8af1006738b9b21353fd38b9db4ca307c0297659[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8fba1e1200aa4eb5f89b20f31978c688d1128e1f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f4deb08603be1d8c133b0f54424c8f9edd5c0b8a[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08f89edf037663d722d203bbbc7f14a77a1f1f9c[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3d131b5e3e5693a3a914b615c0b92631574d5e29[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\dc054e68a1c191c99514cccf3f1379321b6a9980[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main05MZ2BUO.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main08M9DSOF.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f2eb0fed6f3019633d7a76073a3d022d93979095[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\791d19deac55870e1231b2e5d2d6e073943b71a3[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7c66958167f9703c57029ba23b41629a50dfe6cb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7c8a58418aa5b5dea3ee34f1b41a70181c5b292b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ff7f1c51edd0ed9d3c539b0ab7164ae576cb908[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\71077c89693dd018db5792edb8cd405f17038e25[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c1af47facfc810428937329de08c8c18df96f28b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6a889925745eebecca5a9ac1dfeabcdd2b27ca27[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\215adc20277ba9e09a7f54dbef904b7b1f8bef76[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78a2194e01e9d3dedd817a147d6e3e33978ca34f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b2686e54ea5b72c75227979d6a37a2cb87f4add3[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\345e769cbc497566b6f71380024716c3c4245c91[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\367052e6400c4b5ed8d1a5f90cee4659d642a145[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\846af2e17382bb8433b696b4b033975224826a4d[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\84bda6d4e5463addecad27bd89d074070ef5f8a4[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainHVXYM8L8.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainIGF3O5I1.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainJ4W20FI7.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\816ddae4db347a9e3741c08fa88dd732d9494ea6[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainNHKR9856.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainOVI2IGL4.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0bb4334e3bb9bd24d05bb8159e4dfe1b8eb2c53d[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\a0b5fc71b750740afc43e73b7f95a0f3fbb1032d[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2e54e4719f50835e75ff17273a7396837e422831[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\e9527e3b55d2e66c75e84925bfd5f94e660c4a87[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\e96915701454554da0c5032d799763bc17d5af73[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\af2435d05215841dffa532975ab0e162d720c4bb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\af966f803ee9eb2f9f69257e904b24090986a8b4[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainS5EVXDE1.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainTXCUAE4U.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62fe9f43ef397f90684bc5f7a2c569ee46800665[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fa968d73063e3c17021ea5caf6bedd620ca45e0a[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainC9N93LKM.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainCR33DI01.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainFTNBOHK1.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainHDFLE0HH.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainJHNSGE4W.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\db568a3ff9c550c13a342dd2c3cb529889c1f071[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c25ff8b8e203e4190ce23ff4b868306b990099e6[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9996bc4ab5594ebc6c9deae38f5167e8717adf00[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fbbfa400d8119c9f97af1b60dcd0f1371c34f6a6[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8be3f72b0863bf5ae8f465c0abc6f4fb0141bec2[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainJL1BMS84.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainKB63M8OU.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\31b2ed50b329f05cece1ec24f89de0e60ba5fe41[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f6bf01070c1da03207af9df7f82975091090cde1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main88G197O2.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main8CFTM2LZ.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main8XFF5TU2.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\co[5].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\bc3d25a4312d3bfaef0133ae32cb35bb6ad3e26d[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27c2b9f0c5949c6f93825a6f828c3423f91f61be[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainYSIY17XE.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainZSE6FH7J.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainZVY3X8NX.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainZW56GV3I.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\d20da9ad6efe9a4325cc28173c62cc28a09f8104[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ab25d54d23b0b2c5c8f075c8b0269e7d12d94c3f[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ce287c87b11973d2636a30cb33593606cd8453ac[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\841bbf1fd05c8426439984373d299a7f3e126be2[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\842ad00e84238ada61578c4b298d3c015f8e1831[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4567cd9d3e42e4aacc99feb27329991387552138[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55265a406c49606b027e2f337b913cfa87a32b98[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\60e76a063329a6dccf836d3044dc30cba9ca1fc1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\272d9af5b59fe6af3949e0b40e82f4449d841a6c[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainH663XO8U.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\d159b53b50654ed70d3d6e7a6d34dbcac7eaf12b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0cbe7cd4b19f630cf65ea41265545d95a19becac[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0ce688904618e53404fbf8f68b63cba99580396e[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainVD4FRNAE.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainVGSRGRYV.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\mainW30M566H.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main36C5ZUAO.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main3FOAA96M.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main3QB6A8D9.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7d380b3eaa32fcd29c131a7b392d1ffb365d50d1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1cb8378a460b3aad4029c49b919ff9dac3d66c4b[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0f6921d1694cf71cff50f31146397f73681f71ed[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03b7ed509f39a7a3d4abea57fa4733887970b617[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9d49b6c7b27c3401131bb2279cc99f59d3315a65[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3b78bfdd412937a39e30e8a513975b7c0090b27e[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main040NXQHC.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main042DL8TS.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main1DPT53EH.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\main25X5233V.htm is infected by JS:Includer-BFG [Trj], Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\567ba6a67e27f67ecdc879ae8f9901f1d79ca6e2[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\b2227a60322815708b0eeecb9bf74bbae72b91b6[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f94831eea1d96bedf908f5743327997369b3b5f1[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\f8c057d1340f33c0740e434c2d86896143eb29ed[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\cf0a6e1ee9988369843030e9f61a2bce88f2fbb3[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\aa5408f95955e4a6c7840a1f211518ee2254f6bb[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\c76da0b1e4c1e0a07e17bb421919180377fa3b90[1].htm is infected by HTML:Iframe-inf, Moved to chest
File C:\Windows\Temp\_avast_\unp240670577.tmp is infected by Win32:Rootkit-gen [Rtk], Moved to chest
Number of searched folders: 52722
Number of tested files: 2244396
Number of infected files: 249



 



#4 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 01:21 PM

Was having trouble posting all at once...


*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Wednesday, July 30, 2014 5:27:46 PM
*

7/30/2014 6:08:29 PM    C:\Users\Mickey\AppData\Local\Temp\lFtAuHQr.exe.part [L] Win32:Dropper-gen [Drp] (0)
File was successfully moved to chest...
7/30/2014 6:09:29 PM    C:\Users\Mickey\AppData\Local\Temp\nYK6qfNG.exe.part [L] Win32:Dropper-gen [Drp] (0)
File was successfully moved to chest...

*
* Shield stopped: Wednesday, July 30, 2014 11:26:16 PM
* Run-time was 5 hour(s), 58 minute(s), 58 second(s)


13:53:15.0163 0x0430  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:53:18.0170 0x0430  ============================================================
13:53:18.0170 0x0430  Current date / time: 2014/07/31 13:53:18.0170
13:53:18.0170 0x0430  SystemInfo:
13:53:18.0170 0x0430  
13:53:18.0170 0x0430  OS Version: 6.1.7601 ServicePack: 1.0
13:53:18.0170 0x0430  Product type: Workstation
13:53:18.0170 0x0430  ComputerName: MICKEY-PC
13:53:18.0170 0x0430  UserName: Mickey
13:53:18.0170 0x0430  Windows directory: C:\Windows
13:53:18.0170 0x0430  System windows directory: C:\Windows
13:53:18.0170 0x0430  Running under WOW64
13:53:18.0170 0x0430  Processor architecture: Intel x64
13:53:18.0170 0x0430  Number of processors: 8
13:53:18.0170 0x0430  Page size: 0x1000
13:53:18.0170 0x0430  Boot type: Normal boot
13:53:18.0170 0x0430  ============================================================
13:53:18.0246 0x0430  KLMD registered as C:\Windows\system32\drivers\96475707.sys
13:53:18.0459 0x0430  System UUID: {1DDF2F89-F924-875E-73B2-0295CFDE2084}
13:53:19.0090 0x0430  Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 ( 238.47 Gb ), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:53:19.0094 0x0430  ============================================================
13:53:19.0094 0x0430  \Device\Harddisk0\DR0:
13:53:19.0095 0x0430  MBR partitions:
13:53:19.0095 0x0430  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1388000
13:53:19.0095 0x0430  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1388800, BlocksNum 0x1C96A000
13:53:19.0095 0x0430  ============================================================
13:53:19.0096 0x0430  C: <-> \Device\Harddisk0\DR0\Partition2
13:53:19.0097 0x0430  ============================================================
13:53:19.0097 0x0430  Initialize success
13:53:19.0097 0x0430  ============================================================
13:53:38.0112 0x01e4  ============================================================
13:53:38.0112 0x01e4  Scan started
13:53:38.0112 0x01e4  Mode: Manual; SigCheck; TDLFS;
13:53:38.0112 0x01e4  ============================================================
13:53:38.0112 0x01e4  KSN ping started
13:53:38.0775 0x01e4  KSN ping finished: true
13:53:39.0042 0x01e4  ================ Scan system memory ========================
13:53:39.0042 0x01e4  System memory - ok
13:53:39.0043 0x01e4  ================ Scan services =============================
13:53:39.0071 0x01e4  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:53:39.0123 0x01e4  1394ohci - ok
13:53:39.0137 0x01e4  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:53:39.0155 0x01e4  ACPI - ok
13:53:39.0158 0x01e4  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:53:39.0173 0x01e4  AcpiPmi - ok
13:53:39.0178 0x01e4  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:53:39.0189 0x01e4  AdobeARMservice - ok
13:53:39.0202 0x01e4  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
13:53:39.0223 0x01e4  adp94xx - ok
13:53:39.0233 0x01e4  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
13:53:39.0251 0x01e4  adpahci - ok
13:53:39.0257 0x01e4  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
13:53:39.0271 0x01e4  adpu320 - ok
13:53:39.0276 0x01e4  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:53:39.0310 0x01e4  AeLookupSvc - ok
13:53:39.0322 0x01e4  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
13:53:39.0349 0x01e4  AFD - ok
13:53:39.0354 0x01e4  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:53:39.0365 0x01e4  agp440 - ok
13:53:39.0369 0x01e4  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:53:39.0386 0x01e4  ALG - ok
13:53:39.0388 0x01e4  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:53:39.0399 0x01e4  aliide - ok
13:53:39.0402 0x01e4  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:53:39.0412 0x01e4  amdide - ok
13:53:39.0415 0x01e4  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
13:53:39.0431 0x01e4  AmdK8 - ok
13:53:39.0435 0x01e4  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
13:53:39.0450 0x01e4  AmdPPM - ok
13:53:39.0456 0x01e4  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:53:39.0469 0x01e4  amdsata - ok
13:53:39.0476 0x01e4  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:53:39.0490 0x01e4  amdsbs - ok
13:53:39.0493 0x01e4  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:53:39.0504 0x01e4  amdxata - ok
13:53:39.0507 0x01e4  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:53:39.0539 0x01e4  AppID - ok
13:53:39.0543 0x01e4  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:53:39.0575 0x01e4  AppIDSvc - ok
13:53:39.0579 0x01e4  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:53:39.0596 0x01e4  Appinfo - ok
13:53:39.0600 0x01e4  [ A5299D04ED225D64CF07A568A3E1BF8C, 6F7E73893127BADC8C9815E9BCC0EB5F6584E254D0D09A0B6A680704C71E0A90 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:53:39.0610 0x01e4  Apple Mobile Device - ok
13:53:39.0618 0x01e4  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:53:39.0637 0x01e4  AppMgmt - ok
13:53:39.0641 0x01e4  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
13:53:39.0653 0x01e4  arc - ok
13:53:39.0658 0x01e4  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:53:39.0670 0x01e4  arcsas - ok
13:53:39.0673 0x01e4  [ D7989234601A2DE9A1801F4ED9533B6E, 59FEDA2BC940B9B45597B99F11F58EF0F09242840220BF305D75A5E94DF3E4B8 ] asahci64        C:\Windows\system32\drivers\asahci64.sys
13:53:39.0688 0x01e4  asahci64 - ok
13:53:39.0697 0x01e4  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:53:39.0711 0x01e4  aspnet_state - ok
13:53:39.0715 0x01e4  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:53:39.0726 0x01e4  aswHwid - ok
13:53:39.0730 0x01e4  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:53:39.0741 0x01e4  aswMonFlt - ok
13:53:39.0746 0x01e4  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:53:39.0757 0x01e4  aswRdr - ok
13:53:39.0761 0x01e4  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:53:39.0772 0x01e4  aswRvrt - ok
13:53:39.0795 0x01e4  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:53:39.0827 0x01e4  aswSnx - ok
13:53:39.0839 0x01e4  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:53:39.0857 0x01e4  aswSP - ok
13:53:39.0861 0x01e4  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:53:39.0873 0x01e4  aswStm - ok
13:53:39.0881 0x01e4  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:53:39.0895 0x01e4  aswVmm - ok
13:53:39.0899 0x01e4  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:53:39.0930 0x01e4  AsyncMac - ok
13:53:39.0933 0x01e4  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:53:39.0943 0x01e4  atapi - ok
13:53:39.0958 0x01e4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:53:40.0005 0x01e4  AudioEndpointBuilder - ok
13:53:40.0021 0x01e4  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:53:40.0065 0x01e4  AudioSrv - ok
13:53:40.0072 0x01e4  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:53:40.0082 0x01e4  avast! Antivirus - ok
13:53:40.0086 0x01e4  [ 7688C67BDF55500C1FDC8291230C397D, 68A4C3D7F7043C73113B1EE7A3DD8E98BC1D6F54CA7E4E1BFB2333A75CDE2DE0 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
13:53:40.0096 0x01e4  avgtp - ok
13:53:40.0100 0x01e4  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:53:40.0120 0x01e4  AxInstSV - ok
13:53:40.0132 0x01e4  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:53:40.0158 0x01e4  b06bdrv - ok
13:53:40.0166 0x01e4  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:53:40.0187 0x01e4  b57nd60a - ok
13:53:40.0192 0x01e4  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:53:40.0208 0x01e4  BDESVC - ok
13:53:40.0210 0x01e4  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:53:40.0242 0x01e4  Beep - ok
13:53:40.0259 0x01e4  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:53:40.0291 0x01e4  BFE - ok
13:53:40.0311 0x01e4  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:53:40.0363 0x01e4  BITS - ok
13:53:40.0367 0x01e4  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
13:53:40.0381 0x01e4  blbdrive - ok
13:53:40.0464 0x01e4  [ F1C544114ECB62A5EEDA8D9D3249574D, FF1D23BAA78DF408296AA750C9A53FD62C86F6235E3C22954D8EBC1EB58C1828 ] Bluetooth Device Manager C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
13:53:40.0564 0x01e4  Bluetooth Device Manager - ok
13:53:40.0593 0x01e4  [ 21B1CB06C0254BBC08B8C30D8F282E69, 96119169E4CFE89F52F80E5B2C27988EB4B5E9F1AB41A58F1C42BD8DB473099E ] Bluetooth Media Service C:\Program Files\Motorola\Bluetooth\audiosrv.exe
13:53:40.0627 0x01e4  Bluetooth Media Service - ok
13:53:40.0643 0x01e4  [ 0BC0DC720F22A9D6D721FD5B7D15E84F, B1BD408A3A97AD6D8AFF17065FE5DFD7F156DC80D4FA9B6F471E220924ACDE5E ] Bluetooth OBEX Service C:\Program Files\Motorola\Bluetooth\obexsrv.exe
13:53:40.0665 0x01e4  Bluetooth OBEX Service - ok
13:53:40.0677 0x01e4  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:53:40.0695 0x01e4  Bonjour Service - ok
13:53:40.0700 0x01e4  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:53:40.0714 0x01e4  bowser - ok
13:53:40.0717 0x01e4  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
13:53:40.0731 0x01e4  BrFiltLo - ok
13:53:40.0733 0x01e4  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
13:53:40.0747 0x01e4  BrFiltUp - ok
13:53:40.0753 0x01e4  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:53:40.0769 0x01e4  Browser - ok
13:53:40.0778 0x01e4  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:53:40.0799 0x01e4  Brserid - ok
13:53:40.0803 0x01e4  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:53:40.0819 0x01e4  BrSerWdm - ok
13:53:40.0822 0x01e4  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:53:40.0837 0x01e4  BrUsbMdm - ok
13:53:40.0840 0x01e4  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:53:40.0853 0x01e4  BrUsbSer - ok
13:53:40.0857 0x01e4  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
13:53:40.0873 0x01e4  BTHMODEM - ok
13:53:40.0878 0x01e4  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:53:40.0910 0x01e4  bthserv - ok
13:53:40.0913 0x01e4  [ 6D3FF2B480F7AB8DA103CBC7FBEACD48, 549EAF2A6362DD7FE3B9B3A6644CF89D6BEEC9C4D71296580799B5399C4304D1 ] BTMCOM          C:\Windows\System32\Drivers\btmcom.sys
13:53:40.0929 0x01e4  BTMCOM - ok
13:53:40.0932 0x01e4  [ C9918310FA5912E491B028E88E0CE473, DFF8CA4BC695B551C456A3094DA5FD9F32A5B166DFE3F4459187EE96AA68A853 ] BTMHID          C:\Windows\system32\drivers\btmhid.sys
13:53:40.0945 0x01e4  BTMHID - ok
13:53:40.0957 0x01e4  [ 284876410D07F7E6EBED07550BDEE702, 71327D72B89D01005A41F7AE296F1A6CCB6B333960ECA44FBA39273EE61F227C ] BTMUSB          C:\Windows\system32\Drivers\btmusb.sys
13:53:40.0982 0x01e4  BTMUSB - ok
13:53:40.0986 0x01e4  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:53:41.0019 0x01e4  cdfs - ok
13:53:41.0024 0x01e4  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:53:41.0040 0x01e4  cdrom - ok
13:53:41.0045 0x01e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:53:41.0076 0x01e4  CertPropSvc - ok
13:53:41.0079 0x01e4  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
13:53:41.0094 0x01e4  circlass - ok
13:53:41.0104 0x01e4  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:53:41.0122 0x01e4  CLFS - ok
13:53:41.0128 0x01e4  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:53:41.0139 0x01e4  clr_optimization_v2.0.50727_32 - ok
13:53:41.0148 0x01e4  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:53:41.0160 0x01e4  clr_optimization_v2.0.50727_64 - ok
13:53:41.0168 0x01e4  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:53:41.0181 0x01e4  clr_optimization_v4.0.30319_32 - ok
13:53:41.0186 0x01e4  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:53:41.0199 0x01e4  clr_optimization_v4.0.30319_64 - ok
13:53:41.0202 0x01e4  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
13:53:41.0215 0x01e4  CmBatt - ok
13:53:41.0218 0x01e4  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:53:41.0228 0x01e4  cmdide - ok
13:53:41.0239 0x01e4  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:53:41.0266 0x01e4  CNG - ok
13:53:41.0270 0x01e4  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
13:53:41.0279 0x01e4  Compbatt - ok
13:53:41.0284 0x01e4  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:53:41.0301 0x01e4  CompositeBus - ok
13:53:41.0304 0x01e4  COMSysApp - ok
13:53:41.0322 0x01e4  [ 08F934092E0429BADF88E9F91DB0F61E, 6E9091C006FFFF261DC61C8E9A45219E47C351296E5355FC4B7242F30E1DDFE3 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
13:53:41.0339 0x01e4  cphs - ok
13:53:41.0343 0x01e4  cpudrv64 - ok
13:53:41.0345 0x01e4  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
13:53:41.0356 0x01e4  crcdisk - ok
13:53:41.0363 0x01e4  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:53:41.0381 0x01e4  CryptSvc - ok
13:53:41.0394 0x01e4  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:53:41.0421 0x01e4  CSC - ok
13:53:41.0438 0x01e4  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:53:41.0471 0x01e4  CscService - ok
13:53:41.0492 0x01e4  [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:53:41.0518 0x01e4  cvhsvc - ok
13:53:41.0533 0x01e4  [ 7A001AC0DE8A7385AAECE1CD9C98D42C, 7A90274C187F2E417E5F997501FD8481A753F089703AC1274F703265179E79C3 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:53:41.0545 0x01e4  DcomLaunch - detected Trojan.Win64.Patched.bj ( 0 )
13:53:42.0219 0x01e4  DcomLaunch ( Trojan.Win64.Patched.bj ) - infected
13:53:42.0219 0x01e4  Force sending object to P2P due to detect: DcomLaunch
13:53:43.0050 0x01e4  Object send P2P result: true
13:53:43.0815 0x01e4  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:53:43.0853 0x01e4  defragsvc - ok
13:53:43.0858 0x01e4  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:53:43.0890 0x01e4  DfsC - ok
13:53:43.0899 0x01e4  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:53:43.0920 0x01e4  Dhcp - ok
13:53:43.0936 0x01e4  [ F4A9AC0561C9944CC262593C7161E0A8, 850011D7F800F899C5A0C63604529714BB6D9AA588F788421E2D428CA48DC727 ] Disc Soft Bus Service C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
13:53:43.0960 0x01e4  Disc Soft Bus Service - ok
13:53:43.0964 0x01e4  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:53:43.0995 0x01e4  discache - ok
13:53:43.0999 0x01e4  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
13:53:44.0010 0x01e4  Disk - ok
13:53:44.0014 0x01e4  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
13:53:44.0029 0x01e4  dmvsc - ok
13:53:44.0035 0x01e4  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:53:44.0052 0x01e4  Dnscache - ok
13:53:44.0059 0x01e4  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:53:44.0096 0x01e4  dot3svc - ok
13:53:44.0102 0x01e4  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:53:44.0135 0x01e4  DPS - ok
13:53:44.0138 0x01e4  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:53:44.0150 0x01e4  drmkaud - ok
13:53:44.0154 0x01e4  [ C9914A74045A6D23DB7252FA3985DE25, 0CB2655DDE564810B4F1449B0CB1C2AD18544197F7D061447399BBA98A40D3DF ] dtscsibus       C:\Windows\system32\DRIVERS\dtscsibus.sys
13:53:44.0163 0x01e4  dtscsibus - ok
13:53:44.0184 0x01e4  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:53:44.0213 0x01e4  DXGKrnl - ok
13:53:44.0220 0x01e4  [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD, 967829CE37158020F6026C588260FCFC6F9852DDDACD622FAF7AB75121DF5B3D ] E1G60           C:\Windows\system32\DRIVERS\E1G6032E.sys
13:53:44.0236 0x01e4  E1G60 - ok
13:53:44.0242 0x01e4  [ D00EAE9C735A7DEE8049E50D73D25434, 26F17401C8255F590885442424171CA906DFEF9DBC34B6D9AC5F53B6F16C52BF ] eamonm          C:\Windows\system32\DRIVERS\eamonm.sys
13:53:44.0255 0x01e4  eamonm - ok
13:53:44.0259 0x01e4  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:53:44.0292 0x01e4  EapHost - ok
13:53:44.0357 0x01e4  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:53:44.0455 0x01e4  ebdrv - ok
13:53:44.0461 0x01e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:53:44.0475 0x01e4  EFS - ok
13:53:44.0480 0x01e4  [ E5EDDE3C8158DD0CBC5812F201DCDED0, F9F429EAE7C20BD7E12F2DD414127502358F5D751DCEFCE74C2695E4157C2AA6 ] ehdrv           C:\Windows\system32\DRIVERS\ehdrv.sys
13:53:44.0491 0x01e4  ehdrv - ok
13:53:44.0508 0x01e4  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:53:44.0539 0x01e4  ehRecvr - ok
13:53:44.0544 0x01e4  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:53:44.0559 0x01e4  ehSched - ok
13:53:44.0582 0x01e4  [ AD4FAADE819E0DA9933BEA7C01D2C763, C29A9FEF45AA7B9D80C545715006C0EDA4729D4E50BB400136619459601449EA ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
13:53:44.0609 0x01e4  ekrn - ok
13:53:44.0624 0x01e4  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
13:53:44.0645 0x01e4  elxstor - ok
13:53:44.0651 0x01e4  [ 3EBB7FD3C605262B942868A1D840F4F1, 80C365C1E04C95E0EF15FC97ADFBF78B055E222172A7FC103774010640F50582 ] epfwwfpr        C:\Windows\system32\DRIVERS\epfwwfpr.sys
13:53:44.0661 0x01e4  epfwwfpr - ok
13:53:44.0664 0x01e4  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:53:44.0677 0x01e4  ErrDev - ok
13:53:44.0690 0x01e4  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:53:44.0731 0x01e4  EventSystem - ok
13:53:44.0737 0x01e4  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:53:44.0771 0x01e4  exfat - ok
13:53:44.0778 0x01e4  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:53:44.0813 0x01e4  fastfat - ok
13:53:44.0830 0x01e4  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:53:44.0861 0x01e4  Fax - ok
13:53:44.0865 0x01e4  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
13:53:44.0879 0x01e4  fdc - ok
13:53:44.0882 0x01e4  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:53:44.0913 0x01e4  fdPHost - ok
13:53:44.0916 0x01e4  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:53:44.0946 0x01e4  FDResPub - ok
13:53:44.0950 0x01e4  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:53:44.0960 0x01e4  FileInfo - ok
13:53:44.0963 0x01e4  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:53:44.0994 0x01e4  Filetrace - ok
13:53:45.0016 0x01e4  [ 8669BE94F63944E4F899C3950B520241, 9991E57B3C366D59BD186CEAA78D4590EDB2BC127250CF4D1522CBE413453E72 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:53:45.0048 0x01e4  FLEXnet Licensing Service - ok
13:53:45.0072 0x01e4  [ 52C0312AB35EB7187015FB6A99136BB5, 54A45B0BF8108D018C86FD0542DA92E7A6F58CDB92C9E3674E115CD770031732 ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:53:45.0102 0x01e4  FLEXnet Licensing Service 64 - detected UnsignedFile.Multi.Generic ( 1 )
13:53:55.0154 0x01e4  FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - warning
13:53:56.0164 0x01e4  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
13:53:56.0177 0x01e4  flpydisk - ok
13:53:56.0185 0x01e4  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:53:56.0202 0x01e4  FltMgr - ok
13:53:56.0227 0x01e4  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:53:56.0271 0x01e4  FontCache - ok
13:53:56.0276 0x01e4  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:53:56.0286 0x01e4  FontCache3.0.0.0 - ok
13:53:56.0299 0x01e4  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:53:56.0310 0x01e4  FsDepends - ok
13:53:56.0315 0x01e4  [ 6C06701BF1DB05405804D7EB610991CE, 75DEB2204D9AC338ED7C4742BEFAFA0AFC7E42B2C1B54A57DF8A1AD097D9EC3E ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
13:53:56.0324 0x01e4  fssfltr - ok
13:53:56.0357 0x01e4  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:53:56.0400 0x01e4  fsssvc - ok
13:53:56.0405 0x01e4  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:53:56.0415 0x01e4  Fs_Rec - ok
13:53:56.0421 0x01e4  [ 5517EFE6FB00DCAA97B9FA6885B0D5EE, 2EA8EF05C01822B6B1008CC189BE87A9D0965D1B092BA55C8F3B0FC365770617 ] fttxr52P        C:\Windows\system32\drivers\fttxr52P.sys
13:53:56.0440 0x01e4  fttxr52P - ok
13:53:56.0447 0x01e4  [ 447A3E6BDA73ED75597818C0D97741BD, 6EC6EFB5750A24D35013BB43D2E5A222ACD03E5AF684E3438DD9F558978AA7B2 ] fttxr5_O        C:\Windows\system32\drivers\fttxr5_O.sys
13:53:56.0467 0x01e4  fttxr5_O - ok
13:53:56.0475 0x01e4  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:53:56.0492 0x01e4  fvevol - ok
13:53:56.0496 0x01e4  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
13:53:56.0507 0x01e4  gagp30kx - ok
13:53:56.0510 0x01e4  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:53:56.0519 0x01e4  GEARAspiWDM - ok
13:53:56.0537 0x01e4  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:53:56.0587 0x01e4  gpsvc - ok
13:53:56.0593 0x01e4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:53:56.0604 0x01e4  gupdate - ok
13:53:56.0608 0x01e4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:53:56.0618 0x01e4  gupdatem - ok
13:53:56.0626 0x01e4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:53:56.0638 0x01e4  gusvc - ok
13:53:56.0641 0x01e4  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:53:56.0655 0x01e4  hcw85cir - ok
13:53:56.0666 0x01e4  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:53:56.0691 0x01e4  HdAudAddService - ok
13:53:56.0696 0x01e4  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:53:56.0714 0x01e4  HDAudBus - ok
13:53:56.0717 0x01e4  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
13:53:56.0730 0x01e4  HidBatt - ok
13:53:56.0734 0x01e4  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
13:53:56.0751 0x01e4  HidBth - ok
13:53:56.0754 0x01e4  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
13:53:56.0769 0x01e4  HidIr - ok
13:53:56.0773 0x01e4  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:53:56.0804 0x01e4  hidserv - ok
13:53:56.0808 0x01e4  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:53:56.0821 0x01e4  HidUsb - ok
13:53:56.0825 0x01e4  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:53:56.0858 0x01e4  hkmsvc - ok
13:53:56.0866 0x01e4  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:53:56.0886 0x01e4  HomeGroupListener - ok
13:53:56.0893 0x01e4  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:53:56.0912 0x01e4  HomeGroupProvider - ok
13:53:56.0916 0x01e4  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:53:56.0928 0x01e4  HpSAMD - ok
13:53:56.0946 0x01e4  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:53:56.0996 0x01e4  HTTP - ok
13:53:57.0000 0x01e4  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:53:57.0010 0x01e4  hwpolicy - ok
13:53:57.0014 0x01e4  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
13:53:57.0029 0x01e4  i8042prt - ok
13:53:57.0043 0x01e4  [ 8180A2392E732E8871589B54FAB6991F, 20FF47D16702925531AF55402A29062F359DD61D029690A02A5C191494B4E302 ] iaStor          C:\Windows\system32\drivers\iaStor.sys
13:53:57.0063 0x01e4  iaStor - ok
13:53:57.0077 0x01e4  [ DB81EDC524A0F07FC2BD0B7415676528, D4DBA43BB935FD5D6E1841C4B1093D22A30B9C8E9991B59B51907186DD205075 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
13:53:57.0100 0x01e4  iaStorA - ok
13:53:57.0105 0x01e4  [ 8FFF9083252C16FE3960173722605E9E, 6546FDA34B9AF94C5E86E5269BBC2F02F1E78D6D4BE5B5EC01F4B284CC934994 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:53:57.0113 0x01e4  IAStorDataMgrSvc - ok
13:53:57.0116 0x01e4  [ 4621FAE7D3C969A1E84A2790D88FCCDE, 1C14E2E1EBBF393B15EA663E2C479B3DC8E1BBDDFA085F0E27FD0CB079F37DAE ] iaStorF         C:\Windows\system32\drivers\iaStorF.sys
13:53:57.0125 0x01e4  iaStorF - ok
13:53:57.0136 0x01e4  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:53:57.0156 0x01e4  iaStorV - ok
13:53:57.0163 0x01e4  [ 83FF82FE209E7997067B375DAD6CF23D, E312DD068E51DBF96A8232D7D1C9F158652FDA23649655F1102928B320795091 ] ICCS            C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
13:53:57.0176 0x01e4  ICCS - ok
13:53:57.0196 0x01e4  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:53:57.0225 0x01e4  idsvc - ok
13:53:57.0228 0x01e4  IEEtwCollectorService - ok
13:53:57.0334 0x01e4  [ 8C44E6B688790E2AD3846C97661C54F1, CB487D167EDA3C1E30BD5FB8F98C15EB9E75A6FB793009C2F1BBCAAB4285F772 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
13:53:57.0488 0x01e4  igfx - ok
13:53:57.0497 0x01e4  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
13:53:57.0508 0x01e4  iirsp - ok
13:53:57.0528 0x01e4  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:53:57.0564 0x01e4  IKEEXT - ok
13:53:57.0620 0x01e4  [ 9297BC7FB61F58670EE176DD18F4DD92, 92B165ACDBF2AC602BBA63FD62D62ABE2E39FA398709C41601D314D36B552D74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:53:57.0685 0x01e4  IntcAzAudAddService - ok
13:53:57.0697 0x01e4  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
13:53:57.0719 0x01e4  IntcDAud - ok
13:53:57.0722 0x01e4  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:53:57.0732 0x01e4  intelide - ok
13:53:57.0736 0x01e4  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:53:57.0750 0x01e4  intelppm - ok
13:53:57.0755 0x01e4  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:53:57.0789 0x01e4  IPBusEnum - ok
13:53:57.0793 0x01e4  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:53:57.0824 0x01e4  IpFilterDriver - ok
13:53:57.0838 0x01e4  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:53:57.0868 0x01e4  iphlpsvc - ok
13:53:57.0873 0x01e4  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:53:57.0888 0x01e4  IPMIDRV - ok
13:53:57.0893 0x01e4  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:53:57.0926 0x01e4  IPNAT - ok
13:53:57.0941 0x01e4  [ B474C756C13960793C7583B766F904C4, 39D5866BADB10B4422C0A44A2A7001FB64E7A22F5D763F8EFCD7F46062F74052 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:53:57.0964 0x01e4  iPod Service - ok
13:53:57.0968 0x01e4  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:53:57.0985 0x01e4  IRENUM - ok
13:53:57.0988 0x01e4  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:53:57.0998 0x01e4  isapnp - ok
13:53:58.0006 0x01e4  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:53:58.0024 0x01e4  iScsiPrt - ok
13:53:58.0031 0x01e4  [ 0B44199365A69696109AB9A5855E0841, 7A2044C641FFFB9D4B19BED0E520FEEF570116EB3C9F4284D70560DD93A19A25 ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
13:53:58.0043 0x01e4  JMCR - ok
13:53:58.0048 0x01e4  [ 9B9562FE991313AD827954CB5B90BED3, 3B9470BF7E3D7A28B5A454BCC17BF5D35B45BFC1253043EFE589FA7493AB1D27 ] JME             C:\Windows\system32\DRIVERS\JME.sys
13:53:58.0059 0x01e4  JME - ok
13:53:58.0062 0x01e4  [ 38BD6037FD2A6243A7606C0E87B847E5, 59EA889596F306FD0D67D94D97E2470006D1404F62A771415F10529A39F655D9 ] johci           C:\Windows\system32\drivers\johci.sys
13:53:58.0070 0x01e4  johci - ok
13:53:58.0075 0x01e4  [ 50DE7DD7EDB1B512B13666588AEFBF6F, 47FFBA2CA40718614C5A43C2D231B46C22E96221B9EFD8BD4C2D355412811DF4 ] JRAID           C:\Windows\system32\drivers\jraid.sys
13:53:58.0087 0x01e4  JRAID - ok
13:53:58.0090 0x01e4  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
13:53:58.0100 0x01e4  kbdclass - ok
13:53:58.0104 0x01e4  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
13:53:58.0117 0x01e4  kbdhid - ok
13:53:58.0120 0x01e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:53:58.0133 0x01e4  KeyIso - ok
13:53:58.0138 0x01e4  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:53:58.0150 0x01e4  KSecDD - ok
13:53:58.0156 0x01e4  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:53:58.0169 0x01e4  KSecPkg - ok
13:53:58.0172 0x01e4  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:53:58.0202 0x01e4  ksthunk - ok
13:53:58.0212 0x01e4  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:53:58.0254 0x01e4  KtmRm - ok
13:53:58.0261 0x01e4  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:53:58.0300 0x01e4  LanmanServer - ok
13:53:58.0305 0x01e4  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:53:58.0341 0x01e4  LanmanWorkstation - ok
13:53:58.0347 0x01e4  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:53:58.0379 0x01e4  lltdio - ok
13:53:58.0388 0x01e4  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:53:58.0427 0x01e4  lltdsvc - ok
13:53:58.0430 0x01e4  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:53:58.0463 0x01e4  lmhosts - ok
13:53:58.0469 0x01e4  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
13:53:58.0481 0x01e4  LSI_FC - ok
13:53:58.0486 0x01e4  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:53:58.0498 0x01e4  LSI_SAS - ok
13:53:58.0502 0x01e4  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
13:53:58.0513 0x01e4  LSI_SAS2 - ok
13:53:58.0518 0x01e4  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
13:53:58.0531 0x01e4  LSI_SCSI - ok
13:53:58.0536 0x01e4  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:53:58.0569 0x01e4  luafv - ok
13:53:58.0575 0x01e4  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:53:58.0591 0x01e4  Mcx2Svc - ok
13:53:58.0595 0x01e4  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
13:53:58.0605 0x01e4  megasas - ok
13:53:58.0614 0x01e4  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
13:53:58.0630 0x01e4  MegaSR - ok
13:53:58.0634 0x01e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:53:58.0667 0x01e4  MMCSS - ok
13:53:58.0671 0x01e4  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:53:58.0702 0x01e4  Modem - ok
13:53:58.0705 0x01e4  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:53:58.0720 0x01e4  monitor - ok
13:53:58.0724 0x01e4  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:53:58.0734 0x01e4  mouclass - ok
13:53:58.0737 0x01e4  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:53:58.0750 0x01e4  mouhid - ok
13:53:58.0755 0x01e4  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:53:58.0766 0x01e4  mountmgr - ok
13:53:58.0771 0x01e4  [ 4E9D8041D352A33332FD6F59A3A78B03, D4E6229B07EF9866993EEE4F6223DC7F1FF1108273FE14A3DC74E65C181DE56A ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:53:58.0783 0x01e4  MozillaMaintenance - ok
13:53:58.0789 0x01e4  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:53:58.0802 0x01e4  mpio - ok
13:53:58.0807 0x01e4  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:53:58.0839 0x01e4  mpsdrv - ok
13:53:58.0859 0x01e4  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:53:58.0913 0x01e4  MpsSvc - ok
13:53:58.0919 0x01e4  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:53:58.0934 0x01e4  MRxDAV - ok
13:53:58.0940 0x01e4  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:53:58.0958 0x01e4  mrxsmb - ok
13:53:58.0966 0x01e4  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:53:58.0986 0x01e4  mrxsmb10 - ok
13:53:58.0992 0x01e4  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:53:59.0007 0x01e4  mrxsmb20 - ok
13:53:59.0010 0x01e4  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:53:59.0020 0x01e4  msahci - ok
13:53:59.0026 0x01e4  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:53:59.0039 0x01e4  msdsm - ok
13:53:59.0045 0x01e4  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:53:59.0063 0x01e4  MSDTC - ok
13:53:59.0068 0x01e4  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:53:59.0098 0x01e4  Msfs - ok
13:53:59.0101 0x01e4  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:53:59.0132 0x01e4  mshidkmdf - ok
13:53:59.0135 0x01e4  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:53:59.0144 0x01e4  msisadrv - ok
13:53:59.0151 0x01e4  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:53:59.0188 0x01e4  MSiSCSI - ok
13:53:59.0190 0x01e4  msiserver - ok
13:53:59.0193 0x01e4  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:53:59.0224 0x01e4  MSKSSRV - ok
13:53:59.0227 0x01e4  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:53:59.0257 0x01e4  MSPCLOCK - ok
13:53:59.0260 0x01e4  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:53:59.0290 0x01e4  MSPQM - ok
13:53:59.0300 0x01e4  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:53:59.0319 0x01e4  MsRPC - ok
13:53:59.0323 0x01e4  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:53:59.0333 0x01e4  mssmbios - ok
13:53:59.0336 0x01e4  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:53:59.0366 0x01e4  MSTEE - ok
13:53:59.0369 0x01e4  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
13:53:59.0382 0x01e4  MTConfig - ok
13:53:59.0385 0x01e4  [ 032D35C996F21D19A205A7C8F0B76F3C, 1A1C5BD7204BB937A05E201BCC0840B2C8E4B273D8E1D6D9407264FB4C57F014 ] MTsensor        C:\Windows\system32\drivers\ATK64AMD.sys
13:53:59.0394 0x01e4  MTsensor - ok
13:53:59.0397 0x01e4  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:53:59.0408 0x01e4  Mup - ok
13:53:59.0414 0x01e4  [ CC1A36AF49A058FDF7B54A32FA8DD38C, 296ACF07667228F783607A9FCCE25E3AAA18E2A12C664F60C9E6629286FBA52A ] mv61xx          C:\Windows\system32\drivers\mv61xx.sys
13:53:59.0427 0x01e4  mv61xx - ok
13:53:59.0436 0x01e4  [ C752AB67A50F921622FE65725D1F6856, 95582EB3B0E36793AEE7BC251C12D767F5627BD1B68831C5E4B96E6D3BDEF2BA ] mv91xx          C:\Windows\system32\drivers\mv91xx.sys
13:53:59.0451 0x01e4  mv91xx - ok
13:53:59.0464 0x01e4  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:53:59.0508 0x01e4  napagent - ok
13:53:59.0517 0x01e4  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:53:59.0542 0x01e4  NativeWifiP - ok
13:53:59.0564 0x01e4  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:53:59.0595 0x01e4  NDIS - ok
13:53:59.0599 0x01e4  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:53:59.0631 0x01e4  NdisCap - ok
13:53:59.0634 0x01e4  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:53:59.0665 0x01e4  NdisTapi - ok
13:53:59.0669 0x01e4  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:53:59.0699 0x01e4  Ndisuio - ok
13:53:59.0705 0x01e4  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:53:59.0738 0x01e4  NdisWan - ok
13:53:59.0742 0x01e4  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:53:59.0773 0x01e4  NDProxy - ok
13:53:59.0776 0x01e4  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:53:59.0808 0x01e4  NetBIOS - ok
13:53:59.0816 0x01e4  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:53:59.0852 0x01e4  NetBT - ok
13:53:59.0856 0x01e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:53:59.0869 0x01e4  Netlogon - ok
13:53:59.0879 0x01e4  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:53:59.0922 0x01e4  Netman - ok
13:53:59.0932 0x01e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:59.0948 0x01e4  NetMsmqActivator - ok
13:53:59.0953 0x01e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:53:59.0967 0x01e4  NetPipeActivator - ok
13:53:59.0983 0x01e4  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:54:00.0028 0x01e4  netprofm - ok
13:54:00.0034 0x01e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:54:00.0047 0x01e4  NetTcpActivator - ok
13:54:00.0052 0x01e4  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:54:00.0065 0x01e4  NetTcpPortSharing - ok
13:54:00.0069 0x01e4  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
13:54:00.0080 0x01e4  nfrd960 - ok
13:54:00.0089 0x01e4  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:54:00.0111 0x01e4  NlaSvc - ok
13:54:00.0114 0x01e4  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:54:00.0144 0x01e4  Npfs - ok
13:54:00.0147 0x01e4  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:54:00.0180 0x01e4  nsi - ok
13:54:00.0183 0x01e4  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:54:00.0213 0x01e4  nsiproxy - ok
13:54:00.0249 0x01e4  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:54:00.0299 0x01e4  Ntfs - ok
13:54:00.0303 0x01e4  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:54:00.0334 0x01e4  Null - ok
13:54:00.0338 0x01e4  [ A7127E86F9FFE2A53E271B56B2C4CEDF, 9C8D60290B66976BBC6E6FE0C2B8EBBCF65B019C95116565CA75098E9F66C05D ] nusb3hub        C:\Windows\system32\drivers\nusb3hub.sys
13:54:00.0352 0x01e4  nusb3hub - ok
13:54:00.0358 0x01e4  [ 49BBEC6F48D5F9284B03ABF3A959B19B, 688AFDFA9E2F0AB3BDE22EC55C70FD592AA0236557DA9310E1557C083307CEC5 ] nusb3xhc        C:\Windows\system32\drivers\nusb3xhc.sys
13:54:00.0375 0x01e4  nusb3xhc - ok
13:54:00.0624 0x01e4  [ 757ACE4D4C9FF0571F86AA5D586B45E8, E7F23CC1DE26E2DAA690B78B05FC001EE0051F0ED9B9BCE9E7FA4E9684D4F3D4 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:54:00.0887 0x01e4  nvlddmkm - ok
13:54:00.0929 0x01e4  [ 1C7C6D7481CABD4EF38A81F5B68F02E8, C4FBE81B8A3F280EEAC282D76626E849197EDEEC8C755B7B12E3594776390DE7 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
13:54:00.0971 0x01e4  NvNetworkService - ok
13:54:00.0976 0x01e4  [ 445422B928D2FE322BB6B956EA77DC7B, 101D940D323BE6086FE0743B34C8717C573B07566334843E571CE6365BEE16D4 ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
13:54:00.0985 0x01e4  nvpciflt - ok
13:54:00.0991 0x01e4  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:54:01.0004 0x01e4  nvraid - ok
13:54:01.0010 0x01e4  [ 05C69A2E1DA96540B0B4E4FA7E9534C7, 89CA4B94E9647C19FC8C35B141ADCF0E95456B1CAA97747455BADFC64DD8DE12 ] nvrd64          C:\Windows\system32\drivers\nvrd64.sys
13:54:01.0022 0x01e4  nvrd64 - ok
13:54:01.0028 0x01e4  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:54:01.0042 0x01e4  nvstor - ok
13:54:01.0050 0x01e4  [ 7C7EEF51979658CE15BBC04F96A77D56, 3363DA5B1C4E22D1B3AC368CB66B22221C435B98FACFA7BAD675B7D46D35F662 ] nvstor64        C:\Windows\system32\drivers\nvstor64.sys
13:54:01.0064 0x01e4  nvstor64 - ok
13:54:01.0360 0x01e4  [ 7A03646D5330A790A9D47D9F9C38758D, D22F100BBB94C45468ADD301CC96C15365FEAEC9FE820AA4E7AB1A7AF486E3B0 ] NvStreamSvc     C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
13:54:01.0703 0x01e4  NvStreamSvc - ok
13:54:01.0737 0x01e4  [ 1C7CC708AC4A02A3BE8915539780534A, 0EBDE100880963BF1EC05002BA244CA7700693E958D1974CDD2AC3927D93224F ] NVSvc           C:\Windows\system32\nvvsvc.exe
13:54:01.0768 0x01e4  NVSvc - ok
13:54:01.0772 0x01e4  [ 09216A70CC364D0974F606F6F2109210, 60877154D4DF5287D1989CDAA9863CD6DACA528D06233238498854A10C868C20 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
13:54:01.0782 0x01e4  nvvad_WaveExtensible - ok
13:54:01.0787 0x01e4  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:54:01.0799 0x01e4  nv_agp - ok
13:54:01.0803 0x01e4  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:54:01.0817 0x01e4  ohci1394 - ok
13:54:01.0823 0x01e4  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:54:01.0834 0x01e4  ose - ok
13:54:01.0929 0x01e4  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:54:02.0048 0x01e4  osppsvc - ok
13:54:02.0063 0x01e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:54:02.0086 0x01e4  p2pimsvc - ok
13:54:02.0098 0x01e4  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:54:02.0123 0x01e4  p2psvc - ok
13:54:02.0128 0x01e4  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\drivers\parport.sys
13:54:02.0143 0x01e4  Parport - ok
13:54:02.0147 0x01e4  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:54:02.0158 0x01e4  partmgr - ok
13:54:02.0164 0x01e4  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:54:02.0187 0x01e4  PcaSvc - ok
13:54:02.0194 0x01e4  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:54:02.0207 0x01e4  pci - ok
13:54:02.0210 0x01e4  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:54:02.0220 0x01e4  pciide - ok
13:54:02.0227 0x01e4  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:54:02.0243 0x01e4  pcmcia - ok
13:54:02.0246 0x01e4  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:54:02.0257 0x01e4  pcw - ok
13:54:02.0272 0x01e4  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:54:02.0321 0x01e4  PEAUTH - ok
13:54:02.0351 0x01e4  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:54:02.0403 0x01e4  PeerDistSvc - ok
13:54:02.0419 0x01e4  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:54:02.0435 0x01e4  PerfHost - ok
13:54:02.0468 0x01e4  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:54:02.0536 0x01e4  pla - ok
13:54:02.0549 0x01e4  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:54:02.0574 0x01e4  PlugPlay - ok
13:54:02.0577 0x01e4  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:54:02.0592 0x01e4  PNRPAutoReg - ok
13:54:02.0601 0x01e4  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:54:02.0622 0x01e4  PNRPsvc - ok
13:54:02.0635 0x01e4  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:54:02.0679 0x01e4  PolicyAgent - ok
13:54:02.0686 0x01e4  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:54:02.0724 0x01e4  Power - ok
13:54:02.0728 0x01e4  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:54:02.0760 0x01e4  PptpMiniport - ok
13:54:02.0763 0x01e4  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
13:54:02.0778 0x01e4  Processor - ok
13:54:02.0785 0x01e4  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:54:02.0806 0x01e4  ProfSvc - ok
13:54:02.0809 0x01e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:54:02.0823 0x01e4  ProtectedStorage - ok
13:54:02.0828 0x01e4  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:54:02.0860 0x01e4  Psched - ok
13:54:02.0893 0x01e4  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
13:54:02.0938 0x01e4  ql2300 - ok
13:54:02.0945 0x01e4  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
13:54:02.0957 0x01e4  ql40xx - ok
13:54:02.0965 0x01e4  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:54:02.0989 0x01e4  QWAVE - ok
13:54:02.0992 0x01e4  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:54:03.0010 0x01e4  QWAVEdrv - ok
13:54:03.0012 0x01e4  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:54:03.0042 0x01e4  RasAcd - ok
13:54:03.0047 0x01e4  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:54:03.0077 0x01e4  RasAgileVpn - ok
13:54:03.0082 0x01e4  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:54:03.0117 0x01e4  RasAuto - ok
13:54:03.0122 0x01e4  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:54:03.0156 0x01e4  Rasl2tp - ok
13:54:03.0166 0x01e4  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:54:03.0206 0x01e4  RasMan - ok
13:54:03.0211 0x01e4  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:54:03.0244 0x01e4  RasPppoe - ok
13:54:03.0249 0x01e4  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:54:03.0281 0x01e4  RasSstp - ok
13:54:03.0290 0x01e4  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:54:03.0327 0x01e4  rdbss - ok
13:54:03.0330 0x01e4  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:54:03.0346 0x01e4  rdpbus - ok
13:54:03.0348 0x01e4  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:54:03.0379 0x01e4  RDPCDD - ok
13:54:03.0387 0x01e4  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:54:03.0404 0x01e4  RDPDR - ok
13:54:03.0407 0x01e4  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:54:03.0437 0x01e4  RDPENCDD - ok
13:54:03.0440 0x01e4  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:54:03.0470 0x01e4  RDPREFMP - ok
13:54:03.0474 0x01e4  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:54:03.0488 0x01e4  RdpVideoMiniport - ok
13:54:03.0495 0x01e4  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:54:03.0513 0x01e4  RDPWD - ok
13:54:03.0520 0x01e4  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:54:03.0536 0x01e4  rdyboost - ok
13:54:03.0540 0x01e4  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:54:03.0575 0x01e4  RemoteAccess - ok
13:54:03.0582 0x01e4  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:54:03.0618 0x01e4  RemoteRegistry - ok
13:54:03.0623 0x01e4  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:54:03.0657 0x01e4  RpcEptMapper - ok
13:54:03.0660 0x01e4  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:54:03.0674 0x01e4  RpcLocator - ok
13:54:03.0687 0x01e4  [ 7A001AC0DE8A7385AAECE1CD9C98D42C, 7A90274C187F2E417E5F997501FD8481A753F089703AC1274F703265179E79C3 ] RpcSs           C:\Windows\system32\rpcss.dll
13:54:03.0699 0x01e4  RpcSs - detected Trojan.Win64.Patched.bj ( 0 )
13:54:03.0699 0x01e4  RpcSs ( Trojan.Win64.Patched.bj ) - infected
13:54:03.0699 0x01e4  Force sending object to P2P due to detect: RpcSs
13:54:04.0783 0x01e4  Object send P2P result: true
13:54:05.0736 0x01e4  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:54:05.0769 0x01e4  rspndr - ok
13:54:05.0788 0x01e4  [ FD66FFCE55D6F5D78FD9939F10E81569, AE44D0F1E682B7632F1DAE0EC298E6D6D8C472B46E3E402F11DA65BE30F29BCE ] RTL8192Ce       C:\Windows\system32\DRIVERS\rtl8192Ce.sys
13:54:05.0815 0x01e4  RTL8192Ce - ok
13:54:05.0819 0x01e4  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:54:05.0831 0x01e4  s3cap - ok
13:54:05.0834 0x01e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:54:05.0847 0x01e4  SamSs - ok
13:54:05.0851 0x01e4  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:54:05.0863 0x01e4  sbp2port - ok
13:54:05.0870 0x01e4  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:54:05.0906 0x01e4  SCardSvr - ok
13:54:05.0910 0x01e4  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:54:05.0940 0x01e4  scfilter - ok
13:54:05.0966 0x01e4  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:54:06.0029 0x01e4  Schedule - ok
13:54:06.0034 0x01e4  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:54:06.0065 0x01e4  SCPolicySvc - ok
13:54:06.0094 0x01e4  [ 1E1FDA546C41AE15EFE7D61C425C929F, C553E552F1062B0306BA91DBEBADB8B490769F081FE345A645A145371B336A4B ] ScrybeUpdater   C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
13:54:06.0135 0x01e4  ScrybeUpdater - detected UnsignedFile.Multi.Generic ( 1 )
13:54:08.0611 0x01e4  Detect skipped due to KSN trusted
13:54:08.0611 0x01e4  ScrybeUpdater - ok
13:54:08.0618 0x01e4  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:54:08.0638 0x01e4  SDRSVC - ok
13:54:08.0641 0x01e4  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:54:08.0672 0x01e4  secdrv - ok
13:54:08.0676 0x01e4  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:54:08.0707 0x01e4  seclogon - ok
13:54:08.0711 0x01e4  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:54:08.0756 0x01e4  SENS - ok
13:54:08.0759 0x01e4  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:54:08.0774 0x01e4  SensrSvc - ok
13:54:08.0777 0x01e4  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
13:54:08.0791 0x01e4  Serenum - ok
13:54:08.0795 0x01e4  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
13:54:08.0810 0x01e4  Serial - ok
13:54:08.0814 0x01e4  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
13:54:08.0827 0x01e4  sermouse - ok
13:54:08.0835 0x01e4  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:54:08.0870 0x01e4  SessionEnv - ok
13:54:08.0873 0x01e4  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:54:08.0888 0x01e4  sffdisk - ok
13:54:08.0891 0x01e4  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:54:08.0907 0x01e4  sffp_mmc - ok
13:54:08.0909 0x01e4  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:54:08.0924 0x01e4  sffp_sd - ok
13:54:08.0927 0x01e4  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
13:54:08.0941 0x01e4  sfloppy - ok
13:54:08.0959 0x01e4  [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
13:54:08.0985 0x01e4  Sftfs - ok
13:54:08.0999 0x01e4  [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist         C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:54:09.0021 0x01e4  sftlist - ok
13:54:09.0030 0x01e4  [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:54:09.0046 0x01e4  Sftplay - ok
13:54:09.0049 0x01e4  [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:54:09.0059 0x01e4  Sftredir - ok
13:54:09.0063 0x01e4  [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
13:54:09.0073 0x01e4  Sftvol - ok
13:54:09.0079 0x01e4  [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:54:09.0094 0x01e4  sftvsa - ok
13:54:09.0104 0x01e4  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:54:09.0145 0x01e4  SharedAccess - ok
13:54:09.0156 0x01e4  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:54:09.0198 0x01e4  ShellHWDetection - ok
13:54:09.0202 0x01e4  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:54:09.0213 0x01e4  SiSRaid2 - ok
13:54:09.0217 0x01e4  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:54:09.0229 0x01e4  SiSRaid4 - ok
13:54:09.0236 0x01e4  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:54:09.0251 0x01e4  SkypeUpdate - ok
13:54:09.0256 0x01e4  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:54:09.0289 0x01e4  Smb - ok
13:54:09.0294 0x01e4  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:54:09.0310 0x01e4  SNMPTRAP - ok
13:54:09.0313 0x01e4  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:54:09.0323 0x01e4  spldr - ok
13:54:09.0337 0x01e4  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:54:09.0366 0x01e4  Spooler - ok
13:54:09.0440 0x01e4  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:54:09.0562 0x01e4  sppsvc - ok
13:54:09.0570 0x01e4  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:54:09.0603 0x01e4  sppuinotify - ok
13:54:09.0615 0x01e4  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:54:09.0640 0x01e4  srv - ok
13:54:09.0652 0x01e4  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:54:09.0675 0x01e4  srv2 - ok
13:54:09.0682 0x01e4  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:54:09.0699 0x01e4  srvnet - ok
13:54:09.0706 0x01e4  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:54:09.0743 0x01e4  SSDPSRV - ok
13:54:09.0747 0x01e4  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:54:09.0781 0x01e4  SstpSvc - ok
13:54:09.0798 0x01e4  [ 8ABBE9996AFB085E080783C2FDEE6480, E8F865DBC0F7EA9CB07EB56F18E898EFEA04FC3DD230B34ED98EC3CACCEAEFC1 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:54:09.0821 0x01e4  Steam Client Service - ok
13:54:09.0825 0x01e4  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:54:09.0835 0x01e4  stexstor - ok
13:54:09.0838 0x01e4  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\drivers\serscan.sys
13:54:09.0851 0x01e4  StillCam - ok
13:54:09.0866 0x01e4  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:54:09.0901 0x01e4  stisvc - ok
13:54:09.0905 0x01e4  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:54:09.0916 0x01e4  storflt - ok
13:54:09.0919 0x01e4  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
13:54:09.0934 0x01e4  StorSvc - ok
13:54:09.0937 0x01e4  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:54:09.0948 0x01e4  storvsc - ok
13:54:09.0951 0x01e4  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:54:09.0961 0x01e4  swenum - ok
13:54:09.0974 0x01e4  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:54:10.0021 0x01e4  swprv - ok
13:54:10.0057 0x01e4  [ 08425CD92972C6430F350A9697F4A553, F6DAA0EB637232BEA34B73AB1E59F55A6602F209A10529D486B8134AA002762D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:54:10.0094 0x01e4  SynTP - ok
13:54:10.0132 0x01e4  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:54:10.0196 0x01e4  SysMain - ok
13:54:10.0202 0x01e4  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:54:10.0224 0x01e4  TabletInputService - ok
13:54:10.0233 0x01e4  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:54:10.0273 0x01e4  TapiSrv - ok
13:54:10.0277 0x01e4  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:54:10.0310 0x01e4  TBS - ok
13:54:10.0350 0x01e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:54:10.0403 0x01e4  Tcpip - ok
13:54:10.0444 0x01e4  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:54:10.0490 0x01e4  TCPIP6 - ok
13:54:10.0497 0x01e4  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:54:10.0509 0x01e4  tcpipreg - ok
13:54:10.0513 0x01e4  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:54:10.0526 0x01e4  TDPIPE - ok
13:54:10.0529 0x01e4  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:54:10.0541 0x01e4  TDTCP - ok
13:54:10.0546 0x01e4  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:54:10.0579 0x01e4  tdx - ok
13:54:10.0583 0x01e4  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:54:10.0594 0x01e4  TermDD - ok
13:54:10.0610 0x01e4  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:54:10.0659 0x01e4  TermService - ok
13:54:10.0663 0x01e4  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:54:10.0682 0x01e4  Themes - ok
13:54:10.0686 0x01e4  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:54:10.0717 0x01e4  THREADORDER - ok
13:54:10.0723 0x01e4  [ BDFC55C2389D23C7E36A627BD580EE98, E25CF1C01CF90B348333A0CBAF26F8F5751AE725E6059C35C492E00479105B70 ] tihub3          C:\Windows\system32\DRIVERS\tihub3.sys
13:54:10.0734 0x01e4  tihub3 - ok
13:54:10.0745 0x01e4  [ EBEDBC08C2E5EB4EC8E3DA4BF3D827B1, FC465EAF5C2E44F279B54B13C88ACCE565B1C9C6DDEB8D87FD0CD6CD3AA1AABC ] tixhci          C:\Windows\system32\DRIVERS\tixhci.sys
13:54:10.0761 0x01e4  tixhci - ok
13:54:10.0766 0x01e4  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:54:10.0801 0x01e4  TrkWks - ok
13:54:10.0805 0x01e4  [ 6D95A713F03A9AE56E99D00E809F2F90, BAECF0B7C21DA3868555179D51084CE956D38C53CD9384831F5D25DF8E989971 ] TrueSight       C:\Windows\System32\drivers\TrueSight.sys
13:54:10.0827 0x01e4  TrueSight - ok
13:54:10.0834 0x01e4  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:54:10.0867 0x01e4  TrustedInstaller - ok
13:54:10.0872 0x01e4  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:54:10.0885 0x01e4  tssecsrv - ok
13:54:10.0889 0x01e4  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:54:10.0903 0x01e4  TsUsbFlt - ok
13:54:10.0906 0x01e4  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
13:54:10.0919 0x01e4  TsUsbGD - ok
13:54:10.0924 0x01e4  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:54:10.0957 0x01e4  tunnel - ok
13:54:10.0960 0x01e4  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
13:54:10.0972 0x01e4  uagp35 - ok
13:54:10.0982 0x01e4  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:54:11.0021 0x01e4  udfs - ok
13:54:11.0027 0x01e4  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:54:11.0042 0x01e4  UI0Detect - ok
13:54:11.0046 0x01e4  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:54:11.0058 0x01e4  uliagpkx - ok
13:54:11.0061 0x01e4  [ 1536B8A53DF917E5A3F3B0207DF06FDA, 99D4FD8F3318871C44C09512182C5C6A37AB7DEA181E945866E0871CCB88E12E ] Ultra           C:\Windows\system32\drivers\Ultra.sys
13:54:11.0075 0x01e4  Ultra - ok
13:54:11.0079 0x01e4  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:54:11.0093 0x01e4  umbus - ok
13:54:11.0095 0x01e4  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
13:54:11.0108 0x01e4  UmPass - ok
13:54:11.0116 0x01e4  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:54:11.0136 0x01e4  UmRdpService - ok
13:54:11.0146 0x01e4  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:54:11.0187 0x01e4  upnphost - ok
13:54:11.0192 0x01e4  [ 43228F8EDD1B0BCDD3145AD246E63D39, 108D8793E9F94C0A0E895398599B359121751F2E7BAA8B7BD24838AEF646726D ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
13:54:11.0205 0x01e4  USBAAPL64 - ok
13:54:11.0211 0x01e4  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:54:11.0226 0x01e4  usbaudio - ok
13:54:11.0231 0x01e4  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:54:11.0246 0x01e4  usbccgp - ok
13:54:11.0251 0x01e4  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:54:11.0266 0x01e4  usbcir - ok
13:54:11.0270 0x01e4  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:54:11.0284 0x01e4  usbehci - ok
13:54:11.0294 0x01e4  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:54:11.0316 0x01e4  usbhub - ok
13:54:11.0320 0x01e4  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:54:11.0333 0x01e4  usbohci - ok
13:54:11.0336 0x01e4  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:54:11.0352 0x01e4  usbprint - ok
13:54:11.0356 0x01e4  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
13:54:11.0370 0x01e4  usbscan - ok
13:54:11.0374 0x01e4  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:54:11.0389 0x01e4  USBSTOR - ok
13:54:11.0393 0x01e4  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:54:11.0406 0x01e4  usbuhci - ok
13:54:11.0412 0x01e4  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:54:11.0429 0x01e4  usbvideo - ok
13:54:11.0432 0x01e4  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:54:11.0465 0x01e4  UxSms - ok
13:54:11.0468 0x01e4  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:54:11.0481 0x01e4  VaultSvc - ok
13:54:11.0485 0x01e4  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:54:11.0495 0x01e4  vdrvroot - ok
13:54:11.0509 0x01e4  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:54:11.0554 0x01e4  vds - ok
13:54:11.0558 0x01e4  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:54:11.0573 0x01e4  vga - ok
13:54:11.0576 0x01e4  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:54:11.0606 0x01e4  VgaSave - ok
13:54:11.0613 0x01e4  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:54:11.0628 0x01e4  vhdmp - ok
13:54:11.0631 0x01e4  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:54:11.0641 0x01e4  viaide - ok
13:54:11.0647 0x01e4  [ A9DC487794C1A40D0B888CA558B02650, 1B0A785CDA710092C2EB4AFBD3F1EE4A245D349143DCB07B0AF70FBD6580A931 ] viamrx64        C:\Windows\system32\drivers\viamrx64.sys
13:54:11.0665 0x01e4  viamrx64 - ok
13:54:11.0668 0x01e4  [ 3D32C3161B10F2B2256E350AA79DE2D1, 6B8AAF7173A2A817243DF170D22F57F63B9E5A773D47DB9A6A10F4F7825EBA10 ] ViBusX64        C:\Windows\system32\drivers\ViBusX64.sys
13:54:11.0680 0x01e4  ViBusX64 - ok
13:54:11.0682 0x01e4  [ 80BD460F6546CC540482FC61D7A9AAEC, 541FEBEF76036170D303381C48F1D83C1FBEA59E5BC6C03EF618635CCD7EBE66 ] videX64         C:\Windows\system32\drivers\videX64.sys
13:54:11.0695 0x01e4  videX64 - ok
13:54:11.0699 0x01e4  [ DE2067337BF596F1CCDA7B9D410D591E, CEBD10BC81936BE20D1F1F0412A043DD2F18EEFE5E7153723A485803D71C0721 ] ViPrtX64        C:\Windows\system32\drivers\ViPrtX64.sys
13:54:11.0712 0x01e4  ViPrtX64 - ok
13:54:11.0719 0x01e4  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:54:11.0734 0x01e4  vmbus - ok
13:54:11.0738 0x01e4  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:54:11.0750 0x01e4  VMBusHID - ok
13:54:11.0754 0x01e4  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:54:11.0765 0x01e4  volmgr - ok
13:54:11.0776 0x01e4  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:54:11.0793 0x01e4  volmgrx - ok
13:54:11.0802 0x01e4  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:54:11.0818 0x01e4  volsnap - ok
13:54:11.0824 0x01e4  [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61, 1EAA4D8D35008E4D5C4AEA91C3ABD3D5BB5F8DF2D95D35792B3F3BB31EABB7CF ] vpcbus          C:\Windows\system32\drivers\vpchbus.sys
13:54:11.0842 0x01e4  vpcbus - ok
13:54:11.0846 0x01e4  [ 8ACDA395841538CE9713A67FE8B2A3EB, D74D6AF8059C1CD59A5DDB03095BC46FF7808DA358FB64D71B53940DEE6356D9 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:54:11.0857 0x01e4  vpcnfltr - ok
13:54:11.0861 0x01e4  [ 31924E31BC315773E6D149B157DB46D5, 8E2A8785D2D7327F9DE046E6245F233280395AA42D5BAD1048021109628840C2 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
13:54:11.0876 0x01e4  vpcusb - ok
13:54:11.0887 0x01e4  [ C5B651E52540E6F46DA66574C74B4898, 4292E1D574FB0AF1D61F17F88D82A1A77738A3F7ECECB49FF20997FEC99078B2 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
13:54:11.0904 0x01e4  vpcvmm - ok
13:54:11.0911 0x01e4  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:54:11.0924 0x01e4  vsmraid - ok
13:54:11.0959 0x01e4  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:54:12.0032 0x01e4  VSS - ok
13:54:12.0036 0x01e4  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:54:12.0052 0x01e4  vwifibus - ok
13:54:12.0056 0x01e4  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:54:12.0074 0x01e4  vwififlt - ok
13:54:12.0085 0x01e4  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:54:12.0128 0x01e4  W32Time - ok
13:54:12.0132 0x01e4  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
13:54:12.0146 0x01e4  WacomPen - ok
13:54:12.0151 0x01e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:54:12.0183 0x01e4  WANARP - ok
13:54:12.0187 0x01e4  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:54:12.0218 0x01e4  Wanarpv6 - ok
13:54:12.0246 0x01e4  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:54:12.0283 0x01e4  WatAdminSvc - ok
13:54:12.0317 0x01e4  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:54:12.0369 0x01e4  wbengine - ok
13:54:12.0378 0x01e4  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:54:12.0401 0x01e4  WbioSrvc - ok
13:54:12.0411 0x01e4  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:54:12.0439 0x01e4  wcncsvc - ok
13:54:12.0443 0x01e4  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:54:12.0458 0x01e4  WcsPlugInService - ok
13:54:12.0461 0x01e4  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
13:54:12.0471 0x01e4  Wd - ok
13:54:12.0489 0x01e4  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:54:12.0517 0x01e4  Wdf01000 - ok
13:54:12.0523 0x01e4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:54:12.0545 0x01e4  WdiServiceHost - ok
13:54:12.0548 0x01e4  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:54:12.0568 0x01e4  WdiSystemHost - ok
13:54:12.0576 0x01e4  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:54:12.0598 0x01e4  WebClient - ok
13:54:12.0606 0x01e4  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:54:12.0644 0x01e4  Wecsvc - ok
13:54:12.0649 0x01e4  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:54:12.0682 0x01e4  wercplsupport - ok
13:54:12.0687 0x01e4  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:54:12.0720 0x01e4  WerSvc - ok
13:54:12.0723 0x01e4  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:54:12.0752 0x01e4  WfpLwf - ok
13:54:12.0756 0x01e4  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:54:12.0766 0x01e4  WIMMount - ok
13:54:12.0769 0x01e4  WinDefend - ok
13:54:12.0774 0x01e4  WinHttpAutoProxySvc - ok
13:54:12.0778 0x01e4  Winmgmt - ok
13:54:12.0821 0x01e4  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:54:12.0905 0x01e4  WinRM - ok
13:54:12.0914 0x01e4  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
13:54:12.0931 0x01e4  WinUsb - ok
13:54:12.0952 0x01e4  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:54:12.0993 0x01e4  Wlansvc - ok
13:54:12.0998 0x01e4  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:54:13.0007 0x01e4  wlcrasvc - ok
13:54:13.0056 0x01e4  [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:54:13.0116 0x01e4  wlidsvc - ok
13:54:13.0122 0x01e4  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
13:54:13.0135 0x01e4  WmiAcpi - ok
13:54:13.0155 0x01e4  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:54:13.0174 0x01e4  wmiApSrv - ok
13:54:13.0177 0x01e4  WMPNetworkSvc - ok
13:54:13.0181 0x01e4  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:54:13.0196 0x01e4  WPCSvc - ok
13:54:13.0201 0x01e4  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:54:13.0219 0x01e4  WPDBusEnum - ok
13:54:13.0223 0x01e4  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:54:13.0254 0x01e4  ws2ifsl - ok
13:54:13.0258 0x01e4  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:54:13.0280 0x01e4  wscsvc - ok
13:54:13.0284 0x01e4  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
13:54:13.0300 0x01e4  WSDPrintDevice - ok
13:54:13.0304 0x01e4  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\drivers\WSDScan.sys
13:54:13.0316 0x01e4  WSDScan - ok
13:54:13.0319 0x01e4  WSearch - ok
13:54:13.0371 0x01e4  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:54:13.0439 0x01e4  wuauserv - ok
13:54:13.0446 0x01e4  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:54:13.0460 0x01e4  WudfPf - ok
13:54:13.0468 0x01e4  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:54:13.0485 0x01e4  WUDFRd - ok
13:54:13.0490 0x01e4  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:54:13.0507 0x01e4  wudfsvc - ok
13:54:13.0515 0x01e4  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:54:13.0537 0x01e4  WwanSvc - ok
13:54:13.0540 0x01e4  [ 373868EDDAF35568F161FA43167F0A14, E0CBB91CBB12A70013D9D1E421E3B8818938572A0A6DC060159396236CCA753F ] xfiltx64        C:\Windows\system32\drivers\xfiltx64.sys
13:54:13.0553 0x01e4  xfiltx64 - ok
13:54:13.0564 0x01e4  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {B154377D-700F-42cc-9474-23858FBDF4BD} C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl
13:54:13.0575 0x01e4  {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
13:54:13.0577 0x01e4  ================ Scan global ===============================
13:54:13.0580 0x01e4  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:54:13.0589 0x01e4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:54:13.0602 0x01e4  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:54:13.0611 0x01e4  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:54:13.0623 0x01e4  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:54:13.0632 0x01e4  [ Global ] - ok
13:54:13.0633 0x01e4  ================ Scan MBR ==================================
13:54:13.0634 0x01e4  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:54:13.0761 0x01e4  \Device\Harddisk0\DR0 - ok
13:54:13.0761 0x01e4  ================ Scan VBR ==================================
13:54:13.0763 0x01e4  [ E9876ED115D42F2EF0A1657EB30ECA92 ] \Device\Harddisk0\DR0\Partition1
13:54:13.0764 0x01e4  \Device\Harddisk0\DR0\Partition1 - ok
13:54:13.0766 0x01e4  [ E210193BD839FB42CE4A4850E585ABAC ] \Device\Harddisk0\DR0\Partition2
13:54:13.0767 0x01e4  \Device\Harddisk0\DR0\Partition2 - ok
13:54:13.0767 0x01e4  ================ Scan generic autorun ======================
13:54:13.0767 0x01e4  SynTPEnh - ok
13:54:13.0772 0x01e4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\RunDLL32.exe
13:54:13.0788 0x01e4  THXCfg64 - ok
13:54:13.0872 0x01e4  [ 93FD4CF3A08F7C4EACB4E11C8AB617BD, 91B9E09CC64C2E7C8C8319C4914ED5BFBAF13A106B7474BF9C336910E65A94BD ] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
13:54:13.0974 0x01e4  egui - ok
13:54:13.0980 0x01e4  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
13:54:13.0996 0x01e4  ShadowPlay - ok
13:54:14.0001 0x01e4  [ 28062B17191C9450BF6C6C3EF8C7EB27, 4859C5708DFD119021F7B7FFB38F0B316675E1E4D5D51A10D4265F712CF8CDB6 ] C:\Windows\system32\igfxtray.exe
13:54:14.0014 0x01e4  IgfxTray - ok
13:54:14.0024 0x01e4  [ 28FC280487F0BAAE5E8119257C4EEF8C, F574BC70B79B77912FC683B3EB0BE6929E7758284ED5B47008E18B0E4A4A09FD ] C:\Windows\system32\hkcmd.exe
13:54:14.0042 0x01e4  HotKeysCmds - ok
13:54:14.0053 0x01e4  [ F29BEA821C753E4F00177690F70CDC13, 0EDB40F4A4C23553C0288E6E3AD65E7B523F6764C87C6C36C3ECB0C1940C5176 ] C:\Windows\system32\igfxpers.exe
13:54:14.0073 0x01e4  Persistence - ok
13:54:14.0120 0x01e4  [ 05C5CBE5C0C26EFF48AF60639F30F4F5, 29B20E80D0251B488CFAC1576FF9350BB79BDB33667BC5F38DF8B0FB4C7FB17C ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
13:54:14.0174 0x01e4  NvBackend - ok
13:54:14.0179 0x01e4  Ywzuexvuulf - ok
13:54:14.0182 0x01e4  [ F5FBA8724DE219E96D9ABAF4772D31A3, C36CF6E40F831E01BA029B571EFCB46C5EA5A11750D13FE979DDFAE8B916AFFB ] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
13:54:14.0192 0x01e4  RemoteControl9 - ok
13:54:14.0196 0x01e4  [ 5B5D5A7C8B02BE1974AF1CA3317226DA, DB9E19CC22E0E4C8F355F75AF24785A09623E4BD87C7E10F9B4BD9212B69BEDA ] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
13:54:14.0204 0x01e4  BDRegion - ok
13:54:14.0209 0x01e4  [ 9D51EA92A612B37E76E5E4621650C50A, 00BD61C8527A80C0F684882379A0AC2E5A54E8BBECC797087B960CDC8454C373 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
13:54:14.0219 0x01e4  NUSB3MON - ok
13:54:14.0241 0x01e4  [ 048EA4B978851788E9F5E8E4F081DF7A, EB62719AC0DCC18FF056F2CD84438BF14B61E38F0619617C81961C6257BDFCEC ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:54:14.0271 0x01e4  Adobe ARM - ok
13:54:14.0275 0x01e4  [ 46DA8E7484AC7A52CE1D6E428398724B, 540BBAB567E98D0A6810919CA7B2DB95CE3146BB4DFCF9E501228ADEE85F80B9 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
13:54:14.0284 0x01e4  APSDaemon - ok
13:54:14.0289 0x01e4  [ D7936ED15F4AEF0FC33F329D0F21ED46, DA98A45803EEDD63C5053F01D46BB785AE969B313C232F64CE653997144612F2 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
13:54:14.0300 0x01e4  iTunesHelper - ok
13:54:14.0384 0x01e4  [ 26AFC1F16494FFE66F2197153B342A27, 817436E38F832500E120F196941F2F8392B192262E16D5E52CD5DFAC34749C15 ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:54:14.0476 0x01e4  AvastUI.exe - ok
13:54:14.0486 0x01e4  [ 1DE859B82E381A645C44284A5044BC33, 305AE678D3163D57C8E027F94BC553FDFDE7F9A14599EAEC370B0867DE4A9EC2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
13:54:14.0500 0x01e4  SunJavaUpdateSched - ok
13:54:14.0526 0x01e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:54:14.0571 0x01e4  Sidebar - ok
13:54:14.0575 0x01e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:54:14.0595 0x01e4  mctadmin - ok
13:54:14.0621 0x01e4  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:54:14.0660 0x01e4  Sidebar - ok
13:54:14.0665 0x01e4  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:54:14.0683 0x01e4  mctadmin - ok
13:54:14.0683 0x01e4  Auto - ok
13:54:14.0722 0x01e4  [ C368EA4E7312AF32FAD85967777121F4, CE5C7F80E4C24F65D7824BF1EE59E46EF47F39900BDBEE402D8EBD6E8BB2F382 ] C:\Program Files (x86)\Steam\Steam.exe
13:54:14.0764 0x01e4  Steam - ok
13:54:14.0768 0x01e4  [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
13:54:14.0776 0x01e4  swg - ok
13:54:14.0781 0x01e4  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] C:\Users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe
13:54:14.0792 0x01e4  Google Update - ok
13:54:14.0793 0x01e4  Anworks - ok
13:54:14.0794 0x01e4  GoogleDriveSync - ok
13:54:14.0795 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:15.0795 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:16.0795 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:17.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:18.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:19.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:20.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:21.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:22.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:23.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:24.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:25.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:26.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:27.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:28.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:29.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:30.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:31.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:32.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:33.0796 0x01e4  Waiting for KSN requests completion. In queue: 181
13:54:34.0797 0x01e4  Waiting for KSN requests completion. In queue: 181
14:04:07.0197 0x01e4  Win FW state via NFP2: enabled
14:04:07.0805 0x01e4  ============================================================
14:04:07.0805 0x01e4  Scan finished
14:04:07.0805 0x01e4  ============================================================
14:04:07.0811 0x00c4  Detected object count: 3
14:04:07.0811 0x00c4  Actual detected object count: 3
14:04:31.0012 0x00c4  DcomLaunch ( Trojan.Win64.Patched.bj ) - skipped by user
14:04:31.0012 0x00c4  DcomLaunch ( Trojan.Win64.Patched.bj ) - User select action: Skip
14:04:31.0012 0x00c4  FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - skipped by user
14:04:31.0012 0x00c4  FLEXnet Licensing Service 64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
14:04:31.0013 0x00c4  RpcSs ( Trojan.Win64.Patched.bj ) - skipped by user
14:04:31.0013 0x00c4  RpcSs ( Trojan.Win64.Patched.bj ) - User select action: Skip



#5 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 01:23 PM

Here also is a sampling of the active blocks by avast,

 

* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Wednesday, July 30, 2014 2:24:51 PM
*

7/30/2014 2:25:07 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:07 PM    http://calimera-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:07 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:07 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:42 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:42 PM    http://sultan-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:42 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:42 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:42 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:42 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:43 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 2:25:43 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 2:26:19 PM    http://hurghada-search.com/ [L] URL:Mal (0)
7/30/2014 2:26:19 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 2:26:19 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 2:26:43 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:26:54 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:26:56 PM    http://ecored-search.com/ [L] URL:Mal (0)
7/30/2014 2:27:04 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:27:24 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:27:32 PM    http://truth-search.com/ [L] URL:Mal (0)
7/30/2014 2:27:32 PM    http://sultan-search.com/ [L] URL:Mal (0)
7/30/2014 2:27:34 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:27:44 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:28:09 PM    http://junior-search.com/ [L] URL:Mal (0)
7/30/2014 2:28:09 PM    http://cargo-search.com/ [L] URL:Mal (0)
7/30/2014 2:28:14 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 2:28:24 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)

*
* Shield stopped: Wednesday, July 30, 2014 2:28:47 PM
* Run-time was 3 minute(s), 3 second(s)
*

*
* avast! Real-time Shield Scan Report
* This file is generated automatically
*
* Started on: Wednesday, July 30, 2014 5:27:46 PM
*

7/30/2014 5:28:02 PM    http://vision-vaper.su/b/eve/a66e554bd3740e749c4df433 [L] URL:Mal (0)
7/30/2014 5:28:20 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:28:30 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:29:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:29:42 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:29:52 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:30:12 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:30:18 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:18 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:18 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:18 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:18 PM    http://phantom-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:18 PM    http://sultan-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:19 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:19 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:19 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:19 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:19 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:30:23 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:30:33 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:31:04 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:31:14 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://forest-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://beach-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:40 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:31:45 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:32:15 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:32:16 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 5:32:16 PM    http://junior-search.com/ [L] URL:Mal (0)
7/30/2014 5:32:26 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:32:46 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:32:46 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:32:46 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:33:07 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:33:17 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:33:37 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:34:08 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:34:18 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:34:39 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:34:49 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:35:09 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:35:19 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:35:40 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:35:50 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:36:00 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:37:12 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:37:22 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:37:32 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:37:42 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:37:46 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:37:46 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:38:03 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:38:13 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:38:23 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:38:54 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:39:04 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:39:45 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:39:55 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:40:05 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:40:15 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:40:26 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:40:36 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:40:46 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://forest-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://forest-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://ecored-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://recommendation-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://forest-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:55 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:56 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:40:56 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:41:07 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:41:27 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:41:38 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:42:08 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://recommendation-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://ecored-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://available-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:14 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:18 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:42:29 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:42:39 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:42:47 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:42:47 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:42:49 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:42:50 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:50 PM    http://cargo-search.com/ [L] URL:Mal (0)
7/30/2014 5:42:50 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 5:43:20 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:43:30 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:43:40 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://sheikh-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://maxx-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://calimera-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:11 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:12 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:32 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:44:42 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:44:46 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:46 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:46 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:46 PM    http://resorts-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:46 PM    http://documents-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:46 PM    http://resorts-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:47 PM    http://resorts-search.com/ [L] URL:Mal (0)
7/30/2014 5:44:52 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:45:02 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:45:12 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:45:43 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:46:03 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:46:14 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:46:24 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:46:34 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:46:45 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://ecored-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://provide-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 5:46:49 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:47:15 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:47:25 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:47:46 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:47:50 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:47:50 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:48:08 PM    http://resorts-search.com/ [L] URL:Mal (0)
7/30/2014 5:48:08 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 5:48:08 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 5:48:08 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:48:08 PM    http://truth-search.com/ [L] URL:Mal (0)
7/30/2014 5:48:16 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:48:26 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:48:36 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:48:47 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:48:57 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:49:17 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:49:38 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:49:58 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:50:08 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:50:18 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:50:39 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:50:49 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:51:10 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:52:01 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:52:11 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:52:21 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:52:31 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:52:42 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:52:51 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:52:51 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:53:02 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:53:33 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:53:43 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:53:53 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:54:03 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:54:24 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:54:34 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:54:54 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:55:05 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:55:15 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:55:56 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:56:06 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:56:16 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:56:36 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:56:47 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:56:57 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:57:17 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:57:28 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:57:38 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:57:56 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:57:57 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 5:57:58 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://calimera-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://sultan-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:02 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 5:58:29 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 5:58:49 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://calimera-search.com/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://forest-search.com/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://baron-search.com/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://sitemap-search.com/ [L] URL:Mal (0)
7/30/2014 5:59:00 PM    http://baron-search.com/ [L] URL:Mal (0)
7/30/2014 5:59:30 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:00:21 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:00:41 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:01:02 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:01:14 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:01:34 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:01:54 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:02:04 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:02:15 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:02:25 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:02:35 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:02:45 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:02:56 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:03:03 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:03:03 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:03:06 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:03:26 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:04:07 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:04:18 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:04:20 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:20 PM    http://sitemap-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:20 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:20 PM    http://recommendation-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:20 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:20 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://perimeter-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://maxx-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://companies-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://bubblegum-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://phantom-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://phantom-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://thousands-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://thousands-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://phantom-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://thousands-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:21 PM    http://blues-search.com/ [L] URL:Mal (0)
7/30/2014 6:04:39 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:04:49 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:05:00 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:05:10 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:05:20 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:05:51 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:06:11 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:06:42 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:06:52 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:07:12 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:07:23 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:07:43 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:08:10 PM    http://companies-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://maxx-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://phantom-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://convoy-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://cargo-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://thousands-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://aqua-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://documents-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://username-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:11 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 6:08:18 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:08:18 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:08:55 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:09:05 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:09:36 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:09:46 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:10:06 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:10:17 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:10:57 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:11:18 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:11:38 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:11:48 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:12:04 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:12:09 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:12:40 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:12:50 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:13:21 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:13:25 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:13:25 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:13:31 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:13:41 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:14:02 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:14:22 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:14:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:14:52 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:15:03 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:15:13 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:15:23 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:15:34 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:15:54 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:16:04 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:16:14 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:16:25 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:16:45 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:17:05 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:17:26 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:18:17 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:18:27 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:18:27 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://projects-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://rixos-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://cargo-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://grand-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://provide-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://cleopatra-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://junior-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://junior-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://sheikh-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://junior-search.com/ [L] URL:Mal (0)
7/30/2014 6:18:37 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:18:47 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:18:57 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:19:08 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:19:38 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:19:48 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:20:09 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:20:13 PM    http://thousands-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:13 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:13 PM    http://resorts-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:13 PM    http://truth-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:19 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:20:40 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:20:50 PM    http://country-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:50 PM    http://country-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:50 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:20:50 PM    http://country-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:50 PM    http://country-search.com/ [L] URL:Mal (0)
7/30/2014 6:20:50 PM    http://country-search.com/ [L] URL:Mal (0)
7/30/2014 6:21:10 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:21:20 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:21:30 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:21:41 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:32 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:38 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:48 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:27:58 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:28:19 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:28:28 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:28:28 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://companies-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://recommendation-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://truth-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://satisfaction-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://junior-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://thousands-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://recommendation-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://diseases-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:36 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:28:39 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:29:00 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:29:20 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:29:36 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:29:41 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:29:51 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:30:01 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:30:11 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:30:32 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:30:47 PM    http://truth-search.com/ [L] URL:Mal (0)
7/30/2014 6:30:47 PM    http://companies-search.com/ [L] URL:Mal (0)
7/30/2014 6:30:47 PM    http://travels-search.com/ [L] URL:Mal (0)
7/30/2014 6:30:47 PM    http://documents-search.com/ [L] URL:Mal (0)
7/30/2014 6:30:52 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:31:02 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:31:33 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:31:43 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:31:54 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:32:04 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:32:14 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:33:15 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:33:29 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:33:29 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:33:36 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:33:56 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:35:17 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:35:27 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:35:37 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:36:28 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:36:38 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:36:49 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:37:19 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:37:40 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:37:50 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:38:20 PM    http://trottilez-x8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:38:29 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:38:29 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:38:41 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://phantom-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://truth-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://services-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://victory-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://lereve-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://companies-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://ownership-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://report-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://bubblegum-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://aquariums-search.com/ [L] URL:Mal (0)
7/30/2014 6:38:51 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:39:12 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:39:32 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:39:42 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:39:52 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:40:13 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:40:23 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:40:33 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:40:43 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:41:24 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:41:31 PM    http://submission-search.com/ [L] URL:Mal (0)
7/30/2014 6:41:31 PM    http://hilton-search.com/ [L] URL:Mal (0)
7/30/2014 6:41:44 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:42:05 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:42:15 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:42:35 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:42:37 PM    http://companies-search.com/ [L] URL:Mal (0)
7/30/2014 6:42:37 PM    http://helped-search.com/ [L] URL:Mal (0)
7/30/2014 6:42:46 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:42:56 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:43:06 PM    http://grom-biz8.biz/task/3037/ [L] URL:Mal (0)
7/30/2014 6:43:16 PM    http://forteen-meters7.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:43:27 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:43:29 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:43:29 PM    http://carenntolem8.biz/online/526/ [L] URL:Mal (0)
7/30/2014 6:43:37 PM    http://jubmoz788.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:43:57 PM    http://jolliz6776.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:44:07 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)
7/30/2014 6:44:17 PM    http://delphoner5.me/task/3037/ [L] URL:Mal (0)



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 31 July 2014 - 01:28 PM

You've been hit by quite a few different malware...

Please do this to start with:
  • Start FRST with Administrator privileges.
  • Write the following text into the Search: textbox:
    rpcss.dll
  • Click on the Search File(s) button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Edited by aharonov, 31 July 2014 - 01:28 PM.


#7 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 02:26 PM

Here is that information.

 

Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Mickey at 2014-07-31 15:25:11
Running from C:\Users\Mickey\Downloads
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 23:24][2010-11-20 23:24] 0528384 ____A (Microsoft Corporation) 7A001AC0DE8A7385AAECE1CD9C98D42C

====== End Of Search ======



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 31 July 2014 - 02:36 PM

Ok.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#9 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 03:54 PM

Hello, i have attempted to run combofix following the guide, but the program is getting caught up after the registery backup phase.  To be specific, after the registery backup no new entries are made in the black field, the progress bar sits at about 50% for one second then zips to about 95% then the window closes without anything else happening.



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 31 July 2014 - 03:56 PM

That's strange. Can you please reboot the computer and try again to run Combofix?

#11 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 04:17 PM

I have rebooted both through a restart and a shutdown for a minute then startup and the same result occurs.



#12 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 04:19 PM

Wait no, this last time after a delay the program is doing something. hold on will update.



#13 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 04:43 PM

ComboFix 14-07-31.02 - Mickey 07/31/2014  17:20:51.1.8 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7076.3371 [GMT -4:00]
Running from: c:\users\Mickey\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mickey\AppData\Local\Microsoft\Windows\Temporary Internet Files\BrowseMark_iels
c:\users\Mickey\AppData\Roaming\kdgemxw.dll
c:\users\Mickey\AppData\Roaming\Teurex
c:\users\Mickey\AppData\Roaming\Teurex\ryem.exe
c:\windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-06-28 to 2014-07-31  )))))))))))))))))))))))))))))))
.
.
2014-07-31 21:29 . 2014-07-31 21:29    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-07-31 21:19 . 2014-07-02 03:09    10924376    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FD7AC6C-8A7D-4888-AD2A-87C48E9E71EE}\mpengine.dll
2014-07-31 06:30 . 2014-07-31 20:52    --------    d-----w-    c:\users\Mickey\AppData\Local\CrashDumps
2014-07-31 05:34 . 2014-07-31 05:38    30312    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2014-07-31 05:34 . 2014-07-31 05:34    --------    d-----w-    c:\programdata\RogueKiller
2014-07-31 03:45 . 2014-07-31 03:45    --------    d-----w-    c:\users\Mickey\AppData\Roaming\Oracle
2014-07-31 03:44 . 2010-08-30 12:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-07-31 03:43 . 2014-07-31 03:52    --------    d-----w-    C:\AdwCleaner
2014-07-31 03:41 . 2014-07-31 03:41    --------    d-----w-    c:\programdata\Oracle
2014-07-31 03:41 . 2014-07-31 03:41    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-07-31 03:41 . 2014-07-11 07:02    98216    ----a-w-    c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-31 03:33 . 2014-07-31 19:24    --------    d-----w-    C:\FRST
2014-07-30 18:25 . 2014-07-30 18:25    --------    d-----w-    c:\users\Mickey\AppData\Roaming\AVAST Software
2014-07-30 18:24 . 2014-07-30 18:24    92008    ----a-w-    c:\windows\system32\drivers\aswStm.sys
2014-07-30 18:24 . 2014-07-30 18:24    224896    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-07-30 18:24 . 2014-07-30 18:24    427360    ----a-w-    c:\windows\system32\drivers\aswsp.sys
2014-07-30 18:24 . 2014-07-30 18:24    79184    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-07-30 18:24 . 2014-07-30 18:24    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-07-30 18:24 . 2014-07-30 18:24    29208    ----a-w-    c:\windows\system32\drivers\aswHwid.sys
2014-07-30 18:24 . 2014-07-30 18:24    1041168    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-07-30 18:24 . 2014-07-30 18:24    93568    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-07-30 18:24 . 2014-07-30 18:24    307344    ----a-w-    c:\windows\system32\aswBoot.exe
2014-07-30 18:24 . 2014-07-30 18:24    43152    ----a-w-    c:\windows\avastSS.scr
2014-07-30 18:15 . 2014-07-30 18:15    --------    d-----w-    c:\program files\AVAST Software
2014-07-30 18:14 . 2014-07-30 18:15    --------    d-----w-    c:\programdata\AVAST Software
2014-07-30 17:07 . 2014-07-30 17:07    --------    d-----w-    c:\program files (x86)\ESET
2014-07-30 01:30 . 2014-07-30 16:43    --------    d-----w-    c:\users\Mickey\AppData\Roaming\Hydihaef
2014-07-30 00:12 . 2014-07-30 16:43    --------    d-----w-    c:\users\Mickey\AppData\Roaming\Hokuyqoq
2014-07-30 00:11 . 2014-07-30 16:24    --------    d-----w-    c:\users\Mickey\AppData\Roaming\Gyux
2014-07-19 10:22 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\IlavhUfezs
2014-07-19 09:20 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\OcegAglel
2014-07-19 07:47 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\ObawVodze
2014-07-19 02:57 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\UlasoWutro
2014-07-17 13:33 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\IfekQitso
2014-07-17 10:27 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\AwquvOlcik
2014-07-17 04:57 . 2014-07-17 04:57    --------    d-----w-    c:\programdata\Riot Games
2014-07-17 00:09 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\IlfujYehwu
2014-07-16 21:19 . 2014-07-29 05:10    --------    d-----w-    c:\programdata\AttiPlamb
2014-07-09 04:08 . 2014-06-03 10:02    1719296    ----a-w-    c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 04:03 . 2014-06-05 14:45    1460736    ----a-w-    c:\windows\system32\lsasrv.dll
2014-07-09 04:03 . 2014-06-05 14:26    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2014-07-09 04:03 . 2014-06-05 14:25    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-11 17:44 . 2012-08-10 19:07    96441528    ----a-w-    c:\windows\system32\MRT.exe
2014-06-04 22:18 . 2013-02-16 01:22    50464    ----a-w-    c:\windows\system32\drivers\avgtpx64.sys
2014-05-08 09:32 . 2014-06-12 07:57    3178496    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 07:57    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[-] 2010-11-21 . 7A001AC0DE8A7385AAECE1CD9C98D42C . 528384 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-07-16 1753280]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-31 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-03-19 75048]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-31 4085896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hotkey.lnk - c:\program files (x86)\Hotkey\Hotkey.exe [2011-1-28 3075072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys;c:\windows\SYSNATIVE\drivers\asahci64.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\System32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 BTMHID;BTMHID;c:\windows\system32\drivers\btmhid.sys;c:\windows\SYSNATIVE\drivers\btmhid.sys [x]
R3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 Disc Soft Bus Service;Disc Soft Bus Service;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe;c:\program files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 fttxr5_O;fttxr5_O;c:\windows\system32\drivers\fttxr5_O.sys;c:\windows\SYSNATIVE\drivers\fttxr5_O.sys [x]
R3 fttxr52P;fttxr52P;c:\windows\system32\drivers\fttxr52P.sys;c:\windows\SYSNATIVE\drivers\fttxr52P.sys [x]
R3 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys;c:\windows\SYSNATIVE\drivers\mv61xx.sys [x]
R3 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys;c:\windows\SYSNATIVE\drivers\mv91xx.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 viamrx64;viamrx64;c:\windows\system32\drivers\viamrx64.sys;c:\windows\SYSNATIVE\drivers\viamrx64.sys [x]
R3 videX64;videX64;c:\windows\system32\drivers\videX64.sys;c:\windows\SYSNATIVE\drivers\videX64.sys [x]
R3 ViPrtX64;ViPrtX64;c:\windows\system32\drivers\ViPrtX64.sys;c:\windows\SYSNATIVE\drivers\ViPrtX64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\drivers\johci.sys;c:\windows\SYSNATIVE\drivers\johci.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 ViBusX64;ViBusX64;c:\windows\system32\drivers\ViBusX64.sys;c:\windows\SYSNATIVE\drivers\ViBusX64.sys [x]
S0 xfiltx64;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfiltx64.sys;c:\windows\SYSNATIVE\drivers\xfiltx64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/16 23:35];c:\program files (x86)\CyberLink\PowerDVD9\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\000.fcl [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 dtscsibus;DAEMON Tools Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtscsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtscsibus.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys;c:\windows\SYSNATIVE\DRIVERS\JME.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys;c:\windows\SYSNATIVE\DRIVERS\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys;c:\windows\SYSNATIVE\DRIVERS\tixhci.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 18:44]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 18:44]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001Core.job
- c:\users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-12 04:48]
.
2014-07-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-868025771-2946992039-2155595165-1001UA.job
- c:\users\Mickey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-12 04:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-30 18:24    634872    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2010-09-14 25600]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pclportal.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: {{bd707fe6-39f6-4bda-9265-86a76719bdc5} - c:\program files\Motorola\Bluetooth\btmiesend.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Anworks - c:\users\Mickey\AppData\Local\Anworks\CNHW06A.dll
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKCU-Run-ryem.exe - c:\users\Mickey\AppData\Roaming\Teurex\ryem.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk - c:\windows\Installer\{13061CAA-0284-4F9A-B460-3D4699575B35}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Ywzuexvuulf - c:\users\Mickey\AppData\Roaming\Hokuyqoq\efbuo.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Synaptics\Scrybe\scrybe.exe
.
**************************************************************************
.
Completion time: 2014-07-31  17:41:55 - machine was rebooted
ComboFix-quarantined-files.txt  2014-07-31 21:41
.
Pre-Run: 11,942,154,240 bytes free
Post-Run: 27,581,104,128 bytes free
.
- - End Of File - - 25BC6698B8831F0B74D1EF944799F61F



#14 jlbob

jlbob
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:14 PM

Posted 31 July 2014 - 04:49 PM

I should also say that after nothing happened i re-enabled active eset but as soon as something started to happen i disabled it again for the scan.  I didn't however, think to disable windows defender



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 AM

Posted 01 August 2014 - 01:46 AM

Very good!
These are the next steps for you. Do you still get these avast block alerts afterwards?


Step 1

Please download this attached Attached File  fixlist.txt   3.96KB   6 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users