Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple dllhost.exe *32 and chrome.exe *32 processes - virus not detected


  • This topic is locked This topic is locked
15 replies to this topic

#1 hackr

hackr

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 10:08 AM

Hi...my dell laptop is infected with something that is launching multiple dllhoste.exe and chrome.exe processes...the cpu is also running between 90-100%...running avast and it is catching random blocks of objects using the iexplore process...ran avast, avg scans to no avail...

 

appreciate any help...

 

thanks...R



BC AdBot (Login to Remove)

 


#2 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 10:22 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16866  BrowserJavaVersion: 10.25.2
Run by Rob at 11:15:01 on 2014-09-06
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7991.3198 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
C:\Program Files (x86)\BatteryCare\BatteryCare.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [AzarSohna] regsvr32.exe "C:\ProgramData\AzarSohna\AzarSohna.dat"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [SignIn] "C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe" /autorun
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [{2473955c-6075-0231-9d13-7652ef586d45}] "C:\Users\Rob\AppData\Local\Microsoft\{2473955c-6075-0231-9d13-7652ef586d45}\{2473955c-6075-0231-9d13-7652ef586d45}.exe"
mRun: [{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}] "C:\Users\Rob\AppData\Local\Microsoft\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mExplorerRun: [{2473955c-6075-0231-9d13-7652ef586d45}] "C:\Users\Rob\AppData\Local\Microsoft\{2473955c-6075-0231-9d13-7652ef586d45}\{2473955c-6075-0231-9d13-7652ef586d45}.exe"
mExplorerRun: [{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}] "C:\Users\Rob\AppData\Local\Microsoft\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}.exe"
StartupFolder: C:\Users\Rob\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TOTALM~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: HideSCAPower = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: microsoftonline.com
Trusted Zone: sharepoint.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{80460091-7005-4886-9BCA-E0F67F9B0DA5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3}\155716C696479794E6E6F523 : DHCPNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3}\155716C696479794E6E6F573 : DHCPNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3}\155716C696479794E6E6F583 : DHCPNameServer = 24.92.226.11 24.92.226.12
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3}\4556272797C616E6460275962756C6563737 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3}\649435D2233303 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AC20A89E-D5A7-418B-A3A9-0CA28BA8D5A3}\84563423030303 : DHCPNameServer = 24.92.226.12 24.92.226.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli DPPWDFLT
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: DigitalPersona Fingerprint Software Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
x64-Run: [MFNetworkScanUtility] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
x64-DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
x64-DPF: {89A32C64-6176-4D10-BCA3-10B0079818FA} - hxxps://msft4.businesscloud.blackberry.com/webconsole/RIMWebComponents.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-9-2 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-9-2 224896]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-1-12 14456]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-3-30 55856]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2011-3-30 21616]
R1 ArcCtrl;ArcCtrl;C:\Windows\System32\drivers\ArcCtrl.sys [2014-8-23 3315392]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-9-2 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-9-2 427360]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-9-2 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-9-2 79184]
R2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-9-2 92008]
R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2011-3-30 27760]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-3-30 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-3-30 158976]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-3-30 222208]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 cpuz135;cpuz135;C:\Users\Rob\Documents\0_RH_files\cpuid\pc-wizard_2012.2.11\pcwiz_x64.sys [2012-8-11 24368]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-3-30 172704]
S3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);C:\Windows\System32\drivers\d554bus.sys [2011-3-30 118272]
S3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;C:\Windows\System32\drivers\d554gps64.sys [2011-3-30 96296]
S3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);C:\Windows\System32\drivers\d554mgmt.sys [2011-3-30 141312]
S3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);C:\Windows\System32\drivers\d554unic.sys [2011-3-30 153600]
S3 d557bus;Dell Wireless 5540 HSPA Mini-Card Device (Win7);C:\Windows\System32\drivers\d557bus.sys [2011-3-30 328704]
S3 d557mgmt;Dell Wireless 5540 HSPA Mini-Card Device Management (Win7);C:\Windows\System32\drivers\d557mgmt.sys [2011-3-30 376320]
S3 ecnssndis;Service for enabling selective suspend to NDIS device;C:\Windows\System32\drivers\wwuss64.sys [2011-3-30 12800]
S3 ecnssndisfltr;SSNDIS filter service;C:\Windows\System32\drivers\wwussf64.sys [2011-3-30 17408]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\System32\drivers\i1display_x64.sys [2005-12-14 7808]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2012-12-15 32152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-24 19456]
S3 SeqCal;SeqCal;C:\Windows\System32\drivers\SeqCal.sys [2014-2-13 7808]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-24 57856]
S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2012-12-18 16384]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [2013-10-13 14544]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-09-06 02:19:11 -------- d-----w- C:\ProgramData\AzarSohna
2014-09-06 02:18:39 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-09-04 02:08:27 -------- d-----w- C:\FRST
2014-09-04 00:45:11 -------- d-----w- C:\Program Files (x86)\ESET
2014-09-03 03:06:00 -------- d-----w- C:\Users\Rob\AppData\Roaming\AVAST Software
2014-09-03 02:59:36 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-09-03 02:59:36 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-09-03 02:59:36 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-09-03 02:59:36 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-09-03 02:59:36 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-09-03 02:59:36 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-09-03 02:59:36 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-09-03 02:59:24 43152 ----a-w- C:\Windows\avastSS.scr
2014-09-03 02:46:03 -------- d-----w- C:\Program Files\AVAST Software
2014-09-03 02:16:16 -------- d-----w- C:\ProgramData\AVAST Software
2014-08-24 23:25:52 21504 ----a-w- C:\Program Files (x86)\Internet Explorer\version1.dll
2014-08-24 03:03:16 80488 ----a-w- C:\Windows\System32\MMCEDT6.exe
2014-08-24 03:03:16 3315392 ----a-w- C:\Windows\System32\drivers\ArcCtrl.sys
2014-08-22 22:47:09 -------- d-----w- C:\Users\Rob\AppData\Local\CottonModel
2014-08-22 22:46:46 -------- d-----w- C:\Program Files (x86)\Brother
2014-08-16 02:32:03 -------- d-----w- C:\BMTechnic
2014-08-16 02:29:55 -------- d-----w- C:\ProgramData\NetworkHostTask
2014-08-16 02:20:54 -------- d-----w- C:\ProgramData\UpdateCommon
2014-08-16 02:20:47 -------- d-----w- C:\ProgramData\Online
2014-08-16 02:20:45 -------- d-----w- C:\Users\Rob\AppData\Roaming\serv
2014-08-16 02:20:45 -------- d-----w- C:\Users\Rob\AppData\Roaming\device
2014-08-15 23:27:49 -------- d-----w- C:\Users\Rob\AppData\Local\Garmin
2014-08-15 23:26:59 -------- d-----w- C:\ProgramData\Garmin
.
==================== Find3M  ====================
.
2014-07-22 01:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-06-30 16:43:02 152344 ----a-w- C:\Windows\System32\drivers\avgdiska.sys
2014-06-27 06:59:02 131856 ----a-w- C:\Windows\System32\drivers\scdemu.sys
2014-06-17 20:21:34 235800 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2014-06-17 20:07:12 328984 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2014-06-17 20:06:58 269080 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 11:19:34.50 ===============


#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 06 September 2014 - 11:54 AM

Hi there,

please run the following scans:


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#4 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 12:22 PM

TDSSkiller log:

 

13:06:08.0439 0x2160  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
13:06:16.0660 0x2160  ============================================================
13:06:16.0661 0x2160  Current date / time: 2014/09/06 13:06:16.0660
13:06:16.0661 0x2160  SystemInfo:
13:06:16.0661 0x2160  
13:06:16.0661 0x2160  OS Version: 6.1.7601 ServicePack: 1.0
13:06:16.0661 0x2160  Product type: Workstation
13:06:16.0661 0x2160  ComputerName: DGYYPP1
13:06:16.0661 0x2160  UserName: Rob
13:06:16.0661 0x2160  Windows directory: C:\Windows
13:06:16.0661 0x2160  System windows directory: C:\Windows
13:06:16.0661 0x2160  Running under WOW64
13:06:16.0661 0x2160  Processor architecture: Intel x64
13:06:16.0661 0x2160  Number of processors: 4
13:06:16.0661 0x2160  Page size: 0x1000
13:06:16.0661 0x2160  Boot type: Normal boot
13:06:16.0661 0x2160  ============================================================
13:06:19.0214 0x2160  KLMD registered as C:\Windows\system32\drivers\67059329.sys
13:06:21.0468 0x2160  System UUID: {DAD1315B-3044-8E4F-0AA8-4D71F7BBF584}
13:06:25.0169 0x2160  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:06:25.0192 0x2160  Drive \Device\Harddisk1\DR1 - Size: 0x3B880000 ( 0.93 Gb ), SectorSize: 0x200, Cylinders: 0x79, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:06:25.0194 0x2160  ============================================================
13:06:25.0194 0x2160  \Device\Harddisk0\DR0:
13:06:25.0197 0x2160  MBR partitions:
13:06:25.0197 0x2160  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3882C800
13:06:25.0197 0x2160  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3882D000, BlocksNum 0x1B58800
13:06:25.0197 0x2160  \Device\Harddisk1\DR1:
13:06:25.0198 0x2160  MBR partitions:
13:06:25.0198 0x2160  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x81, BlocksNum 0x1DC37F
13:06:25.0198 0x2160  ============================================================
13:06:25.0330 0x2160  C: <-> \Device\Harddisk0\DR0\Partition1
13:06:25.0553 0x2160  D: <-> \Device\Harddisk0\DR0\Partition2
13:06:26.0807 0x2160  ============================================================
13:06:26.0808 0x2160  Initialize success
13:06:26.0808 0x2160  ============================================================
13:07:21.0733 0x123c  ============================================================
13:07:21.0733 0x123c  Scan started
13:07:21.0733 0x123c  Mode: Manual; SigCheck; TDLFS; 
13:07:21.0733 0x123c  ============================================================
13:07:21.0733 0x123c  KSN ping started
13:07:25.0351 0x123c  KSN ping finished: true
13:07:34.0512 0x123c  ================ Scan system memory ========================
13:07:34.0512 0x123c  System memory - ok
13:07:34.0513 0x123c  ================ Scan services =============================
13:07:34.0670 0x123c  [ 581D88B25C4D4121824FED2CA38E562F, 838FFC4270ED32858A4AC14B389DEA1ECCCAAFC94BEAF683F8976B5F5A91DD15 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
13:07:35.0002 0x123c  !SASCORE - detected UnsignedFile.Multi.Generic ( 1 )
13:07:38.0129 0x123c  Detect skipped due to KSN trusted
13:07:38.0129 0x123c  !SASCORE - ok
13:07:39.0076 0x123c  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
13:07:39.0465 0x123c  1394ohci - ok
13:07:39.0512 0x123c  [ 4216C0208B4B4F6334DD6C1779BFAD7B, CB5E9200D2379E87584D957F8DC1372982948C93591CA6727CEB0F09784FDDE8 ] Acceler         C:\Windows\system32\DRIVERS\Accelern.sys
13:07:39.0689 0x123c  Acceler - ok
13:07:39.0739 0x123c  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:07:39.0896 0x123c  ACPI - ok
13:07:39.0979 0x123c  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
13:07:40.0260 0x123c  AcpiPmi - ok
13:07:41.0149 0x123c  [ EEA4C099FA7DE4FBD54756C33BAF14D5, 9861BFAE0290E0BA7A0B50BBE7593BF36B63E565AEEFBD8980AE22A22BFAE703 ] ADExchange      C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
13:07:41.0215 0x123c  ADExchange - ok
13:07:41.0454 0x123c  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
13:07:41.0667 0x123c  adp94xx - ok
13:07:41.0920 0x123c  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
13:07:41.0974 0x123c  adpahci - ok
13:07:42.0012 0x123c  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
13:07:42.0087 0x123c  adpu320 - ok
13:07:42.0235 0x123c  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
13:07:42.0383 0x123c  AeLookupSvc - ok
13:07:42.0606 0x123c  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
13:07:43.0138 0x123c  AESTFilters - ok
13:07:46.0926 0x123c  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
13:07:47.0190 0x123c  AFD - ok
13:07:47.0245 0x123c  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
13:07:47.0579 0x123c  agp440 - ok
13:07:47.0683 0x123c  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
13:07:47.0760 0x123c  ALG - ok
13:07:47.0817 0x123c  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
13:07:47.0848 0x123c  aliide - ok
13:07:47.0891 0x123c  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
13:07:47.0922 0x123c  amdide - ok
13:07:48.0017 0x123c  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
13:07:48.0185 0x123c  AmdK8 - ok
13:07:48.0207 0x123c  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
13:07:48.0357 0x123c  AmdPPM - ok
13:07:48.0383 0x123c  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:07:48.0454 0x123c  amdsata - ok
13:07:48.0509 0x123c  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
13:07:48.0549 0x123c  amdsbs - ok
13:07:48.0580 0x123c  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:07:48.0645 0x123c  amdxata - ok
13:07:48.0692 0x123c  [ 363571BC0C79E394E69300D1F2E3DDAE, 4C9DDB848900081D95C14026B0E7B84419867685506E616E1FDA1B79B1FD224B ] androidusb      C:\Windows\system32\Drivers\androidusb.sys
13:07:48.0833 0x123c  androidusb - ok
13:07:48.0885 0x123c  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
13:07:49.0280 0x123c  AppID - ok
13:07:49.0347 0x123c  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:07:49.0461 0x123c  AppIDSvc - ok
13:07:49.0509 0x123c  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
13:07:49.0683 0x123c  Appinfo - ok
13:07:49.0750 0x123c  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:07:49.0987 0x123c  AppMgmt - ok
13:07:50.0019 0x123c  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
13:07:50.0144 0x123c  arc - ok
13:07:50.0458 0x123c  [ F7101A22FB38296FABE70DF90F30FB99, E16255DE6E7F78C88C6B0D86712BE89F53961E21B3065C627BB2C7803A485EC5 ] ArcCtrl         C:\Windows\system32\drivers\ArcCtrl.sys
13:07:50.0638 0x123c  ArcCtrl - ok
13:07:50.0714 0x123c  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
13:07:50.0755 0x123c  arcsas - ok
13:07:50.0925 0x123c  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:07:51.0021 0x123c  aspnet_state - ok
13:07:51.0075 0x123c  [ D95E64416A4A3ED6986E0F474DA934BD, DBB4A0DED0DABE1F8FF0DB8C0E9EC4EC906A85A45DC0AEC013A8744F9BF5D40E ] aswHwid         C:\Windows\system32\drivers\aswHwid.sys
13:07:51.0176 0x123c  aswHwid - ok
13:07:51.0208 0x123c  [ FF1E537A3632CBB9A0BF72B9FD0878D5, B26E6A1F6E6FA5280A12861EFAD44D8F49353F47B21843EBA73E149CF613DCBC ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
13:07:51.0333 0x123c  aswMonFlt - ok
13:07:51.0371 0x123c  [ A5757DE5F9C83AB40667A53D5126EA40, 58B72B1B126CF641188703CE82E26BEB0C41AD7587CFFCCCE9E3C64CC7AACC90 ] aswRdr          C:\Windows\system32\drivers\aswRdr2.sys
13:07:51.0461 0x123c  aswRdr - ok
13:07:51.0478 0x123c  [ 645D97385F3F284FB5604F9B970F4D24, 15A9D7F0F4C1062210E4E744A9069B8645177D19F35B8740D74022639DC05F2E ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
13:07:51.0696 0x123c  aswRvrt - ok
13:07:51.0778 0x123c  [ B8FDEDE963B82CFD23B3A53A3084666D, 3537E5B684FB6F0AA589A5FA7CD111E1744DF384AB1A266D4114100F104ED11B ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
13:07:51.0863 0x123c  aswSnx - ok
13:07:51.0968 0x123c  [ 0DEDC041DF594AEC2C3BD00417CFAF60, 0D3A8924503986546EE256D185225C0B080FDB6B0C8B0BED7516B07A7334371B ] aswSP           C:\Windows\system32\drivers\aswSP.sys
13:07:52.0060 0x123c  aswSP - ok
13:07:52.0105 0x123c  [ 48DED912CDE54FC0923B9858512366E1, 9B216B934408A7CB3CE2B41240B7EF01EAA3BC066211B784064FF8AC97A29B4E ] aswStm          C:\Windows\system32\drivers\aswStm.sys
13:07:52.0140 0x123c  aswStm - ok
13:07:52.0173 0x123c  [ 471A311745848B80339436688A8286E6, E51C57236CEC19AC38E85D115DB97875517D837811188AD2E53FA49055B53890 ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
13:07:52.0242 0x123c  aswVmm - ok
13:07:52.0296 0x123c  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
13:07:52.0478 0x123c  AsyncMac - ok
13:07:52.0597 0x123c  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:07:52.0716 0x123c  atapi - ok
13:07:53.0379 0x123c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:07:53.0497 0x123c  AudioEndpointBuilder - ok
13:07:53.0524 0x123c  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
13:07:53.0635 0x123c  AudioSrv - ok
13:07:53.0954 0x123c  [ 73F5C13B431915BAE35254B4E95DFB71, 393A045859382C44133C004598B1512048046BCC129FED2247A77FDBFCDB6DFF ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:07:54.0019 0x123c  avast! Antivirus - ok
13:07:54.0085 0x123c  [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
13:07:54.0120 0x123c  Avgdiska - ok
13:07:54.0474 0x123c  [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
13:07:54.0652 0x123c  AVGIDSAgent - ok
13:07:54.0717 0x123c  [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
13:07:54.0767 0x123c  AVGIDSDriver - ok
13:07:54.0817 0x123c  AVGIDSHA - ok
13:07:54.0860 0x123c  [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
13:07:54.0921 0x123c  Avgldx64 - ok
13:07:54.0980 0x123c  [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
13:07:55.0015 0x123c  Avgloga - ok
13:07:55.0037 0x123c  Avgmfx64 - ok
13:07:55.0050 0x123c  Avgrkx64 - ok
13:07:55.0124 0x123c  [ 0971913995F5FAFD711B0B2426A175E9, 1009E628997B56697BA976E376A9E9D39082E7057D6EFF37D57FDCA2057B9498 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
13:07:55.0175 0x123c  Avgtdia - ok
13:07:55.0299 0x123c  [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
13:07:55.0338 0x123c  avgwd - ok
13:07:55.0395 0x123c  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:07:55.0590 0x123c  AxInstSV - ok
13:07:55.0681 0x123c  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
13:07:55.0770 0x123c  b06bdrv - ok
13:07:55.0803 0x123c  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
13:07:55.0894 0x123c  b57nd60a - ok
13:07:56.0148 0x123c  [ 0B0DF4CD7C2C188C95C4E09C568AD54A, BB050A3E7DC6B56CA2FC169853FAB16A94058F403B329FCE8634B7BC06B309F7 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
13:07:56.0307 0x123c  BCM43XX - ok
13:07:56.0392 0x123c  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:07:57.0452 0x123c  BDESVC - ok
13:07:57.0508 0x123c  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
13:07:57.0740 0x123c  Beep - ok
13:07:57.0877 0x123c  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
13:07:58.0010 0x123c  BFE - ok
13:07:58.0134 0x123c  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
13:07:58.0338 0x123c  BITS - ok
13:07:58.0444 0x123c  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
13:07:58.0745 0x123c  blbdrive - ok
13:07:58.0851 0x123c  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:07:59.0197 0x123c  bowser - ok
13:07:59.0218 0x123c  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:07:59.0433 0x123c  BrFiltLo - ok
13:07:59.0464 0x123c  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:07:59.0752 0x123c  BrFiltUp - ok
13:07:59.0814 0x123c  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
13:08:00.0010 0x123c  Browser - ok
13:08:00.0055 0x123c  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
13:08:00.0194 0x123c  Brserid - ok
13:08:00.0219 0x123c  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
13:08:00.0344 0x123c  BrSerWdm - ok
13:08:00.0373 0x123c  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
13:08:00.0499 0x123c  BrUsbMdm - ok
13:08:00.0527 0x123c  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
13:08:00.0626 0x123c  BrUsbSer - ok
13:08:00.0653 0x123c  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
13:08:00.0745 0x123c  BTHMODEM - ok
13:08:00.0820 0x123c  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
13:08:00.0938 0x123c  bthserv - ok
13:08:00.0985 0x123c  [ 5C849BD7C78791C5CEE9F4651D7FE38D, BC93A1B911FB4A44EC4DB64AF9AFC6F2013CD76BFB6FA9E4834CFDAAAF4BCD9F ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
13:08:01.0075 0x123c  btwavdt - ok
13:08:01.0094 0x123c  [ 3E1991AFA851A36DC978B0A1B0535C8B, F55F7FDDD2A71532F163E4F14B26A09DCDB7C970E806D803418D4CE0DFF09FB6 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
13:08:01.0180 0x123c  btwrchid - ok
13:08:01.0220 0x123c  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:08:01.0403 0x123c  cdfs - ok
13:08:01.0492 0x123c  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
13:08:01.0588 0x123c  cdrom - ok
13:08:01.0635 0x123c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:08:01.0804 0x123c  CertPropSvc - ok
13:08:01.0839 0x123c  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
13:08:01.0914 0x123c  circlass - ok
13:08:01.0977 0x123c  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
13:08:02.0021 0x123c  CLFS - ok
13:08:02.0223 0x123c  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:08:02.0282 0x123c  clr_optimization_v2.0.50727_32 - ok
13:08:02.0385 0x123c  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:08:02.0428 0x123c  clr_optimization_v2.0.50727_64 - ok
13:08:02.0538 0x123c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:08:02.0696 0x123c  clr_optimization_v4.0.30319_32 - ok
13:08:02.0732 0x123c  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:08:02.0775 0x123c  clr_optimization_v4.0.30319_64 - ok
13:08:02.0838 0x123c  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
13:08:02.0908 0x123c  CmBatt - ok
13:08:02.0988 0x123c  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
13:08:03.0030 0x123c  cmdide - ok
13:08:03.0099 0x123c  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
13:08:03.0420 0x123c  CNG - ok
13:08:03.0467 0x123c  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
13:08:03.0489 0x123c  Compbatt - ok
13:08:03.0564 0x123c  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
13:08:03.0633 0x123c  CompositeBus - ok
13:08:03.0639 0x123c  COMSysApp - ok
13:08:04.0087 0x123c  [ D0C2CAA17C7B6D2200E1B5AA9D07135E, 5B3705B47DC15F2B61CA3821B883B9CD114D83FCC3344D11EB1D3DF495D75ABE ] cpuz135         C:\Users\Rob\Documents\0_RH_files\cpuid\pc-wizard_2012.2.11\pcwiz_x64.sys
13:08:04.0109 0x123c  cpuz135 - ok
13:08:04.0175 0x123c  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
13:08:04.0218 0x123c  crcdisk - ok
13:08:04.0274 0x123c  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:08:04.0392 0x123c  CryptSvc - ok
13:08:04.0602 0x123c  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
13:08:04.0725 0x123c  CSC - ok
13:08:04.0771 0x123c  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
13:08:04.0857 0x123c  CscService - ok
13:08:04.0925 0x123c  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
13:08:04.0990 0x123c  CtClsFlt - ok
13:08:05.0033 0x123c  [ 0F6AFDE3E0DCE0E53BB6BD5708F2565D, F4EA0A22662A12763E07771238212373A65F0CFBDB61997F06D269D1C776477E ] d554bus         C:\Windows\system32\DRIVERS\d554bus.sys
13:08:05.0056 0x123c  d554bus - ok
13:08:05.0111 0x123c  [ 7B2260B796D5DE34EDE7AE483005FCBB, 8D523E5939DAC8B3863C64D73736BF0031041E10E4B646CF3D348C8F0742F3EA ] d554gps         C:\Windows\system32\DRIVERS\d554gps64.sys
13:08:05.0135 0x123c  d554gps - ok
13:08:05.0165 0x123c  [ 08E22E8784194A09301298A34E2A2126, 50A71ACE6A328352AA0555A0FE9E977437D52E0EF769C9AD98F2086AB486B1EC ] d554mgmt        C:\Windows\system32\DRIVERS\d554mgmt.sys
13:08:05.0185 0x123c  d554mgmt - ok
13:08:05.0253 0x123c  [ F1D48A49C74B84C4822FF6470700235F, 454DEEDE8B4598977114EFF4B2F3830E073F98D0FE147FE24C250B767502D4A1 ] d554unic        C:\Windows\system32\DRIVERS\d554unic.sys
13:08:05.0274 0x123c  d554unic - ok
13:08:05.0317 0x123c  [ CE9C61E6B14841845420F796A6FF429D, 2AC9591396C23FA54C1AAA0F5FD6812D303747CC0EAE844859C008C7D32E0201 ] d557bus         C:\Windows\system32\DRIVERS\d557bus.sys
13:08:05.0369 0x123c  d557bus - ok
13:08:05.0423 0x123c  [ B430F2576FFD60BA50139EAC989EB801, AE4004D175863FE1C5B9DA2891BE33825780B2884E011FF892B70F07DE9AF273 ] d557mgmt        C:\Windows\system32\DRIVERS\d557mgmt.sys
13:08:05.0449 0x123c  d557mgmt - ok
13:08:05.0542 0x123c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:08:05.0662 0x123c  DcomLaunch - ok
13:08:05.0715 0x123c  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:08:05.0868 0x123c  defragsvc - ok
13:08:05.0944 0x123c  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
13:08:06.0042 0x123c  DfsC - ok
13:08:06.0049 0x123c  DgiVecp - ok
13:08:06.0172 0x123c  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:08:06.0314 0x123c  Dhcp - ok
13:08:06.0376 0x123c  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
13:08:06.0487 0x123c  discache - ok
13:08:06.0617 0x123c  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
13:08:06.0755 0x123c  Disk - ok
13:08:06.0825 0x123c  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:08:06.0947 0x123c  Dnscache - ok
13:08:06.0991 0x123c  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
13:08:07.0148 0x123c  dot3svc - ok
13:08:07.0626 0x123c  [ B42ED0320C6E41102FDE0005154849BB, 4DB872E23AD049C3C9FDC0759FC58BFA60DA91B18BC82B611BFA300D26DDFC7A ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
13:08:07.0726 0x123c  Dot4 - ok
13:08:07.0768 0x123c  [ E9F5969233C5D89F3C35E3A66A52A361, C4BD35795C78FB11E6022372CB25DEB570730EFDAD3DC1584368235FF622638C ] Dot4Print       C:\Windows\system32\drivers\Dot4Prt.sys
13:08:07.0860 0x123c  Dot4Print - ok
13:08:07.0884 0x123c  [ FD05A02B0370BC3000F402E543CA5814, 089B1113E640F495F470E8F57060B89546270481B309DC8ED3C3D13A849076A3 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
13:08:07.0959 0x123c  dot4usb - ok
13:08:08.0032 0x123c  [ 0C23BF4CDDBECBACA8659A96C359E0DD, E5050D067247C38FFD1044D9B035E441C887B8CB0066C2CB52419D6942AA88A7 ] DpHost          C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
13:08:08.0839 0x123c  DpHost - detected UnsignedFile.Multi.Generic ( 1 )
13:08:12.0330 0x123c  Detect skipped due to KSN trusted
13:08:12.0330 0x123c  DpHost - ok
13:08:12.0413 0x123c  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
13:08:12.0693 0x123c  DPS - ok
13:08:13.0614 0x123c  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
13:08:13.0767 0x123c  drmkaud - ok
13:08:13.0933 0x123c  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:08:14.0012 0x123c  DXGKrnl - ok
13:08:14.0062 0x123c  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
13:08:14.0368 0x123c  EapHost - ok
13:08:14.0816 0x123c  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
13:08:15.0097 0x123c  ebdrv - ok
13:08:15.0155 0x123c  [ 7E63B3E6B7AE2E458C8A77BB6736A18A, 9B8AF712EA5DEFF26ADD30DBF72F24A19F6D1BC52E880617E77C20030861F928 ] ecnssndis       C:\Windows\System32\Drivers\wwuss64.sys
13:08:15.0241 0x123c  ecnssndis - ok
13:08:15.0264 0x123c  [ 5ACC585E735191F83ABBFDC7C54A2F0E, FF4A6B5F4EB19B111C0B33BECEAA944FF311C44B3593F68C6736E74C8097D19C ] ecnssndisfltr   C:\Windows\System32\Drivers\wwussf64.sys
13:08:15.0342 0x123c  ecnssndisfltr - ok
13:08:15.0372 0x123c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
13:08:15.0491 0x123c  EFS - ok
13:08:15.0579 0x123c  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
13:08:15.0737 0x123c  ehRecvr - ok
13:08:15.0778 0x123c  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
13:08:15.0942 0x123c  ehSched - ok
13:08:16.0025 0x123c  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
13:08:16.0070 0x123c  elxstor - ok
13:08:16.0105 0x123c  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
13:08:16.0181 0x123c  ErrDev - ok
13:08:16.0287 0x123c  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
13:08:16.0404 0x123c  EventSystem - ok
13:08:16.0686 0x123c  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
13:08:16.0794 0x123c  exfat - ok
13:08:16.0845 0x123c  [ A33E0921D0C256E348E0F6D66C77B7F7, FE5038835873159B0E86FDC4A8D7DB15072C7F0BA5B70837271C865E3F0F82F9 ] EyeOneDisplay   C:\Windows\system32\Drivers\i1display_x64.sys
13:08:17.0005 0x123c  EyeOneDisplay - ok
13:08:17.0118 0x123c  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:08:17.0234 0x123c  fastfat - ok
13:08:17.0306 0x123c  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
13:08:17.0529 0x123c  Fax - ok
13:08:17.0557 0x123c  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
13:08:17.0711 0x123c  fdc - ok
13:08:17.0764 0x123c  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
13:08:17.0912 0x123c  fdPHost - ok
13:08:17.0949 0x123c  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
13:08:18.0075 0x123c  FDResPub - ok
13:08:18.0213 0x123c  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:08:18.0238 0x123c  FileInfo - ok
13:08:18.0273 0x123c  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:08:18.0346 0x123c  Filetrace - ok
13:08:18.0369 0x123c  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
13:08:18.0394 0x123c  flpydisk - ok
13:08:18.0623 0x123c  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:08:19.0296 0x123c  FltMgr - ok
13:08:19.0544 0x123c  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
13:08:19.0699 0x123c  FontCache - ok
13:08:19.0872 0x123c  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:08:19.0894 0x123c  FontCache3.0.0.0 - ok
13:08:19.0985 0x123c  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:08:20.0004 0x123c  FsDepends - ok
13:08:20.0077 0x123c  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:08:20.0246 0x123c  Fs_Rec - ok
13:08:20.0317 0x123c  [ 35FD2BB5131714E657B7AB3A78642854, C24AC6D4E0E76B39625FC9051E092439642C3A10122F712C11A562860703F27A ] FTDIBUS         C:\Windows\system32\drivers\ftdibus.sys
13:08:20.0340 0x123c  FTDIBUS - ok
13:08:20.0408 0x123c  [ 196C9BDDBEF9B6D0973F398BEF5B2EEE, D4F9C5CED1E33446B45BD2AFFA6E716B4332AF8716477A80437220AC20C6DFE0 ] FTSER2K         C:\Windows\system32\drivers\ftser2k.sys
13:08:20.0426 0x123c  FTSER2K - ok
13:08:20.0664 0x123c  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:08:20.0688 0x123c  fvevol - ok
13:08:20.0769 0x123c  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
13:08:20.0886 0x123c  gagp30kx - ok
13:08:21.0036 0x123c  [ 50FFA2F6A5BEC5BB7C39AAB76EEA3C58, E7B0934FF69994F61D9186BF28EE8EAADEB4F64BC6FAE895B2602DAC3B311235 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
13:08:21.0114 0x123c  Garmin Core Update Service - ok
13:08:21.0197 0x123c  [ 14908F4F9005C29DE8F5587E271390EE, 43DDFA99F52467F91019DB858989F111EBE48A2BED8D43EA2C15D1FD3C104489 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
13:08:21.0250 0x123c  gfibto - ok
13:08:21.0349 0x123c  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:08:21.0509 0x123c  gpsvc - ok
13:08:21.0618 0x123c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:08:21.0748 0x123c  gupdate - ok
13:08:21.0756 0x123c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:08:21.0831 0x123c  gupdatem - ok
13:08:21.0889 0x123c  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
13:08:22.0046 0x123c  hcw85cir - ok
13:08:22.0148 0x123c  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
13:08:22.0333 0x123c  HDAudBus - ok
13:08:22.0407 0x123c  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
13:08:23.0171 0x123c  HECIx64 - ok
13:08:23.0204 0x123c  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
13:08:23.0466 0x123c  HidBatt - ok
13:08:23.0501 0x123c  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
13:08:23.0600 0x123c  HidBth - ok
13:08:23.0683 0x123c  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
13:08:23.0771 0x123c  HidIr - ok
13:08:23.0818 0x123c  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
13:08:23.0932 0x123c  hidserv - ok
13:08:23.0976 0x123c  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
13:08:24.0033 0x123c  HidUsb - ok
13:08:24.0185 0x123c  [ DD9C88B116408B30F855A76E09DD2962, CF66FAA8281404620FBC7122ADEE65795BAB10B1D9588EA21DF1D83460184512 ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
13:08:24.0210 0x123c  hitmanpro37 - ok
13:08:24.0239 0x123c  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
13:08:24.0405 0x123c  hkmsvc - ok
13:08:24.0673 0x123c  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:08:27.0755 0x123c  HomeGroupListener - ok
13:08:27.0829 0x123c  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:08:27.0945 0x123c  HomeGroupProvider - ok
13:08:28.0034 0x123c  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:08:28.0059 0x123c  HpSAMD - ok
13:08:28.0229 0x123c  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:08:28.0700 0x123c  HTTP - ok
13:08:28.0769 0x123c  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:08:28.0966 0x123c  hwpolicy - ok
13:08:29.0037 0x123c  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
13:08:29.0265 0x123c  i8042prt - ok
13:08:29.0327 0x123c  [ ABBF174CB394F5C437410A788B7E404A, 95554F675329E7062F0936E4E902FEFF2456CAD95D6C9B60DCC213EF6E4C62D8 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
13:08:29.0431 0x123c  iaStor - ok
13:08:29.0484 0x123c  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:08:29.0579 0x123c  iaStorV - ok
13:08:29.0712 0x123c  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:08:29.0784 0x123c  idsvc - ok
13:08:29.0868 0x123c  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
13:08:29.0957 0x123c  iirsp - ok
13:08:30.0167 0x123c  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:08:30.0291 0x123c  IKEEXT - ok
13:08:30.0424 0x123c  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
13:08:30.0535 0x123c  Impcd - ok
13:08:30.0580 0x123c  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
13:08:30.0653 0x123c  intelide - ok
13:08:30.0754 0x123c  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
13:08:30.0875 0x123c  intelppm - ok
13:08:31.0158 0x123c  [ 3DC635B66DD7412E1C9C3A77B8D78F25, D3894065DA2D08744863ECC5EE9027A0E39711A6A56AAB599F1CAF4BB996F42A ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
13:08:31.0179 0x123c  IntuitUpdateService - ok
13:08:31.0288 0x123c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:08:31.0320 0x123c  IntuitUpdateServiceV4 - ok
13:08:31.0374 0x123c  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
13:08:31.0496 0x123c  IPBusEnum - ok
13:08:31.0527 0x123c  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:08:31.0655 0x123c  IpFilterDriver - ok
13:08:31.0725 0x123c  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:08:31.0814 0x123c  iphlpsvc - ok
13:08:31.0878 0x123c  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
13:08:31.0960 0x123c  IPMIDRV - ok
13:08:31.0997 0x123c  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:08:32.0106 0x123c  IPNAT - ok
13:08:32.0126 0x123c  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:08:32.0607 0x123c  IRENUM - ok
13:08:32.0657 0x123c  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:08:32.0757 0x123c  isapnp - ok
13:08:32.0872 0x123c  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
13:08:33.0011 0x123c  iScsiPrt - ok
13:08:33.0090 0x123c  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
13:08:33.0149 0x123c  kbdclass - ok
13:08:33.0200 0x123c  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
13:08:33.0461 0x123c  kbdhid - ok
13:08:33.0492 0x123c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
13:08:33.0525 0x123c  KeyIso - ok
13:08:33.0640 0x123c  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:08:33.0667 0x123c  KSecDD - ok
13:08:33.0747 0x123c  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:08:33.0782 0x123c  KSecPkg - ok
13:08:33.0857 0x123c  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:08:33.0967 0x123c  ksthunk - ok
13:08:34.0066 0x123c  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:08:34.0180 0x123c  KtmRm - ok
13:08:34.0280 0x123c  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:08:34.0412 0x123c  LanmanServer - ok
13:08:34.0696 0x123c  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:08:35.0001 0x123c  LanmanWorkstation - ok
13:08:35.0177 0x123c  [ A6525C69515C3B5EC3B73D33603AA537, 76F28D33AB06659D2E82A7AFCDB1D0782F58B90F2E299F4A3C29E1F266612F49 ] Launch TotalMedia Theatre 6 Driver C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe
13:08:35.0538 0x123c  Launch TotalMedia Theatre 6 Driver - detected UnsignedFile.Multi.Generic ( 1 )
13:08:38.0601 0x123c  Detect skipped due to KSN trusted
13:08:38.0601 0x123c  Launch TotalMedia Theatre 6 Driver - ok
13:08:38.0635 0x123c  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
13:08:38.0747 0x123c  lltdio - ok
13:08:38.0799 0x123c  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:08:38.0886 0x123c  lltdsvc - ok
13:08:38.0924 0x123c  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:08:39.0002 0x123c  lmhosts - ok
13:08:39.0046 0x123c  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
13:08:39.0627 0x123c  LSI_FC - ok
13:08:39.0689 0x123c  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
13:08:39.0743 0x123c  LSI_SAS - ok
13:08:39.0765 0x123c  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:08:39.0798 0x123c  LSI_SAS2 - ok
13:08:39.0823 0x123c  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:08:39.0851 0x123c  LSI_SCSI - ok
13:08:39.0959 0x123c  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:08:40.0092 0x123c  luafv - ok
13:08:40.0158 0x123c  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
13:08:40.0231 0x123c  Mcx2Svc - ok
13:08:40.0320 0x123c  [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
13:08:40.0364 0x123c  MDM - detected UnsignedFile.Multi.Generic ( 1 )
13:08:43.0433 0x123c  Detect skipped due to KSN trusted
13:08:43.0433 0x123c  MDM - ok
13:08:43.0467 0x123c  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
13:08:43.0502 0x123c  megasas - ok
13:08:43.0536 0x123c  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
13:08:43.0585 0x123c  MegaSR - ok
13:08:43.0654 0x123c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
13:08:43.0788 0x123c  MMCSS - ok
13:08:43.0819 0x123c  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
13:08:43.0930 0x123c  Modem - ok
13:08:44.0002 0x123c  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
13:08:44.0087 0x123c  monitor - ok
13:08:44.0142 0x123c  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
13:08:44.0244 0x123c  mouclass - ok
13:08:44.0273 0x123c  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
13:08:44.0328 0x123c  mouhid - ok
13:08:44.0377 0x123c  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:08:44.0401 0x123c  mountmgr - ok
13:08:44.0449 0x123c  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
13:08:44.0489 0x123c  mpio - ok
13:08:44.0526 0x123c  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:08:44.0625 0x123c  mpsdrv - ok
13:08:44.0786 0x123c  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:08:44.0947 0x123c  MpsSvc - ok
13:08:44.0982 0x123c  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:08:45.0128 0x123c  MRxDAV - ok
13:08:45.0209 0x123c  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:08:45.0526 0x123c  mrxsmb - ok
13:08:45.0630 0x123c  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:08:45.0741 0x123c  mrxsmb10 - ok
13:08:45.0804 0x123c  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:08:45.0842 0x123c  mrxsmb20 - ok
13:08:45.0899 0x123c  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
13:08:45.0932 0x123c  msahci - ok
13:08:45.0970 0x123c  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
13:08:46.0047 0x123c  msdsm - ok
13:08:46.0103 0x123c  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
13:08:46.0155 0x123c  MSDTC - ok
13:08:46.0239 0x123c  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:08:46.0304 0x123c  Msfs - ok
13:08:46.0325 0x123c  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:08:46.0398 0x123c  mshidkmdf - ok
13:08:46.0539 0x123c  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:08:46.0565 0x123c  msisadrv - ok
13:08:46.0654 0x123c  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:08:46.0751 0x123c  MSiSCSI - ok
13:08:46.0759 0x123c  msiserver - ok
13:08:46.0829 0x123c  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
13:08:47.0027 0x123c  MSKSSRV - ok
13:08:47.0061 0x123c  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
13:08:47.0176 0x123c  MSPCLOCK - ok
13:08:47.0225 0x123c  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
13:08:47.0332 0x123c  MSPQM - ok
13:08:47.0418 0x123c  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:08:47.0471 0x123c  MsRPC - ok
13:08:47.0564 0x123c  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
13:08:47.0594 0x123c  mssmbios - ok
13:08:47.0710 0x123c  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
13:08:47.0814 0x123c  MSTEE - ok
13:08:47.0833 0x123c  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
13:08:47.0927 0x123c  MTConfig - ok
13:08:48.0030 0x123c  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
13:08:48.0073 0x123c  Mup - ok
13:08:48.0169 0x123c  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
13:08:48.0262 0x123c  napagent - ok
13:08:48.0343 0x123c  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:08:48.0528 0x123c  NativeWifiP - ok
13:08:48.0684 0x123c  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:08:48.0735 0x123c  NDIS - ok
13:08:48.0792 0x123c  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
13:08:48.0919 0x123c  NdisCap - ok
13:08:48.0950 0x123c  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:08:49.0015 0x123c  NdisTapi - ok
13:08:49.0086 0x123c  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
13:08:49.0202 0x123c  Ndisuio - ok
13:08:49.0372 0x123c  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
13:08:49.0503 0x123c  NdisWan - ok
13:08:49.0536 0x123c  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
13:08:49.0634 0x123c  NDProxy - ok
13:08:49.0702 0x123c  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
13:08:49.0821 0x123c  NetBIOS - ok
13:08:49.0910 0x123c  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:08:50.0074 0x123c  NetBT - ok
13:08:50.0100 0x123c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
13:08:50.0161 0x123c  Netlogon - ok
13:08:50.0205 0x123c  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
13:08:50.0328 0x123c  Netman - ok
13:08:50.0384 0x123c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:50.0431 0x123c  NetMsmqActivator - ok
13:08:50.0457 0x123c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:50.0485 0x123c  NetPipeActivator - ok
13:08:50.0539 0x123c  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
13:08:50.0737 0x123c  netprofm - ok
13:08:50.0758 0x123c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:50.0808 0x123c  NetTcpActivator - ok
13:08:50.0816 0x123c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:08:50.0868 0x123c  NetTcpPortSharing - ok
13:08:50.0923 0x123c  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
13:08:50.0973 0x123c  nfrd960 - ok
13:08:51.0007 0x123c  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:08:51.0116 0x123c  NlaSvc - ok
13:08:51.0175 0x123c  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:08:51.0235 0x123c  Npfs - ok
13:08:51.0284 0x123c  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
13:08:51.0388 0x123c  nsi - ok
13:08:51.0413 0x123c  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:08:51.0522 0x123c  nsiproxy - ok
13:08:51.0653 0x123c  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
13:08:51.0774 0x123c  Ntfs - ok
13:08:51.0834 0x123c  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
13:08:51.0949 0x123c  Null - ok
13:08:52.0002 0x123c  [ 554964B900AE2954B8B589B6287034AC, C6C9EA3ADAFEBBF2AF944E4A0656BD795AD37706008CC0CA3F2150BD709476E7 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
13:08:52.0101 0x123c  NVHDA - ok
13:08:53.0946 0x123c  [ 19DEC2416F159182BDAB2585CCBE30C7, 8E23982A2AA3C00D368E186CC6E84B95EF964FC1E1DA5082F300326CFB2514DD ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:08:54.0490 0x123c  nvlddmkm - ok
13:08:55.0222 0x123c  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:08:55.0291 0x123c  nvraid - ok
13:08:55.0388 0x123c  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:08:55.0409 0x123c  nvstor - ok
13:08:55.0464 0x123c  [ C4935C93C03ACA1148E9556092C51262, 464A09BF1C012250826FD8DE833ED087BD962F11DCB69C6199D9528E06CDC82A ] nvsvc           C:\Windows\system32\nvvsvc.exe
13:08:55.0512 0x123c  nvsvc - ok
13:08:55.0566 0x123c  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
13:08:55.0785 0x123c  nv_agp - ok
13:08:55.0931 0x123c  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:08:56.0141 0x123c  odserv - ok
13:08:56.0241 0x123c  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
13:08:56.0328 0x123c  ohci1394 - ok
13:08:56.0372 0x123c  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:08:56.0503 0x123c  ose - ok
13:08:57.0306 0x123c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:08:57.0466 0x123c  p2pimsvc - ok
13:08:57.0502 0x123c  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
13:08:57.0660 0x123c  p2psvc - ok
13:08:57.0689 0x123c  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
13:08:57.0762 0x123c  Parport - ok
13:08:57.0866 0x123c  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:08:57.0926 0x123c  partmgr - ok
13:08:57.0970 0x123c  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:08:58.0062 0x123c  PcaSvc - ok
13:08:58.0067 0x123c  PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - ok
13:08:58.0115 0x123c  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
13:08:58.0142 0x123c  pci - ok
13:08:58.0206 0x123c  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
13:08:58.0247 0x123c  pciide - ok
13:08:58.0299 0x123c  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
13:08:58.0326 0x123c  pcmcia - ok
13:08:58.0366 0x123c  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:08:58.0413 0x123c  pcw - ok
13:08:58.0425 0x123c  PDIHWCTL - ok
13:08:58.0601 0x123c  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:08:58.0852 0x123c  PEAUTH - ok
13:08:58.0992 0x123c  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:08:59.0149 0x123c  PeerDistSvc - ok
13:08:59.0413 0x123c  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:08:59.0879 0x123c  PerfHost - ok
13:09:01.0784 0x123c  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
13:09:02.0058 0x123c  pla - ok
13:09:03.0616 0x123c  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:09:03.0846 0x123c  PlugPlay - ok
13:09:04.0150 0x123c  [ 64CA1485214340CACC315FFDFDED73EF, 3FFF06E313622D3633B4235C1E1B8857DBA8DFA19A6A1E5C3D6D88AE6C6DDCC5 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:09:04.0269 0x123c  Pml Driver HPZ12 - ok
13:09:04.0304 0x123c  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:09:04.0349 0x123c  PNRPAutoReg - ok
13:09:04.0440 0x123c  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:09:04.0577 0x123c  PNRPsvc - ok
13:09:05.0046 0x123c  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:09:05.0166 0x123c  PolicyAgent - ok
13:09:05.0372 0x123c  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
13:09:05.0476 0x123c  Power - ok
13:09:05.0596 0x123c  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
13:09:05.0723 0x123c  PptpMiniport - ok
13:09:05.0826 0x123c  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
13:09:05.0919 0x123c  Processor - ok
13:09:05.0949 0x123c  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:09:06.0071 0x123c  ProfSvc - ok
13:09:06.0169 0x123c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:09:06.0222 0x123c  ProtectedStorage - ok
13:09:06.0371 0x123c  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
13:09:06.0546 0x123c  Psched - ok
13:09:06.0955 0x123c  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
13:09:06.0972 0x123c  PxHlpa64 - ok
13:09:07.0263 0x123c  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
13:09:07.0333 0x123c  ql2300 - ok
13:09:07.0357 0x123c  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
13:09:07.0373 0x123c  ql40xx - ok
13:09:07.0405 0x123c  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
13:09:07.0502 0x123c  QWAVE - ok
13:09:07.0565 0x123c  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:09:07.0626 0x123c  QWAVEdrv - ok
13:09:07.0647 0x123c  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:09:07.0770 0x123c  RasAcd - ok
13:09:07.0847 0x123c  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
13:09:08.0128 0x123c  RasAgileVpn - ok
13:09:08.0174 0x123c  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
13:09:08.0450 0x123c  RasAuto - ok
13:09:08.0655 0x123c  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
13:09:09.0047 0x123c  Rasl2tp - ok
13:09:09.0123 0x123c  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
13:09:09.0438 0x123c  RasMan - ok
13:09:09.0487 0x123c  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:09:10.0144 0x123c  RasPppoe - ok
13:09:10.0187 0x123c  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
13:09:10.0543 0x123c  RasSstp - ok
13:09:10.0600 0x123c  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:09:10.0913 0x123c  rdbss - ok
13:09:10.0987 0x123c  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
13:09:11.0315 0x123c  rdpbus - ok
13:09:11.0330 0x123c  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
13:09:11.0523 0x123c  RDPCDD - ok
13:09:11.0565 0x123c  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:09:11.0663 0x123c  RDPDR - ok
13:09:11.0668 0x123c  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
13:09:12.0106 0x123c  RDPENCDD - ok
13:09:12.0183 0x123c  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
13:09:12.0448 0x123c  RDPREFMP - ok
13:09:12.0501 0x123c  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:09:12.0667 0x123c  RdpVideoMiniport - ok
13:09:12.0698 0x123c  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
13:09:12.0823 0x123c  RDPWD - ok
13:09:12.0860 0x123c  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:09:12.0933 0x123c  rdyboost - ok
13:09:13.0043 0x123c  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:09:13.0151 0x123c  RemoteAccess - ok
13:09:13.0199 0x123c  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:09:13.0265 0x123c  RemoteRegistry - ok
13:09:13.0451 0x123c  [ AD42432D22940B4215177BE113E4919C, BF04E1F942846B928E523727EB03BBFA83FCE535CF7C0A4E787A5CBA46D5BF8D ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:09:13.0579 0x123c  RimUsb - ok
13:09:13.0840 0x123c  [ 4AAFFFA67AC4DFA3D9985D78573887E2, A2A4623A1DFA3C1BF0B09390F3731AFF5616BF9E9144F5DEEAA89B37E445D834 ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:09:13.0973 0x123c  RimVSerPort - ok
13:09:14.0025 0x123c  [ 388D3DD1A6457280F3BADBA9F3ACD6B1, 5C534EA15195B1301C917904627AF09FE2ABA3FEE1641B5C87E8F3191BC49058 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys
13:09:14.0292 0x123c  ROOTMODEM - ok
13:09:14.0610 0x123c  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:09:14.0715 0x123c  RpcEptMapper - ok
13:09:14.0808 0x123c  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
13:09:14.0930 0x123c  RpcLocator - ok
13:09:15.0616 0x123c  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
13:09:15.0806 0x123c  RpcSs - ok
13:09:15.0890 0x123c  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
13:09:16.0015 0x123c  rspndr - ok
13:09:16.0132 0x123c  [ FB39AF63D6617F028BA0EBC21B83360D, 0D306DD9C3F64E4CE01F98883C0C1AE945280FD9D2A0E68ACC75273187F77C5E ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
13:09:16.0267 0x123c  RSUSBSTOR - ok
13:09:16.0368 0x123c  [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
13:09:16.0402 0x123c  RTL8167 - ok
13:09:16.0454 0x123c  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
13:09:16.0904 0x123c  s3cap - ok
13:09:16.0946 0x123c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
13:09:17.0167 0x123c  SamSs - ok
13:09:17.0435 0x123c  [ 3289766038DB2CB14D07DC84392138D5, A7790B787690CC1A8B97E4532090C5295350A836A9474DEA74CEB3E81CF26124 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
13:09:17.0569 0x123c  SASDIFSV - ok
13:09:17.0781 0x123c  [ 58A38E75F3316A83C23DF6173D41F2B5, B0A8CDA1D164B7534FB41AB80792861384709BF0F914F44553275CF20194F1A1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
13:09:17.0826 0x123c  SASKUTIL - ok
13:09:17.0866 0x123c  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:09:17.0926 0x123c  sbp2port - ok
13:09:17.0995 0x123c  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:09:18.0162 0x123c  SCardSvr - ok
13:09:18.0221 0x123c  [ FA895C8D357C9FF0AC5FED6CD5F0D1CC, DFB31BDBB459D68D3E8611B36DAAEF24501E258E369889436F57B802C83B318D ] SCDEmu          C:\Windows\system32\drivers\SCDEmu.sys
13:09:18.0292 0x123c  SCDEmu - ok
13:09:18.0424 0x123c  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:09:18.0822 0x123c  scfilter - ok
13:09:18.0981 0x123c  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
13:09:19.0170 0x123c  Schedule - ok
13:09:19.0245 0x123c  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:09:19.0410 0x123c  SCPolicySvc - ok
13:09:19.0432 0x123c  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:09:19.0707 0x123c  SDRSVC - ok
13:09:19.0832 0x123c  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
13:09:20.0146 0x123c  secdrv - ok
13:09:20.0211 0x123c  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
13:09:20.0371 0x123c  seclogon - ok
13:09:20.0411 0x123c  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
13:09:20.0942 0x123c  SENS - ok
13:09:20.0997 0x123c  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:09:21.0105 0x123c  SensrSvc - ok
13:09:21.0227 0x123c  [ A33E0921D0C256E348E0F6D66C77B7F7, FE5038835873159B0E86FDC4A8D7DB15072C7F0BA5B70837271C865E3F0F82F9 ] SeqCal          C:\Windows\system32\DRIVERS\SeqCal.sys
13:09:21.0276 0x123c  SeqCal - ok
13:09:21.0330 0x123c  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
13:09:21.0446 0x123c  Serenum - ok
13:09:21.0519 0x123c  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
13:09:21.0553 0x123c  Serial - ok
13:09:21.0616 0x123c  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
13:09:21.0673 0x123c  sermouse - ok
13:09:21.0737 0x123c  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
13:09:21.0812 0x123c  SessionEnv - ok
13:09:21.0868 0x123c  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
13:09:22.0114 0x123c  sffdisk - ok
13:09:22.0146 0x123c  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
13:09:22.0328 0x123c  sffp_mmc - ok
13:09:22.0333 0x123c  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
13:09:22.0689 0x123c  sffp_sd - ok
13:09:22.0747 0x123c  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
13:09:22.0794 0x123c  sfloppy - ok
13:09:22.0864 0x123c  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:09:23.0409 0x123c  SharedAccess - ok
13:09:23.0503 0x123c  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:09:23.0649 0x123c  ShellHWDetection - ok
13:09:23.0705 0x123c  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:09:23.0724 0x123c  SiSRaid2 - ok
13:09:23.0748 0x123c  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
13:09:23.0772 0x123c  SiSRaid4 - ok
13:09:23.0928 0x123c  [ A4FAB5F7818A69DA6E740943CB8F7CA9, 6FA24FD46AD6642B21EF3BE4212FF22F3645EC7B0056859FCA184177F5C85AA2 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
13:09:23.0983 0x123c  SkypeUpdate - ok
13:09:24.0008 0x123c  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
13:09:24.0286 0x123c  Smb - ok
13:09:24.0357 0x123c  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:09:24.0549 0x123c  SNMPTRAP - ok
13:09:24.0625 0x123c  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
13:09:24.0684 0x123c  spldr - ok
13:09:24.0817 0x123c  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
13:09:25.0031 0x123c  Spooler - ok
13:09:25.0584 0x123c  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
13:09:26.0074 0x123c  sppsvc - ok
13:09:26.0284 0x123c  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
13:09:27.0317 0x123c  sppuinotify - ok
13:09:27.0415 0x123c  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:09:27.0785 0x123c  srv - ok
13:09:27.0900 0x123c  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:09:28.0048 0x123c  srv2 - ok
13:09:28.0139 0x123c  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:09:28.0206 0x123c  srvnet - ok
13:09:28.0303 0x123c  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:09:28.0492 0x123c  SSDPSRV - ok
13:09:28.0498 0x123c  SSPORT - ok
13:09:29.0442 0x123c  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:09:29.0719 0x123c  SstpSvc - ok
13:09:30.0080 0x123c  [ DE9E765BD64FFF598E9F3AAB41874D8A, A2C0C64B5D928A6C02A3D658FDDEBDC7F18B26E284B54DD3841F511F4FC7AC2E ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe
13:09:30.0145 0x123c  STacSV - ok
13:09:30.0222 0x123c  [ 9C7BE3666B8953854FEFA2AD9C291D5A, 455E675E6821968436BFD78DCB360197257DEA0C6C4A03087B0E539AEC5A63F7 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
13:09:30.0421 0x123c  stdcfltn - ok
13:09:30.0493 0x123c  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
13:09:30.0693 0x123c  stexstor - ok
13:09:30.0776 0x123c  [ 3FE584503DC68CD206143BC334C43484, AF6A3E3A1D307E5C72B3861A3E5D5F29425B1CADE52C4501B90545CF256C3210 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
13:09:30.0910 0x123c  STHDA - ok
13:09:31.0082 0x123c  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
13:09:31.0161 0x123c  StillCam - ok
13:09:31.0269 0x123c  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
13:09:31.0444 0x123c  stisvc - ok
13:09:31.0496 0x123c  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:09:31.0532 0x123c  storflt - ok
13:09:31.0573 0x123c  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
13:09:32.0012 0x123c  StorSvc - ok
13:09:32.0061 0x123c  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:09:32.0168 0x123c  storvsc - ok
13:09:32.0223 0x123c  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
13:09:32.0314 0x123c  swenum - ok
13:09:32.0456 0x123c  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
13:09:33.0723 0x123c  swprv - ok
13:09:33.0831 0x123c  [ 064A2530A4A7C7CEC1BE6A1945645BE4, 06E4B59B6BFCEE1E2F1EDED77621C9DFED09F460E94065E528A2F746B568193D ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
13:09:33.0868 0x123c  SynTP - ok
13:09:34.0064 0x123c  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
13:09:34.0211 0x123c  SysMain - ok
13:09:34.0289 0x123c  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:09:34.0400 0x123c  TabletInputService - ok
13:09:34.0451 0x123c  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:09:34.0615 0x123c  TapiSrv - ok
13:09:34.0677 0x123c  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
13:09:34.0770 0x123c  TBS - ok
13:09:35.0018 0x123c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:09:35.0112 0x123c  Tcpip - ok
13:09:35.0234 0x123c  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
13:09:35.0613 0x123c  TCPIP6 - ok
13:09:35.0799 0x123c  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:09:36.0105 0x123c  tcpipreg - ok
13:09:36.0152 0x123c  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
13:09:36.0382 0x123c  TDPIPE - ok
13:09:36.0417 0x123c  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
13:09:37.0203 0x123c  TDTCP - ok
13:09:37.0353 0x123c  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:09:37.0575 0x123c  tdx - ok
13:09:37.0639 0x123c  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
13:09:37.0660 0x123c  TermDD - ok
13:09:37.0714 0x123c  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
13:09:37.0867 0x123c  TermService - ok
13:09:37.0903 0x123c  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
13:09:38.0125 0x123c  Themes - ok
13:09:38.0177 0x123c  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
13:09:38.0311 0x123c  THREADORDER - ok
13:09:38.0355 0x123c  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
13:09:38.0848 0x123c  TrkWks - ok
13:09:39.0034 0x123c  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:09:39.0238 0x123c  TrustedInstaller - ok
13:09:39.0296 0x123c  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
13:09:39.0455 0x123c  tssecsrv - ok
13:09:39.0539 0x123c  [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
13:09:39.0666 0x123c  TsUsbFlt - ok
13:09:39.0845 0x123c  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
13:09:39.0937 0x123c  tunnel - ok
13:09:39.0987 0x123c  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
13:09:40.0044 0x123c  uagp35 - ok
13:09:40.0149 0x123c  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:09:40.0355 0x123c  udfs - ok
13:09:40.0421 0x123c  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:09:40.0519 0x123c  UI0Detect - ok
13:09:40.0980 0x123c  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
13:09:41.0014 0x123c  uliagpkx - ok
13:09:41.0073 0x123c  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
13:09:41.0160 0x123c  umbus - ok
13:09:41.0236 0x123c  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
13:09:41.0305 0x123c  UmPass - ok
13:09:41.0389 0x123c  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:09:41.0518 0x123c  UmRdpService - ok
13:09:41.0609 0x123c  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
13:09:41.0717 0x123c  upnphost - ok
13:09:41.0831 0x123c  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
13:09:41.0907 0x123c  usbaudio - ok
13:09:42.0043 0x123c  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
13:09:42.0180 0x123c  usbccgp - ok
13:09:42.0278 0x123c  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
13:09:42.0371 0x123c  usbcir - ok
13:09:42.0419 0x123c  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
13:09:42.0679 0x123c  usbehci - ok
13:09:42.0758 0x123c  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
13:09:43.0069 0x123c  usbhub - ok
13:09:43.0240 0x123c  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
13:09:43.0326 0x123c  usbohci - ok
13:09:43.0422 0x123c  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
13:09:47.0214 0x123c  usbprint - ok
13:09:48.0358 0x123c  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\drivers\usbscan.sys
13:09:48.0462 0x123c  usbscan - ok
13:09:48.0959 0x123c  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:09:49.0053 0x123c  USBSTOR - ok
13:09:49.0647 0x123c  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
13:09:49.0673 0x123c  usbuhci - ok
13:09:49.0974 0x123c  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
13:09:50.0068 0x123c  usbvideo - ok
13:09:51.0221 0x123c  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
13:09:51.0365 0x123c  UxSms - ok
13:09:51.0909 0x123c  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
13:09:51.0930 0x123c  VaultSvc - ok
13:09:52.0353 0x123c  [ 20C2342A2B11545601FAB8A0C8026F6E, E97158A3439B72BA59A5425C17E9DBE1B853B42ED900EF3BDBDDAEFE0966A766 ] vcsFPService    C:\Windows\system32\vcsFPService.exe
13:09:52.0435 0x123c  vcsFPService - ok
13:09:52.0600 0x123c  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:09:52.0615 0x123c  vdrvroot - ok
13:09:52.0883 0x123c  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
13:09:52.0995 0x123c  vds - ok
13:09:53.0271 0x123c  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
13:09:53.0300 0x123c  vga - ok
13:09:53.0908 0x123c  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
13:09:54.0011 0x123c  VgaSave - ok
13:09:54.0786 0x123c  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
13:09:54.0808 0x123c  vhdmp - ok
13:09:55.0083 0x123c  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
13:09:55.0104 0x123c  viaide - ok
13:09:55.0250 0x123c  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:09:55.0271 0x123c  vmbus - ok
13:09:55.0396 0x123c  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
13:09:55.0487 0x123c  VMBusHID - ok
13:09:55.0776 0x123c  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:09:55.0793 0x123c  volmgr - ok
13:09:56.0383 0x123c  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:09:56.0455 0x123c  volmgrx - ok
13:09:56.0808 0x123c  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:09:56.0845 0x123c  volsnap - ok
13:09:56.0916 0x123c  [ B4A73CA4EF9A02B9738CEA9AD5FE5917, B6A8086189FE2F1C3FE5B3F484FBA3DB2E5E1836F3154D30090F136C27D16166 ] vpcbus          C:\Windows\system32\DRIVERS\vpchbus.sys
13:09:56.0939 0x123c  vpcbus - ok
13:09:57.0031 0x123c  [ E675FB2B48C54F09895482E2253B289C, 68BBFBF2356C849722E429CA753CC309A3CCE8CF00EBDBBD2695ECD292324DF2 ] vpcnfltr        C:\Windows\system32\DRIVERS\vpcnfltr.sys
13:09:57.0138 0x123c  vpcnfltr - ok
13:09:57.0172 0x123c  [ 5FB42082B0D19A0268705F1DD343DF20, 62F8EEE6A507CE6A8BD638020118D71B78332F79BA82654AB702AE46B04767D9 ] vpcusb          C:\Windows\system32\DRIVERS\vpcusb.sys
13:09:57.0859 0x123c  vpcusb - ok
13:09:58.0064 0x123c  [ 63F4E10873BEB4124028C6D1A66B0968, 57088A18CC4BD5A31F40E7118A5DDAA1731A06B91D3870471FBEA705B38E0A57 ] vpcuxd          C:\Windows\system32\DRIVERS\vpcuxd.sys
13:09:58.0222 0x123c  vpcuxd - ok
13:09:58.0306 0x123c  [ 207B6539799CC1C112661A9B620DD233, 6B915CC7F77C867516D94865D7BF2E5C815402EF0A4488C3EB2FEF7CFA6C98F6 ] vpcvmm          C:\Windows\system32\drivers\vpcvmm.sys
13:09:58.0449 0x123c  vpcvmm - ok
13:09:58.0721 0x123c  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
13:09:58.0755 0x123c  vsmraid - ok
13:09:59.0601 0x123c  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
13:09:59.0886 0x123c  VSS - ok
13:10:00.0032 0x123c  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
13:10:00.0150 0x123c  vwifibus - ok
13:10:00.0441 0x123c  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
13:10:00.0753 0x123c  vwififlt - ok
13:10:00.0890 0x123c  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
13:10:01.0501 0x123c  W32Time - ok
13:10:01.0830 0x123c  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
13:10:02.0003 0x123c  WacomPen - ok
13:10:02.0059 0x123c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
13:10:02.0295 0x123c  WANARP - ok
13:10:02.0356 0x123c  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:10:02.0520 0x123c  Wanarpv6 - ok
13:10:02.0699 0x123c  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
13:10:03.0070 0x123c  WatAdminSvc - ok
13:10:03.0677 0x123c  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
13:10:03.0971 0x123c  wbengine - ok
13:10:04.0554 0x123c  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:10:04.0704 0x123c  WbioSrvc - ok
13:10:04.0825 0x123c  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:10:05.0014 0x123c  wcncsvc - ok
13:10:05.0061 0x123c  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:10:05.0459 0x123c  WcsPlugInService - ok
13:10:05.0701 0x123c  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
13:10:05.0717 0x123c  Wd - ok
13:10:06.0282 0x123c  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:10:06.0324 0x123c  Wdf01000 - ok
13:10:06.0969 0x123c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:10:07.0681 0x123c  WdiServiceHost - ok
13:10:08.0201 0x123c  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:10:08.0254 0x123c  WdiSystemHost - ok
13:10:08.0575 0x123c  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
13:10:08.0741 0x123c  WebClient - ok
13:10:08.0952 0x123c  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:10:09.0048 0x123c  Wecsvc - ok
13:10:09.0108 0x123c  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:10:09.0254 0x123c  wercplsupport - ok
13:10:09.0346 0x123c  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:10:09.0422 0x123c  WerSvc - ok
13:10:09.0481 0x123c  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
13:10:09.0594 0x123c  WfpLwf - ok
13:10:09.0780 0x123c  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:10:09.0827 0x123c  WIMMount - ok
13:10:10.0213 0x123c  WinDefend - ok
13:10:10.0580 0x123c  WinHttpAutoProxySvc - ok
13:10:10.0936 0x123c  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:10:11.0022 0x123c  Winmgmt - ok
13:10:11.0671 0x123c  [ 0C0195C48B6B8582FA6F6373032118DA, 11BD2C9F9E2397C9A16E0990E4ED2CF0679498FE0FD418A3DFDAC60B5C160EE5 ] WinRing0_1_2_0  C:\Program Files (x86)\BatteryCare\WinRing0x64.sys
13:10:11.0706 0x123c  WinRing0_1_2_0 - ok
13:10:12.0036 0x123c  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
13:10:12.0179 0x123c  WinRM - ok
13:10:13.0194 0x123c  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
13:10:13.0233 0x123c  WinUSB - ok
13:10:13.0582 0x123c  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
13:10:13.0711 0x123c  Wlansvc - ok
13:10:14.0019 0x123c  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
13:10:14.0136 0x123c  WmiAcpi - ok
13:10:14.0227 0x123c  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:10:14.0380 0x123c  wmiApSrv - ok
13:10:14.0804 0x123c  WMPNetworkSvc - ok
13:10:14.0839 0x123c  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
13:10:14.0986 0x123c  WPCSvc - ok
13:10:15.0051 0x123c  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:10:15.0179 0x123c  WPDBusEnum - ok
13:10:15.0243 0x123c  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:10:15.0358 0x123c  ws2ifsl - ok
13:10:15.0404 0x123c  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
13:10:15.0519 0x123c  wscsvc - ok
13:10:15.0568 0x123c  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
13:10:15.0602 0x123c  WSDPrintDevice - ok
13:10:15.0607 0x123c  WSearch - ok
13:10:16.0140 0x123c  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:10:16.0258 0x123c  wuauserv - ok
13:10:16.0430 0x123c  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:10:16.0526 0x123c  WudfPf - ok
13:10:16.0944 0x123c  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
13:10:17.0072 0x123c  WUDFRd - ok
13:10:17.0152 0x123c  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:10:17.0230 0x123c  wudfsvc - ok
13:10:17.0283 0x123c  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:10:17.0427 0x123c  WwanSvc - ok
13:10:17.0441 0x123c  ================ Scan global ===============================
13:10:17.0571 0x123c  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
13:10:17.0651 0x123c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:10:17.0712 0x123c  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
13:10:17.0823 0x123c  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
13:10:18.0082 0x123c  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
13:10:18.0094 0x123c  [ Global ] - ok
13:10:18.0287 0x123c  ================ Scan MBR ==================================
13:10:18.0583 0x123c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:10:21.0151 0x123c  \Device\Harddisk0\DR0 - ok
13:10:21.0162 0x123c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:10:21.0393 0x123c  \Device\Harddisk1\DR1 - ok
13:10:21.0394 0x123c  ================ Scan VBR ==================================
13:10:21.0418 0x123c  [ 0139849E96E0F56278194B06D1518BC8 ] \Device\Harddisk0\DR0\Partition1
13:10:21.0419 0x123c  \Device\Harddisk0\DR0\Partition1 - ok
13:10:21.0464 0x123c  [ 780DAC807F6BBA1B37F546088AAAF6D8 ] \Device\Harddisk0\DR0\Partition2
13:10:21.0465 0x123c  \Device\Harddisk0\DR0\Partition2 - ok
13:10:21.0471 0x123c  [ 9DF2116B975A07D3FCA4B7A8D6064615 ] \Device\Harddisk1\DR1\Partition1
13:10:21.0473 0x123c  \Device\Harddisk1\DR1\Partition1 - ok
13:10:21.0475 0x123c  ================ Scan generic autorun ======================
13:10:21.0475 0x123c  SynTPEnh - ok
13:10:21.0503 0x123c  SysTrayApp - ok
13:10:21.0549 0x123c  [ 0BBFE08ECCE8A209D07C3B68D63FC293, 0374316F3586D191437F5A54F9A322B3F68002652920477DBCFD48EF049E6F21 ] C:\Windows\system32\igfxtray.exe
13:10:21.0854 0x123c  IgfxTray - ok
13:10:22.0215 0x123c  [ 2F16207A65B62001FC73E6798D0B8F2A, 44B3B7E0ED654480EE6CB238976FCDC745BE3EFD7CDC71B262146A4CE63731CD ] C:\Windows\system32\hkcmd.exe
13:10:22.0274 0x123c  HotKeysCmds - ok
13:10:22.0390 0x123c  [ B69A01794D44C769C2575AE75E2EB31F, CE19EEA3F738A5F2A2C43EB6699AACB21D798B9649D744FB983868FB3E58E7C1 ] C:\Windows\system32\igfxpers.exe
13:10:22.0417 0x123c  Persistence - ok
13:10:22.0421 0x123c  NvCplDaemon - ok
13:10:23.0014 0x123c  [ 9728261A86133F808D3856091F6F0A7E, 4B7E65955BD7AF87B9AB6C0B96B64C0206EF70753C4E13FF4D94E9E8C0650A04 ] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
13:10:23.0291 0x123c  FreeFallProtection - ok
13:10:23.0386 0x123c  [ 5EF52D014D7AA715A29B0667F9DF3FD5, F252472121A1A1A5E22646AF28863FFAB8FF000ACF8AE7962FB534CF2615C7AB ] C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
13:10:23.0466 0x123c  MFNetworkScanUtility - ok
13:10:23.0664 0x123c  [ 2059A96CB2254829488A6A676AA4BA15, 7CDA5CB5D251B7AC9A48189F86E663C5BB01C3EC3C2E360CC2BFD08C0F68B3B7 ] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
13:10:23.0731 0x123c  DpAgent - detected UnsignedFile.Multi.Generic ( 1 )
13:10:30.0716 0x123c  Detect skipped due to KSN trusted
13:10:30.0716 0x123c  DpAgent - ok
13:10:30.0968 0x123c  [ 4819FE417CAE03CED65F19FE887F2C46, 6001E688DF4F00871198B5B63738DB730C7658BF84A2609D0DA1561AEC886D54 ] C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe
13:10:31.0047 0x123c  SignIn - ok
13:10:31.0472 0x123c  [ 58C336B8D6744F7E7B895748F3C92CEA, B586CADF768C6F5B6D34BB22BDF78CBF57443436FFE50394C27EAADAAEDBC1A2 ] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
13:10:31.0498 0x123c  RIMBBLaunchAgent.exe - ok
13:10:31.0656 0x123c  [ E66532FD491AD5604C36916715FBA092, 43FA8EF2025E7F1281CA024CB2EB2A433310E1515DCA9359035B3FB4BAE1FA8C ] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
13:10:31.0677 0x123c  Adobe Reader Speed Launcher - ok
13:10:35.0063 0x123c  [ 3CB07566302BCEEB898DE270A0BEC175, B234D1044D8702A0929BB48F729EB5078B44AA7CD574B6482633B51289E70200 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
13:10:35.0157 0x123c  Adobe ARM - ok
13:10:41.0387 0x123c  [ DF7AEEC25E5C006EEC61206476F48629, 74CAA4285D776D3151DABF25771F67137F271DB6A4D292F89232A245E365FB5D ] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
13:10:41.0788 0x123c  Ad-Aware Browsing Protection - ok
13:10:42.0009 0x123c  {2473955c-6075-0231-9d13-7652ef586d45} - ok
13:10:42.0037 0x123c  {6e875e62-48b8-d1bd-12e0-aaccf4eeef89} - ok
13:10:43.0050 0x123c  [ 361B0893A5C6741F347568A3232D2822, A1085FD8DCEA67E3760C5204C4FC0EADAAC2A9E3A1A498B0BE2F0883EE2B1A04 ] C:\Program Files (x86)\AVG\AVG2014\avgui.exe
13:10:44.0164 0x123c  AVG_UI - ok
13:10:45.0867 0x123c  [ 26B558B2D31C7425B455B00E562EAD93, B64D128A2F1FC42BA4376F8EB08D70F4B705745CB983D0631DB45851BF34BBDF ] C:\Program Files\AVAST Software\Avast\AvastUI.exe
13:10:46.0256 0x123c  AvastUI.exe - ok
13:10:46.0734 0x123c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:10:47.0196 0x123c  Sidebar - ok
13:10:47.0330 0x123c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:10:47.0444 0x123c  mctadmin - ok
13:10:47.0595 0x123c  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
13:10:47.0667 0x123c  Sidebar - ok
13:10:47.0739 0x123c  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
13:10:47.0771 0x123c  mctadmin - ok
13:10:47.0895 0x123c  [ C3C2C4CEC6103058BAEF88160F3BEB03, 7157EDD15D07E74FF9B6939405F192B1A6A7F79BD9774C16D9596D7CE690C6A4 ] C:\Program Files (x86)\BatteryCare\BatteryCare.exe
13:10:48.0028 0x123c  BatteryCare - detected UnsignedFile.Multi.Generic ( 1 )
13:10:48.0147 0x123c  BatteryCare ( UnsignedFile.Multi.Generic ) - warning
13:10:48.0567 0x123c  [ D5D021AEFA851CD0E8948EA4974EF88C, 596C02AFAB31F44A52E8F3BEEC869557C5DB3CDFB2A559721F25614EFE768D53 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
13:10:48.0733 0x123c  GarminExpressTrayApp - ok
13:10:48.0739 0x123c  AzarSohna - ok
13:10:49.0180 0x123c  [ 0E18B182956D7ADCE7C1DD20D6B91C90, 120EC20D9A581A3812290F7C53C0C51ECE299220D10DBBB9B43600499B1F04C3 ] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
13:10:49.0293 0x123c  FlashPlayerUpdate - ok
13:10:49.0824 0x123c  [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
13:10:50.0185 0x123c  Sidebar - ok
13:10:52.0430 0x123c  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x40000 ( disabled : updated )
13:10:52.0523 0x123c  AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2021.515 ), 0x41000 ( enabled : updated )
13:10:53.0229 0x123c  Win FW state via NFP2: enabled
13:10:53.0255 0x123c  ============================================================
13:10:53.0255 0x123c  Scan finished
13:10:53.0255 0x123c  ============================================================
13:10:53.0273 0x1a44  Detected object count: 1
13:10:53.0273 0x1a44  Actual detected object count: 1
13:11:51.0935 0x1a44  BatteryCare ( UnsignedFile.Multi.Generic ) - skipped by user
13:11:51.0935 0x1a44  BatteryCare ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#5 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 12:24 PM

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Rob (administrator) on DGYYPP1 on 06-09-2014 12:48:37
Running from C:\Users\Rob\Desktop\FRST
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [726640 2010-08-02] ()
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [SignIn] => C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe [1734512 2010-03-09] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [{2473955c-6075-0231-9d13-7652ef586d45}] => "C:\Users\Rob\AppData\Local\Microsoft\{2473955c-6075-0231-9d13-7652ef586d45}\{2473955c-6075-0231-9d13-7652ef586d45}.exe"
HKLM-x32\...\Run: [{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}] => "C:\Users\Rob\AppData\Local\Microsoft\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}.exe"
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [{2473955c-6075-0231-9d13-7652ef586d45}] => "C:\Users\Rob\AppData\Local\Microsoft\{2473955c-6075-0231-9d13-7652ef586d45}\{2473955c-6075-0231-9d13-7652ef586d45}.exe" No File
HKLM\...\Policies\Explorer\Run: [{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}] => "C:\Users\Rob\AppData\Local\Microsoft\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}.exe" No File
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [791552 2014-03-02] (Filipe Lourenço)
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Run: [AzarSohna] => regsvr32.exe "C:\ProgramData\AzarSohna\AzarSohna.dat"
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe [839560 2013-12-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Policies\Explorer: [HideSCAPower] 0
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\MountPoints2: {eafd5b79-86e5-11e3-8ccd-f04da2b95e98} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\start.exe
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
ShortcutTarget: Logo Calibration Loader.lnk -> C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk
ShortcutTarget: ProfileReminder.lnk -> C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
SearchScopes: HKLM-x32 - DefaultScope {62E6A3A7-C20B-4978-8978-2DB4E91D197E} URL = 
SearchScopes: HKCU - {B41B28E6-44FD-4F8C-80A5-97741A8C4BDE} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123487&q={searchTerms}
BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> BD6A41B8E9B0D2267AC4E4B22453D466D9F868123F8A1EF77D797C5FCCFC309B
CHR DefaultSearchURL: Default -> F4C15DDB0C30A23991B6EEB495FF6280020A64A2B7EBF36B8CB416572F725539
CHR Profile: C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Google Search) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]
CHR Extension: (Default Extension) - C:\Users\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadfddgddadcdcdjdhdidcgedeggdcge [2013-01-07]
CHR HKCU\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Rob\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Rob\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S2 Launch TotalMedia Theatre 6 Driver; C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-11-20] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 cpuz135; C:\Users\Rob\Documents\0_RH_files\cpuid\pc-wizard_2012.2.11\pcwiz_x64.sys [24368 2013-03-31] (CPUID)
S3 d554bus; C:\Windows\system32\DRIVERS\d554bus.sys [118272 2009-11-16] (MCCI Corporation)
S3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [96296 2009-11-16] (Ericsson AB)
S3 d554mgmt; C:\Windows\system32\DRIVERS\d554mgmt.sys [141312 2009-11-16] (MCCI Corporation)
S3 d554unic; C:\Windows\system32\DRIVERS\d554unic.sys [153600 2009-11-16] (MCCI Corporation)
S3 d557bus; C:\Windows\system32\DRIVERS\d557bus.sys [328704 2009-11-16] (MCCI Corporation)
S3 d557mgmt; C:\Windows\system32\DRIVERS\d557mgmt.sys [376320 2009-11-16] (MCCI Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2009-11-16] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2009-11-16] (Ericsson AB)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2014-02-13] (GretagMacbeth LLC)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-12] (GFI Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2012-12-15] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SeqCal; C:\Windows\System32\DRIVERS\SeqCal.sys [7808 2006-05-18] (GretagMacbeth LLC)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-05-28] (Samsung Electronics)
S3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S4 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 11:20 - 2014-09-06 11:20 - 00010215 _____ () C:\Users\Rob\Desktop\attach.txt
2014-09-06 11:20 - 2014-09-06 11:19 - 00018426 _____ () C:\Users\Rob\Desktop\dds.txt
2014-09-06 11:11 - 2014-09-06 11:21 - 00000000 ____D () C:\Users\Rob\Desktop\bleeping
2014-09-05 22:19 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\AzarSohna
2014-09-05 22:18 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-09-05 02:42 - 2014-09-05 22:23 - 00000448 _____ () C:\Windows\setupact.log
2014-09-05 02:42 - 2014-09-05 02:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-04 20:18 - 2014-09-04 20:18 - 00002868 _____ () C:\Users\Rob\Documents\cc_20140904_201842.reg
2014-09-04 20:17 - 2014-09-04 20:17 - 00069192 _____ () C:\Users\Rob\Documents\cc_20140904_201722.reg
2014-09-03 22:09 - 2014-09-03 22:09 - 00000000 _____ () C:\prefs.js
2014-09-03 22:08 - 2014-09-06 12:48 - 00000000 ____D () C:\FRST
2014-09-03 21:58 - 2014-09-06 12:48 - 00000000 ____D () C:\Users\Rob\Desktop\FRST
2014-09-03 20:45 - 2014-09-03 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-03 20:43 - 2014-09-03 20:43 - 02347384 _____ (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe
2014-09-03 20:25 - 2014-09-03 20:25 - 00002627 _____ () C:\Users\Rob\Desktop\fixdll.txt
2014-09-02 23:06 - 2014-09-02 23:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\AVAST Software
2014-09-02 23:00 - 2014-09-02 23:00 - 00001932 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 23:00 - 2014-09-02 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 22:59 - 2014-09-02 23:07 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 22:59 - 2014-09-02 22:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 22:59 - 2014-09-02 22:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-09-02 22:46 - 2014-09-02 22:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 22:16 - 2014-09-02 22:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 22:12 - 2014-09-02 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Rob\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-02 19:36 - 2014-09-02 21:47 - 00009046 _____ () C:\Users\Rob\Desktop\avgrep.txt
2014-09-02 06:55 - 2014-09-02 06:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rob\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 21:50 - 2014-09-01 21:50 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (2).exe
2014-09-01 21:47 - 2014-09-01 21:47 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-01 21:43 - 2014-09-01 21:43 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (1).exe
2014-09-01 21:35 - 2014-09-01 21:35 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-01 21:27 - 2014-09-01 21:27 - 00112568 _____ () C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-01 15:29 - 2014-09-01 19:16 - 00000000 ____D () C:\Users\Rob\Documents\Softub
2014-08-27 20:44 - 2014-09-02 00:10 - 00011266 _____ () C:\Windows\system32\avgrep.txt
2014-08-23 23:03 - 2013-11-20 09:57 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2014-08-23 23:03 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2014-08-23 23:02 - 2014-08-27 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2014-08-23 23:02 - 2014-08-23 23:02 - 00002236 _____ () C:\Users\Public\Desktop\TotalMedia Theatre 6.lnk
2014-08-23 22:57 - 2014-08-23 22:57 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-08-23 22:41 - 2014-08-23 22:41 - 00003174 _____ () C:\Windows\System32\Tasks\{5FB14BD5-CE90-445B-B22F-D2ED5FFFB2A8}
2014-08-23 22:37 - 2014-08-23 22:38 - 112316872 _____ (ArcSoft ) C:\Users\Rob\Downloads\totalmediatheatre6_retail_tbyb_all (1).exe
2014-08-23 21:46 - 2014-08-27 23:41 - 00000000 ____D () C:\Users\Rob\Downloads\ArcSoft TotalMedia Theatre 6.5.1.150 Final [ChingLiu]
2014-08-23 21:45 - 2014-08-23 21:45 - 00017198 _____ () C:\Users\Rob\Downloads\[kickass.to]arcsoft.totalmedia.theatre.6.5.1.150.final.chingliu.torrent
2014-08-22 18:47 - 2014-08-22 18:50 - 00000000 ____D () C:\Users\Rob\AppData\Local\CottonModel
2014-08-22 18:46 - 2014-08-22 18:46 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-15 22:32 - 2014-08-15 22:32 - 00000000 ____D () C:\BMTechnic
2014-08-15 22:29 - 2014-09-02 18:59 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-08-15 22:22 - 2014-08-15 22:22 - 00000000 ____D () C:\Users\Rob\Downloads\Bmtechnic
2014-08-15 22:20 - 2014-09-02 19:01 - 00000000 ____D () C:\ProgramData\Online
2014-08-15 22:20 - 2014-08-15 22:29 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\serv
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\device
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 19:31 - 2014-08-15 19:31 - 00000000 ____D () C:\Users\Rob\Documents\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Users\Rob\AppData\Local\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Program Files\DIFX
2014-08-15 19:26 - 2014-08-15 19:27 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 19:26 - 2014-08-15 19:26 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-14 22:42 - 2014-08-14 23:20 - 00002705 _____ () C:\Users\Rob\Desktop\bmw_nav.txt
2014-08-14 22:18 - 2014-08-15 06:30 - 00000000 ____D () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014
2014-08-14 22:17 - 2014-08-14 22:17 - 00054111 _____ () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014.torrent
2014-08-08 21:45 - 2014-08-08 21:45 - 00798979 _____ () C:\Users\Rob\Downloads\JTF_2014-06-18_v2.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 12:54 - 2012-12-09 22:18 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 12:48 - 2014-09-03 22:08 - 00000000 ____D () C:\FRST
2014-09-06 12:48 - 2014-09-03 21:58 - 00000000 ____D () C:\Users\Rob\Desktop\FRST
2014-09-06 12:44 - 2011-03-30 10:22 - 01059959 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 11:21 - 2014-09-06 11:11 - 00000000 ____D () C:\Users\Rob\Desktop\bleeping
2014-09-06 11:20 - 2014-09-06 11:20 - 00010215 _____ () C:\Users\Rob\Desktop\attach.txt
2014-09-06 11:19 - 2014-09-06 11:20 - 00018426 _____ () C:\Users\Rob\Desktop\dds.txt
2014-09-06 10:52 - 2011-04-05 20:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-05 22:33 - 2009-07-14 00:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-05 22:33 - 2009-07-14 00:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-05 22:25 - 2013-01-12 18:00 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-09-05 22:25 - 2012-12-09 22:18 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-05 22:23 - 2014-09-05 02:42 - 00000448 _____ () C:\Windows\setupact.log
2014-09-05 22:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-05 22:19 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\AzarSohna
2014-09-05 22:19 - 2014-09-05 22:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-09-05 02:42 - 2014-09-05 02:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 01:39 - 2014-07-27 11:21 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Winamp
2014-09-05 01:38 - 2011-03-30 13:16 - 00000000 ____D () C:\Windows\Panther
2014-09-05 01:37 - 2012-08-20 17:36 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 20:18 - 2014-09-04 20:18 - 00002868 _____ () C:\Users\Rob\Documents\cc_20140904_201842.reg
2014-09-04 20:17 - 2014-09-04 20:17 - 00069192 _____ () C:\Users\Rob\Documents\cc_20140904_201722.reg
2014-09-03 22:09 - 2014-09-03 22:09 - 00000000 _____ () C:\prefs.js
2014-09-03 20:45 - 2014-09-03 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-03 20:43 - 2014-09-03 20:43 - 02347384 _____ (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe
2014-09-03 20:25 - 2014-09-03 20:25 - 00002627 _____ () C:\Users\Rob\Desktop\fixdll.txt
2014-09-02 23:07 - 2014-09-02 22:59 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 23:06 - 2014-09-02 23:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\AVAST Software
2014-09-02 23:04 - 2013-10-13 19:12 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\BatteryCare
2014-09-02 23:00 - 2014-09-02 23:00 - 00001932 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 23:00 - 2014-09-02 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 22:59 - 2014-09-02 22:59 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 22:59 - 2014-09-02 22:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 22:59 - 2014-09-02 22:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-09-02 22:46 - 2014-09-02 22:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 22:46 - 2014-09-02 22:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 22:21 - 2013-04-02 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-02 22:12 - 2014-09-02 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 22:12 - 2014-01-15 18:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-02 22:12 - 2012-05-15 18:28 - 00000000 ___HD () C:\$AVG
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Rob\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-02 21:47 - 2014-09-02 19:36 - 00009046 _____ () C:\Users\Rob\Desktop\avgrep.txt
2014-09-02 19:01 - 2014-08-15 22:20 - 00000000 ____D () C:\ProgramData\Online
2014-09-02 18:59 - 2014-08-15 22:29 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-09-02 18:59 - 2014-02-21 18:23 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\DigitalSites
2014-09-02 07:09 - 2012-09-29 21:22 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Malwarebytes
2014-09-02 06:55 - 2014-09-02 06:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rob\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 00:10 - 2014-08-27 20:44 - 00011266 _____ () C:\Windows\system32\avgrep.txt
2014-09-01 22:01 - 2011-04-05 17:05 - 00000000 ____D () C:\Users\Rob
2014-09-01 21:50 - 2014-09-01 21:50 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (2).exe
2014-09-01 21:47 - 2014-09-01 21:47 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-01 21:43 - 2014-09-01 21:43 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (1).exe
2014-09-01 21:35 - 2014-09-01 21:35 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-01 21:27 - 2014-09-01 21:27 - 00112568 _____ () C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-01 21:16 - 2012-12-18 23:38 - 00000000 ___RD () C:\Users\Rob\Virtual Machines
2014-09-01 19:16 - 2014-09-01 15:29 - 00000000 ____D () C:\Users\Rob\Documents\Softub
2014-08-31 11:50 - 2012-02-11 09:56 - 00000000 ____D () C:\Users\Rob\Documents\0_RH_files
2014-08-31 11:12 - 2011-04-05 22:20 - 00000000 ____D () C:\Users\Rob\Documents\Outlook_files
2014-08-27 23:41 - 2014-08-23 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2014-08-27 23:41 - 2014-08-23 21:46 - 00000000 ____D () C:\Users\Rob\Downloads\ArcSoft TotalMedia Theatre 6.5.1.150 Final [ChingLiu]
2014-08-27 23:41 - 2014-02-21 17:59 - 00000000 ____D () C:\Users\Rob\Downloads\TotalMedia Theatre 6.0.1.119 Multilingual + Keygen
2014-08-27 23:41 - 2014-02-13 21:56 - 00000000 ____D () C:\Users\Rob\Downloads\Build2.3
2014-08-27 23:41 - 2014-02-05 17:54 - 00000000 ____D () C:\Users\Rob\Downloads\DISNEY_CALIBRATION
2014-08-27 23:41 - 2014-02-05 17:52 - 00000000 ____D () C:\Users\Rob\Downloads\ChromaPure Professional v2.4.2.39345(h33t)(malestom)
2014-08-27 23:41 - 2013-09-21 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-27 23:41 - 2013-09-21 14:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-27 23:41 - 2013-09-21 14:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-27 23:41 - 2012-12-15 17:04 - 00000000 ____D () C:\Users\scan
2014-08-27 23:41 - 2011-04-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-27 23:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-27 23:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-27 20:13 - 2012-09-29 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 19:47 - 2013-01-12 22:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-27 06:57 - 2013-08-12 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-24 10:17 - 2011-06-12 22:05 - 00000000 ____D () C:\Users\Rob\AppData\Local\Deployment
2014-08-24 10:05 - 2014-02-21 17:54 - 00167936 _____ () C:\errlog.dat
2014-08-23 23:13 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\ArcSoft
2014-08-23 23:03 - 2014-02-21 17:54 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-08-23 23:02 - 2014-08-23 23:02 - 00002236 _____ () C:\Users\Public\Desktop\TotalMedia Theatre 6.lnk
2014-08-23 23:02 - 2011-03-30 10:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-23 22:57 - 2014-08-23 22:57 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-08-23 22:41 - 2014-08-23 22:41 - 00003174 _____ () C:\Windows\System32\Tasks\{5FB14BD5-CE90-445B-B22F-D2ED5FFFB2A8}
2014-08-23 22:40 - 2013-01-06 20:12 - 00000000 ____D () C:\Users\Rob\AppData\Local\Downloaded Installations
2014-08-23 22:38 - 2014-08-23 22:37 - 112316872 _____ (ArcSoft ) C:\Users\Rob\Downloads\totalmediatheatre6_retail_tbyb_all (1).exe
2014-08-23 21:45 - 2014-08-23 21:45 - 00017198 _____ () C:\Users\Rob\Downloads\[kickass.to]arcsoft.totalmedia.theatre.6.5.1.150.final.chingliu.torrent
2014-08-22 18:50 - 2014-08-22 18:47 - 00000000 ____D () C:\Users\Rob\AppData\Local\CottonModel
2014-08-22 18:46 - 2014-08-22 18:46 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-20 21:55 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 22:32 - 2014-08-15 22:32 - 00000000 ____D () C:\BMTechnic
2014-08-15 22:29 - 2014-08-15 22:20 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\serv
2014-08-15 22:22 - 2014-08-15 22:22 - 00000000 ____D () C:\Users\Rob\Downloads\Bmtechnic
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\device
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 19:31 - 2014-08-15 19:31 - 00000000 ____D () C:\Users\Rob\Documents\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Users\Rob\AppData\Local\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Program Files\DIFX
2014-08-15 19:27 - 2014-08-15 19:26 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 19:27 - 2012-08-18 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-15 19:27 - 2012-08-18 10:20 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 19:27 - 2012-08-18 09:41 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Garmin
2014-08-15 19:27 - 2012-02-12 21:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 19:26 - 2014-08-15 19:26 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-15 06:30 - 2014-08-14 22:18 - 00000000 ____D () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014
2014-08-14 23:20 - 2014-08-14 22:42 - 00002705 _____ () C:\Users\Rob\Desktop\bmw_nav.txt
2014-08-14 22:17 - 2014-08-14 22:17 - 00054111 _____ () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014.torrent
2014-08-08 21:45 - 2014-08-08 21:45 - 00798979 _____ () C:\Users\Rob\Downloads\JTF_2014-06-18_v2.pptx
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 01:10
 
==================== End Of Log ============================


#6 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 12:25 PM

FRST Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Rob at 2014-09-06 12:56:36
Running from C:\Users\Rob\Desktop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.11 - STMicroelectronics)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.82 - Lavasoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.7.1.199 - ArcSoft) Hidden
AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
BatteryCare 0.9.16.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.16.0 - Filipe Lourenço)
BlackBerry Device Communication Components (HKLM-x32\...\{4EFE9A4D-D5AF-4F43-A379-BD876CDEDAA0}) (Version: 2.0.0.27 - Research In Motion Ltd.)
BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
CalMANv4 (HKLM-x32\...\{47AE2378-012A-46CA-BA09-F7D88FA601A3}) (Version: 4.6.5.400 - SpectraCal)
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.0 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.11 - COWON)
CutePDF Professional 3.6 (Evaluation) (HKLM-x32\...\CutePDF Professional (Evaluation)_is1) (Version:  - Acro Software Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DigitalPersona Personal 4.01 (HKLM\...\{FC09380E-74BE-41F5-8353-E97113969040}) (Version: 4.02.3769 - DigitalPersona, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Eye-One Diagnostics (HKLM-x32\...\Eye-One Diagnostics_is1) (Version:  - GretagMacbeth)
Eye-One Match 3.6.1 (HKLM-x32\...\Eye-One Match_is1) (Version: 3.6.1 - GretagMacbeth)
Eye-One Share (HKLM-x32\...\Eye-One Share) (Version:  - )
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{C8B7EFDF-28EA-4A17-B89A-C03317E3B5CF}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
i1ColorPoint 1.0 (HKLM-x32\...\i1ColorPoint 1.0) (Version: 1.0.1 - GretagMacbeth)
Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Maintenance Samsung CLX-6220 Series (HKLM-x32\...\Samsung CLX-6220 Series) (Version:  - Samsung Electronics Co.,Ltd)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Online Services Sign In (HKLM-x32\...\{A91E3887-5185-4091-AF33-AB0048444055}) (Version: 1.0.1427.40 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mp3tag v2.57 (HKLM-x32\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
Oplisker 0.1.4 (HKLM-x32\...\{A6C2BC14-AC0B-4EB1-B7F9-E9E9049DBF83}_is1) (Version:  - Ostegn Technology)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 1.3.3 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TagScanner 5.1.649 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wnyiper (x32 Version: 010.000.1549 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2675 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0436 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0210 - Intuit Inc.) Hidden
TurboTax 2011 wnyiper (x32 Version: 011.000.1375 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0120 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (x32 Version: 012.000.1585 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1874 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1311 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax Audit Support Center 3.0 (HKLM-x32\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1) (Version:  - TurboTax)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{661DD62F-D0F2-4573-902B-DBCAAD8229AF}) (Version: 3.1.379 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1309588789-67419149-383204578-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1266CE61-4EB4-4B9E-A61C-B0B964C5FA0D} - System32\Tasks\Digital Sites => C:\Users\Rob\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {21F0A55A-3E01-4DF8-A915-1C31422825E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7837B0BC-7EAC-4E70-A422-19F9D4C7D4E6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {86493929-87C3-4AD0-9168-B15171206B52} - System32\Tasks\4472 => Wscript.exe C:\Users\Rob\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {86C4FF45-31DA-4F63-A34F-B5D9F92382FC} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {ABBED69D-5F4B-45C3-8434-F10862551D5A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B0CE0677-02C7-4E5F-B2CF-B0CA7CACED9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)
Task: {D4F90CC8-41F3-4C3E-AFF3-0DE6CD4DE621} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {D7E51AAF-2F03-4C49-BDF9-F62877DA6C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\Digital Sites.job => C:\Users\Rob\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-05 20:54 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-04-06 10:02 - 2009-05-29 18:35 - 00027648 _____ () C:\Windows\System32\ssy2cl6.dll
2011-03-30 10:35 - 2010-08-02 13:55 - 00726640 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-10-13 19:12 - 2012-07-26 08:27 - 00252928 _____ () C:\Program Files (x86)\BatteryCare\OpenHardwareMonitorLib.dll
2014-09-02 22:59 - 2014-09-02 22:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-05 22:12 - 2014-09-05 22:12 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090502\algo.dll
2014-09-06 10:47 - 2014-09-06 10:47 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090600\algo.dll
2014-09-02 22:59 - 2014-09-02 22:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-11-19 20:49 - 2013-11-19 20:49 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-11-19 20:49 - 2013-11-19 20:49 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Rob\Local Settings:init
AlternateDataStreams: C:\Users\Rob\AppData\Local:init
AlternateDataStreams: C:\Users\Rob\AppData\Local\Application Data:init
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/05/2014 10:19:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000008009f
Faulting process id: 0x1088
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.
 
 
Details:
0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))
 
 
System errors:
=============
Error: (09/05/2014 10:26:50 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/05/2014 10:26:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/05/2014 10:24:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (09/05/2014 10:24:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (09/05/2014 10:24:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Core Update Service service failed to start due to the following error: 
%%1053
 
Error: (09/05/2014 10:24:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Core Update Service service to connect.
 
Error: (09/05/2014 10:23:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (09/05/2014 10:23:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:21:05 PM on ‎9/‎5/‎2014 was unexpected.
 
Error: (09/05/2014 10:12:45 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/05/2014 06:44:56 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2012 10:52:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-13 19:07:45.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:45.277
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:01.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:00.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 22:10:48.633
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 22:10:48.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU M 640 @ 2.80GHz
Percentage of memory in use: 60%
Total physical RAM: 7990.6 MB
Available physical RAM: 3138.58 MB
Total Pagefile: 15979.38 MB
Available Pagefile: 9095.33 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:113.04 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.06 GB) NTFS
Drive g: (HACK_X_1GB) (Removable) (Total:0.93 GB) (Free:0.89 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 15DFF512)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 952.5 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 06 September 2014 - 12:56 PM

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#8 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 02:08 PM

ComboFix 14-09-05.01 - Rob 09/06/2014  14:17:26.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.7991.5877 [GMT -4:00]
Running from: c:\users\Rob\Desktop\bleeping\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Rob\AppData\Roaming\Udsi
c:\users\Rob\AppData\Roaming\Udsi\kego.tmp
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-06 to 2014-09-06  )))))))))))))))))))))))))))))))
.
.
2014-09-06 02:19 . 2014-09-06 02:19 -------- d-----w- c:\programdata\AzarSohna
2014-09-06 02:18 . 2014-09-06 02:18 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-09-04 02:09 . 2014-09-04 02:09 0 ----a-w- C:\prefs.js
2014-09-04 02:08 . 2014-09-06 16:59 -------- d-----w- C:\FRST
2014-09-04 00:45 . 2014-09-04 00:45 -------- d-----w- c:\program files (x86)\ESET
2014-09-03 03:06 . 2014-09-03 03:06 -------- d-----w- c:\users\Rob\AppData\Roaming\AVAST Software
2014-09-03 02:59 . 2014-09-03 03:07 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-09-03 02:59 . 2014-09-03 02:59 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-09-03 02:59 . 2014-09-03 02:59 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-09-03 02:59 . 2014-09-03 02:59 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-09-03 02:59 . 2014-09-03 02:59 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-09-03 02:59 . 2014-09-03 02:59 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-09-03 02:59 . 2014-09-03 02:59 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-09-03 02:59 . 2014-09-03 02:59 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-09-03 02:59 . 2014-09-03 02:59 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-03 02:59 . 2014-09-03 02:59 43152 ----a-w- c:\windows\avastSS.scr
2014-09-03 02:46 . 2014-09-03 02:46 -------- d-----w- c:\program files\AVAST Software
2014-09-03 02:16 . 2014-09-03 02:46 -------- d-----w- c:\programdata\AVAST Software
2014-08-24 23:25 . 2014-08-25 00:21 21504 ----a-w- c:\program files (x86)\Internet Explorer\version1.dll
2014-08-24 03:03 . 2014-08-24 03:03 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2014-08-24 03:03 . 2013-11-20 13:57 3315392 ----a-w- c:\windows\system32\drivers\ArcCtrl.sys
2014-08-24 03:03 . 2012-06-11 22:42 80488 ----a-w- c:\windows\system32\MMCEDT6.exe
2014-08-24 02:57 . 2014-08-24 02:57 -------- d-----w- c:\program files (x86)\ArcSoft
2014-08-22 22:47 . 2014-08-22 22:50 -------- d-----w- c:\users\Rob\AppData\Local\CottonModel
2014-08-22 22:46 . 2014-08-22 22:46 -------- d-----w- c:\program files (x86)\Brother
2014-08-16 02:32 . 2014-08-16 02:32 -------- d-----w- C:\BMTechnic
2014-08-16 02:29 . 2014-09-02 22:59 -------- d-----w- c:\programdata\NetworkHostTask
2014-08-16 02:20 . 2014-08-16 02:20 -------- d-----w- c:\programdata\UpdateCommon
2014-08-16 02:20 . 2014-09-02 23:01 -------- d-----w- c:\programdata\Online
2014-08-16 02:20 . 2014-08-16 02:29 -------- d-----w- c:\users\Rob\AppData\Roaming\serv
2014-08-16 02:20 . 2014-08-16 02:20 -------- d-----w- c:\users\Rob\AppData\Roaming\device
2014-08-15 23:27 . 2014-08-15 23:27 -------- d-----w- c:\users\Rob\AppData\Local\Garmin
2014-08-15 23:27 . 2014-08-15 23:27 -------- d-----w- c:\program files\DIFX
2014-08-15 23:26 . 2014-08-15 23:27 -------- d-----w- c:\programdata\Garmin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-22 01:03 . 2014-07-22 01:03 244504 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-30 16:43 . 2014-06-30 16:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-27 06:59 . 2012-10-13 02:10 131856 ----a-w- c:\windows\system32\drivers\scdemu.sys
2014-06-17 20:21 . 2014-06-17 20:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 20:07 . 2014-06-17 20:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 20:06 . 2014-06-17 20:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BatteryCare"="c:\program files (x86)\BatteryCare\BatteryCare.exe" [2014-03-02 791552]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-08-07 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-05-12 842816]
"SignIn"="c:\program files (x86)\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-10 1734512]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-03 4085896]
.
c:\users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Deskjet 2510 series.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 2510 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2B53HHV805QX;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2014-2-13 708608]
ProfileReminder.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe [2014-2-13 954368]
TotalMedia Server.lnk - c:\program files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe [2012-11-26 520296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Launch TotalMedia Theatre 6 Driver;Launch TotalMedia Theatre 6 Driver;c:\program files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe;c:\program files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [x]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys;c:\windows\SYSNATIVE\drivers\pdihwctl.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 cpuz135;cpuz135;c:\users\Rob\Documents\0_RH_files\cpuid\pc-wizard_2012.2.11\pcwiz_x64.sys;c:\users\Rob\Documents\0_RH_files\cpuid\pc-wizard_2012.2.11\pcwiz_x64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 d554bus;Dell Wireless 5540 HSPA Mini-Card Device driver (WDM);c:\windows\system32\DRIVERS\d554bus.sys;c:\windows\SYSNATIVE\DRIVERS\d554bus.sys [x]
R3 d554gps;Dell Wireless 5540 HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps64.sys;c:\windows\SYSNATIVE\DRIVERS\d554gps64.sys [x]
R3 d554mgmt;DellWireless5540 HSPA Mini-Card Device Management Drivers (WDM);c:\windows\system32\DRIVERS\d554mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\d554mgmt.sys [x]
R3 d554unic;Dell Wireless 5540 HSPA Mini-Card Network Adapter (WDM);c:\windows\system32\DRIVERS\d554unic.sys;c:\windows\SYSNATIVE\DRIVERS\d554unic.sys [x]
R3 d557bus;Dell Wireless 5540 HSPA Mini-Card Device (Win7);c:\windows\system32\DRIVERS\d557bus.sys;c:\windows\SYSNATIVE\DRIVERS\d557bus.sys [x]
R3 d557mgmt;Dell Wireless 5540 HSPA Mini-Card Device Management (Win7);c:\windows\system32\DRIVERS\d557mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\d557mgmt.sys [x]
R3 ecnssndis;Service for enabling selective suspend to NDIS device;c:\windows\System32\Drivers\wwuss64.sys;c:\windows\SYSNATIVE\Drivers\wwuss64.sys [x]
R3 ecnssndisfltr;SSNDIS filter service;c:\windows\System32\Drivers\wwussf64.sys;c:\windows\SYSNATIVE\Drivers\wwussf64.sys [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys;c:\windows\SYSNATIVE\Drivers\i1display_x64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0;PCDSRVC{67F2314B-25F2B3C0-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\gencotst\pcdsrvc_x64.pkms;c:\gencotst\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SeqCal;SeqCal;c:\windows\system32\DRIVERS\SeqCal.sys;c:\windows\SYSNATIVE\DRIVERS\SeqCal.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\BatteryCare\WinRing0x64.sys;c:\program files (x86)\BatteryCare\WinRing0x64.sys [x]
R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
R4 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
R4 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 ArcCtrl;ArcCtrl;c:\windows\system32\drivers\ArcCtrl.sys;c:\windows\SYSNATIVE\drivers\ArcCtrl.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 05:06 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-03 02:59]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 02:18]
.
2014-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 02:18]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-09-03 02:59 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-25 16416360]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-08-02 726640]
"MFNetworkScanUtility"="c:\program files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE" [2009-12-15 508312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: microsoftonline.com
Trusted Zone: sharepoint.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AzarSohna - c:\programdata\AzarSohna\AzarSohna.dat
Wow6432Node-HKLM-Run-{2473955c-6075-0231-9d13-7652ef586d45} - c:\users\Rob\AppData\Local\Microsoft\{2473955c-6075-0231-9d13-7652ef586d45}\{2473955c-6075-0231-9d13-7652ef586d45}.exe
Wow6432Node-HKLM-Run-{6e875e62-48b8-d1bd-12e0-aaccf4eeef89} - c:\users\Rob\AppData\Local\Microsoft\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}\{6e875e62-48b8-d1bd-12e0-aaccf4eeef89}.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\services\PCDSRVC{67F2314B-25F2B3C0-06020101}_0]
"ImagePath"="\??\c:\gencotst\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2014-09-06  15:07:40 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-06 19:07
.
Pre-Run: 120,142,229,504 bytes free
Post-Run: 123,275,104,256 bytes free
.
- - End Of File - - 387B6A928830A172E7ACB18AFB00C964


#9 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 02:22 PM

as an fyi, the dllhost.exe *32 processes are no longer showing in task manager...however, multiple (5) chrome.exe *32 processes are still showing...cpu usage performance is now 5% - down from the 90-100% range...R



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 06 September 2014 - 03:09 PM

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 03:36 PM

FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by Rob (administrator) on DGYYPP1 on 06-09-2014 16:16:58
Running from C:\Users\Rob\Desktop\FRST
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Filipe Lourenço) C:\Program Files (x86)\BatteryCare\BatteryCare.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(ArcSoft Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(DigitalPersona, Inc.) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-04-07] (IDT, Inc.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [726640 2010-08-02] ()
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM-x32\...\Run: [DpAgent] => C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe [842816 2009-05-12] (DigitalPersona, Inc.)
HKLM-x32\...\Run: [SignIn] => C:\Program Files (x86)\Microsoft Online Services\Sign In\SignIn.exe [1734512 2010-03-09] (Microsoft Corporation)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41208 2012-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542104 2012-12-11] (Lavasoft)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Run: [BatteryCare] => C:\Program Files (x86)\BatteryCare\BatteryCare.exe [791552 2014-03-02] (Filipe Lourenço)
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-08-07] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1309588789-67419149-383204578-1001\...\Policies\Explorer: [HideSCAPower] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logo Calibration Loader.lnk
ShortcutTarget: Logo Calibration Loader.lnk -> C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ProfileReminder.lnk
ShortcutTarget: ProfileReminder.lnk -> C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe (LOGO Kommunikations- und Drucktechnik GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Server.lnk
ShortcutTarget: TotalMedia Server.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TotalMedia Server\TM Server.exe (ArcSoft Inc.)
Startup: C:\Users\Rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {62E6A3A7-C20B-4978-8978-2DB4E91D197E} URL = 
SearchScopes: HKCU - {B41B28E6-44FD-4F8C-80A5-97741A8C4BDE} URL = www.buenosearch.com?babsrc=ext_WinjNw&affID=123487&q={searchTerms}
BHO: DigitalPersona Fingerprint Software Extension -> {395610AE-C624-4f58-B89E-23733EA00F9A} -> C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\DigitalPersona\Bin\FirefoxExt [2011-03-30]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]
FF HKCU\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\DigitalPersona\Bin\firefoxext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> BD6A41B8E9B0D2267AC4E4B22453D466D9F868123F8A1EF77D797C5FCCFC309B
CHR DefaultSearchURL: Default -> F4C15DDB0C30A23991B6EEB495FF6280020A64A2B7EBF36B8CB416572F725539
CHR Profile: C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-09]
CHR Extension: (Google Search) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-09]
CHR Extension: (avast! Online Security) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-02]
CHR Extension: (Google Wallet) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-09]
CHR Extension: (Default Extension) - C:\Users\Rob\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aadfddgddadcdcdjdhdidcgedeggdcge [2013-01-07]
CHR HKCU\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Rob\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-08]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [njljkdinboobkmkihgcohanchjnjpgjk] - C:\Users\Rob\AppData\Local\CRE\njljkdinboobkmkihgcohanchjnjpgjk.crx [2013-08-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
R2 ADExchange; C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [44736 2014-03-11] (ArcSoft, Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 DpHost; C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe [322624 2009-05-12] (DigitalPersona, Inc.) [File not signed]
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S2 Launch TotalMedia Theatre 6 Driver; C:\Program Files (x86)\ArcSoft\TotalMedia Theatre 6\TMTLaunchDriverServer.exe [608256 2014-03-04] (ArcSoft, Inc.) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe [247808 2010-04-07] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R1 ArcCtrl; C:\Windows\System32\drivers\ArcCtrl.sys [3315392 2013-11-20] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 cpuz135; C:\Users\Rob\Documents\0_RH_files\cpuid\pc-wizard_2012.2.11\pcwiz_x64.sys [24368 2013-03-31] (CPUID)
S3 d554bus; C:\Windows\system32\DRIVERS\d554bus.sys [118272 2009-11-16] (MCCI Corporation)
S3 d554gps; C:\Windows\system32\DRIVERS\d554gps64.sys [96296 2009-11-16] (Ericsson AB)
S3 d554mgmt; C:\Windows\system32\DRIVERS\d554mgmt.sys [141312 2009-11-16] (MCCI Corporation)
S3 d554unic; C:\Windows\system32\DRIVERS\d554unic.sys [153600 2009-11-16] (MCCI Corporation)
S3 d557bus; C:\Windows\system32\DRIVERS\d557bus.sys [328704 2009-11-16] (MCCI Corporation)
S3 d557mgmt; C:\Windows\system32\DRIVERS\d557mgmt.sys [376320 2009-11-16] (MCCI Corporation)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [12800 2009-11-16] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [17408 2009-11-16] (Ericsson AB)
S3 EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [7808 2014-02-13] (GretagMacbeth LLC)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-01-12] (GFI Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32152 2012-12-15] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SeqCal; C:\Windows\System32\DRIVERS\SeqCal.sys [7808 2006-05-18] (GretagMacbeth LLC)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-05-28] (Samsung Electronics)
S3 WinRing0_1_2_0; C:\Program Files (x86)\BatteryCare\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S4 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S4 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S4 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 PCDSRVC{67F2314B-25F2B3C0-06020101}_0; \??\c:\gencotst\pcdsrvc_x64.pkms [X]
S2 PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 15:07 - 2014-09-06 15:07 - 00020026 _____ () C:\ComboFix.txt
2014-09-06 14:59 - 2014-09-06 14:59 - 00000546 _____ () C:\Windows\PFRO.log
2014-09-06 14:14 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-06 14:14 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-06 14:14 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-06 14:14 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-06 14:14 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-06 14:14 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-06 14:14 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-06 14:14 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-06 14:13 - 2014-09-06 15:07 - 00000000 ____D () C:\Qoobox
2014-09-06 14:12 - 2014-09-06 15:06 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 11:20 - 2014-09-06 11:20 - 00010215 _____ () C:\Users\Rob\Desktop\attach.txt
2014-09-06 11:20 - 2014-09-06 11:19 - 00018426 _____ () C:\Users\Rob\Desktop\dds.txt
2014-09-06 11:11 - 2014-09-06 14:07 - 00000000 ____D () C:\Users\Rob\Desktop\bleeping
2014-09-05 22:19 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\AzarSohna
2014-09-05 22:18 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-09-05 02:42 - 2014-09-06 15:15 - 00000560 _____ () C:\Windows\setupact.log
2014-09-05 02:42 - 2014-09-05 02:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-04 20:18 - 2014-09-04 20:18 - 00002868 _____ () C:\Users\Rob\Documents\cc_20140904_201842.reg
2014-09-04 20:17 - 2014-09-04 20:17 - 00069192 _____ () C:\Users\Rob\Documents\cc_20140904_201722.reg
2014-09-03 22:09 - 2014-09-03 22:09 - 00000000 _____ () C:\prefs.js
2014-09-03 22:08 - 2014-09-06 16:17 - 00000000 ____D () C:\FRST
2014-09-03 21:58 - 2014-09-06 16:16 - 00000000 ____D () C:\Users\Rob\Desktop\FRST
2014-09-03 20:45 - 2014-09-03 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-03 20:43 - 2014-09-03 20:43 - 02347384 _____ (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe
2014-09-03 20:25 - 2014-09-03 20:25 - 00002627 _____ () C:\Users\Rob\Desktop\fixdll.txt
2014-09-02 23:06 - 2014-09-02 23:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\AVAST Software
2014-09-02 23:00 - 2014-09-02 23:00 - 00001932 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 23:00 - 2014-09-02 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 22:59 - 2014-09-02 23:07 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 22:59 - 2014-09-02 22:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 22:59 - 2014-09-02 22:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-09-02 22:46 - 2014-09-02 22:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 22:16 - 2014-09-02 22:46 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 22:12 - 2014-09-02 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Rob\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-02 19:36 - 2014-09-02 21:47 - 00009046 _____ () C:\Users\Rob\Desktop\avgrep.txt
2014-09-02 06:55 - 2014-09-02 06:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rob\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 21:50 - 2014-09-01 21:50 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (2).exe
2014-09-01 21:47 - 2014-09-01 21:47 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-01 21:43 - 2014-09-01 21:43 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (1).exe
2014-09-01 21:35 - 2014-09-01 21:35 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-01 21:27 - 2014-09-01 21:27 - 00112568 _____ () C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-01 15:29 - 2014-09-01 19:16 - 00000000 ____D () C:\Users\Rob\Documents\Softub
2014-08-27 20:44 - 2014-09-02 00:10 - 00011266 _____ () C:\Windows\system32\avgrep.txt
2014-08-23 23:03 - 2013-11-20 09:57 - 03315392 _____ () C:\Windows\system32\Drivers\ArcCtrl.sys
2014-08-23 23:03 - 2012-06-11 18:42 - 00080488 _____ (ArcSoft Inc.) C:\Windows\system32\MMCEDT6.exe
2014-08-23 23:02 - 2014-08-27 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2014-08-23 23:02 - 2014-08-23 23:02 - 00002236 _____ () C:\Users\Public\Desktop\TotalMedia Theatre 6.lnk
2014-08-23 22:57 - 2014-08-23 22:57 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-08-23 22:41 - 2014-08-23 22:41 - 00003174 _____ () C:\Windows\System32\Tasks\{5FB14BD5-CE90-445B-B22F-D2ED5FFFB2A8}
2014-08-23 22:37 - 2014-08-23 22:38 - 112316872 _____ (ArcSoft ) C:\Users\Rob\Downloads\totalmediatheatre6_retail_tbyb_all (1).exe
2014-08-23 21:46 - 2014-08-27 23:41 - 00000000 ____D () C:\Users\Rob\Downloads\ArcSoft TotalMedia Theatre 6.5.1.150 Final [ChingLiu]
2014-08-23 21:45 - 2014-08-23 21:45 - 00017198 _____ () C:\Users\Rob\Downloads\[kickass.to]arcsoft.totalmedia.theatre.6.5.1.150.final.chingliu.torrent
2014-08-22 18:47 - 2014-08-22 18:50 - 00000000 ____D () C:\Users\Rob\AppData\Local\CottonModel
2014-08-22 18:46 - 2014-08-22 18:46 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-15 22:32 - 2014-08-15 22:32 - 00000000 ____D () C:\BMTechnic
2014-08-15 22:29 - 2014-09-02 18:59 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-08-15 22:22 - 2014-08-15 22:22 - 00000000 ____D () C:\Users\Rob\Downloads\Bmtechnic
2014-08-15 22:20 - 2014-09-02 19:01 - 00000000 ____D () C:\ProgramData\Online
2014-08-15 22:20 - 2014-08-15 22:29 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\serv
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\device
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 19:31 - 2014-08-15 19:31 - 00000000 ____D () C:\Users\Rob\Documents\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Users\Rob\AppData\Local\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Program Files\DIFX
2014-08-15 19:26 - 2014-08-15 19:27 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 19:26 - 2014-08-15 19:26 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-14 22:42 - 2014-08-14 23:20 - 00002705 _____ () C:\Users\Rob\Desktop\bmw_nav.txt
2014-08-14 22:18 - 2014-08-15 06:30 - 00000000 ____D () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014
2014-08-14 22:17 - 2014-08-14 22:17 - 00054111 _____ () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014.torrent
2014-08-08 21:45 - 2014-08-08 21:45 - 00798979 _____ () C:\Users\Rob\Downloads\JTF_2014-06-18_v2.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-06 16:17 - 2014-09-03 22:08 - 00000000 ____D () C:\FRST
2014-09-06 16:17 - 2011-03-30 10:22 - 01088746 _____ () C:\Windows\WindowsUpdate.log
2014-09-06 16:16 - 2014-09-03 21:58 - 00000000 ____D () C:\Users\Rob\Desktop\FRST
2014-09-06 15:54 - 2012-12-09 22:18 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-06 15:24 - 2009-07-14 00:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-06 15:24 - 2009-07-14 00:45 - 00014448 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-06 15:16 - 2013-01-12 18:00 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-09-06 15:16 - 2012-12-09 22:18 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-06 15:15 - 2014-09-05 02:42 - 00000560 _____ () C:\Windows\setupact.log
2014-09-06 15:15 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-06 15:07 - 2014-09-06 15:07 - 00020026 _____ () C:\ComboFix.txt
2014-09-06 15:07 - 2014-09-06 14:13 - 00000000 ____D () C:\Qoobox
2014-09-06 15:07 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Default
2014-09-06 15:06 - 2014-09-06 14:12 - 00000000 ____D () C:\Windows\erdnt
2014-09-06 15:03 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-06 14:59 - 2014-09-06 14:59 - 00000546 _____ () C:\Windows\PFRO.log
2014-09-06 14:58 - 2009-07-13 22:34 - 75235328 _____ () C:\Windows\system32\config\software.bak
2014-09-06 14:58 - 2009-07-13 22:34 - 38535168 _____ () C:\Windows\system32\config\system.bak
2014-09-06 14:58 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2014-09-06 14:58 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2014-09-06 14:58 - 2009-07-13 22:34 - 00262144 _____ () C:\Windows\system32\config\default.bak
2014-09-06 14:07 - 2014-09-06 11:11 - 00000000 ____D () C:\Users\Rob\Desktop\bleeping
2014-09-06 11:20 - 2014-09-06 11:20 - 00010215 _____ () C:\Users\Rob\Desktop\attach.txt
2014-09-06 11:19 - 2014-09-06 11:20 - 00018426 _____ () C:\Users\Rob\Desktop\dds.txt
2014-09-06 10:52 - 2011-04-05 20:34 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-05 22:19 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\AzarSohna
2014-09-05 22:19 - 2014-09-05 22:18 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-09-05 02:42 - 2014-09-05 02:42 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-05 01:39 - 2014-07-27 11:21 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Winamp
2014-09-05 01:38 - 2011-03-30 13:16 - 00000000 ____D () C:\Windows\Panther
2014-09-05 01:37 - 2012-08-20 17:36 - 00000000 ____D () C:\Windows\Minidump
2014-09-04 20:18 - 2014-09-04 20:18 - 00002868 _____ () C:\Users\Rob\Documents\cc_20140904_201842.reg
2014-09-04 20:17 - 2014-09-04 20:17 - 00069192 _____ () C:\Users\Rob\Documents\cc_20140904_201722.reg
2014-09-03 22:09 - 2014-09-03 22:09 - 00000000 _____ () C:\prefs.js
2014-09-03 20:45 - 2014-09-03 20:45 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-03 20:43 - 2014-09-03 20:43 - 02347384 _____ (ESET) C:\Users\Rob\Desktop\esetsmartinstaller_enu.exe
2014-09-03 20:25 - 2014-09-03 20:25 - 00002627 _____ () C:\Users\Rob\Desktop\fixdll.txt
2014-09-02 23:07 - 2014-09-02 22:59 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 23:06 - 2014-09-02 23:06 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\AVAST Software
2014-09-02 23:04 - 2013-10-13 19:12 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\BatteryCare
2014-09-02 23:00 - 2014-09-02 23:00 - 00001932 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 23:00 - 2014-09-02 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 22:59 - 2014-09-02 22:59 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 22:59 - 2014-09-02 22:59 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 22:59 - 2014-09-02 22:59 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 22:59 - 2014-09-02 22:59 - 00000350 ____H () C:\Windows\Tasks\avast! Emergency Update.job
2014-09-02 22:46 - 2014-09-02 22:46 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 22:46 - 2014-09-02 22:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 22:21 - 2013-04-02 22:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-09-02 22:12 - 2014-09-02 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-02 22:12 - 2014-01-15 18:40 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-02 22:12 - 2012-05-15 18:28 - 00000000 ____D () C:\$AVG
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Rob\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 22:02 - 2014-09-02 22:02 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-02 21:47 - 2014-09-02 19:36 - 00009046 _____ () C:\Users\Rob\Desktop\avgrep.txt
2014-09-02 19:01 - 2014-08-15 22:20 - 00000000 ____D () C:\ProgramData\Online
2014-09-02 18:59 - 2014-08-15 22:29 - 00000000 ____D () C:\ProgramData\NetworkHostTask
2014-09-02 18:59 - 2014-02-21 18:23 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\DigitalSites
2014-09-02 07:09 - 2012-09-29 21:22 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Malwarebytes
2014-09-02 06:55 - 2014-09-02 06:55 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rob\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-02 00:10 - 2014-08-27 20:44 - 00011266 _____ () C:\Windows\system32\avgrep.txt
2014-09-01 22:01 - 2011-04-05 17:05 - 00000000 ____D () C:\Users\Rob
2014-09-01 21:50 - 2014-09-01 21:50 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (2).exe
2014-09-01 21:47 - 2014-09-01 21:47 - 00000971 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-01 21:43 - 2014-09-01 21:43 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet (1).exe
2014-09-01 21:35 - 2014-09-01 21:35 - 04927216 _____ (AVG Technologies) C:\Users\Rob\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-01 21:27 - 2014-09-01 21:27 - 00112568 _____ () C:\Users\Rob\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-01 21:16 - 2012-12-18 23:38 - 00000000 ___RD () C:\Users\Rob\Virtual Machines
2014-09-01 19:16 - 2014-09-01 15:29 - 00000000 ____D () C:\Users\Rob\Documents\Softub
2014-08-31 11:50 - 2012-02-11 09:56 - 00000000 ____D () C:\Users\Rob\Documents\0_RH_files
2014-08-31 11:12 - 2011-04-05 22:20 - 00000000 ____D () C:\Users\Rob\Documents\Outlook_files
2014-08-27 23:41 - 2014-08-23 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia Theatre 6
2014-08-27 23:41 - 2014-08-23 21:46 - 00000000 ____D () C:\Users\Rob\Downloads\ArcSoft TotalMedia Theatre 6.5.1.150 Final [ChingLiu]
2014-08-27 23:41 - 2014-02-21 17:59 - 00000000 ____D () C:\Users\Rob\Downloads\TotalMedia Theatre 6.0.1.119 Multilingual + Keygen
2014-08-27 23:41 - 2014-02-13 21:56 - 00000000 ____D () C:\Users\Rob\Downloads\Build2.3
2014-08-27 23:41 - 2014-02-05 17:54 - 00000000 ____D () C:\Users\Rob\Downloads\DISNEY_CALIBRATION
2014-08-27 23:41 - 2014-02-05 17:52 - 00000000 ____D () C:\Users\Rob\Downloads\ChromaPure Professional v2.4.2.39345(h33t)(malestom)
2014-08-27 23:41 - 2013-09-21 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-27 23:41 - 2013-09-21 14:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-27 23:41 - 2013-09-21 14:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-27 23:41 - 2012-12-15 17:04 - 00000000 ____D () C:\Users\scan
2014-08-27 23:41 - 2011-04-05 17:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-27 23:41 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-08-27 23:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-08-27 20:13 - 2012-09-29 21:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-27 19:47 - 2013-01-12 22:25 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-08-27 06:57 - 2013-08-12 18:52 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-24 10:17 - 2011-06-12 22:05 - 00000000 ____D () C:\Users\Rob\AppData\Local\Deployment
2014-08-24 10:05 - 2014-02-21 17:54 - 00167936 _____ () C:\errlog.dat
2014-08-23 23:13 - 2014-02-21 17:56 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\ArcSoft
2014-08-23 23:03 - 2014-02-21 17:54 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-08-23 23:02 - 2014-08-23 23:02 - 00002236 _____ () C:\Users\Public\Desktop\TotalMedia Theatre 6.lnk
2014-08-23 23:02 - 2011-03-30 10:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-08-23 22:57 - 2014-08-23 22:57 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-08-23 22:41 - 2014-08-23 22:41 - 00003174 _____ () C:\Windows\System32\Tasks\{5FB14BD5-CE90-445B-B22F-D2ED5FFFB2A8}
2014-08-23 22:40 - 2013-01-06 20:12 - 00000000 ____D () C:\Users\Rob\AppData\Local\Downloaded Installations
2014-08-23 22:38 - 2014-08-23 22:37 - 112316872 _____ (ArcSoft ) C:\Users\Rob\Downloads\totalmediatheatre6_retail_tbyb_all (1).exe
2014-08-23 21:45 - 2014-08-23 21:45 - 00017198 _____ () C:\Users\Rob\Downloads\[kickass.to]arcsoft.totalmedia.theatre.6.5.1.150.final.chingliu.torrent
2014-08-22 18:50 - 2014-08-22 18:47 - 00000000 ____D () C:\Users\Rob\AppData\Local\CottonModel
2014-08-22 18:46 - 2014-08-22 18:46 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-20 21:55 - 2009-07-14 01:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-15 22:32 - 2014-08-15 22:32 - 00000000 ____D () C:\BMTechnic
2014-08-15 22:29 - 2014-08-15 22:20 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\serv
2014-08-15 22:22 - 2014-08-15 22:22 - 00000000 ____D () C:\Users\Rob\Downloads\Bmtechnic
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\device
2014-08-15 22:20 - 2014-08-15 22:20 - 00000000 ____D () C:\ProgramData\UpdateCommon
2014-08-15 19:31 - 2014-08-15 19:31 - 00000000 ____D () C:\Users\Rob\Documents\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Users\Rob\AppData\Local\Garmin
2014-08-15 19:27 - 2014-08-15 19:27 - 00000000 ____D () C:\Program Files\DIFX
2014-08-15 19:27 - 2014-08-15 19:26 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-15 19:27 - 2012-08-18 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-08-15 19:27 - 2012-08-18 10:20 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-15 19:27 - 2012-08-18 09:41 - 00000000 ____D () C:\Users\Rob\AppData\Roaming\Garmin
2014-08-15 19:27 - 2012-02-12 21:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-15 19:26 - 2014-08-15 19:26 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-15 06:30 - 2014-08-14 22:18 - 00000000 ____D () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014
2014-08-14 23:20 - 2014-08-14 22:42 - 00002705 _____ () C:\Users\Rob\Desktop\bmw_nav.txt
2014-08-14 22:17 - 2014-08-14 22:17 - 00054111 _____ () C:\Users\Rob\Downloads\North_America_PROFESSIONAL_2014.torrent
2014-08-08 21:45 - 2014-08-08 21:45 - 00798979 _____ () C:\Users\Rob\Downloads\JTF_2014-06-18_v2.pptx
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-06 15:54
 
==================== End Of Log ============================

Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by Rob at 2014-09-06 16:17:38
Running from C:\Users\Rob\Desktop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Disabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30180 - BitTorrent Inc.)
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.10.11 - STMicroelectronics)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.82 - Lavasoft)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader 9.5.4 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.4 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ArcSoft TotalMedia Theatre 6 (HKLM-x32\...\InstallShield_{5232358C-7C23-4319-8271-E43F924196AC}) (Version: 6.7.1.199 - ArcSoft)
ArcSoft TotalMedia Theatre 6 (x32 Version: 6.7.1.199 - ArcSoft) Hidden
AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
BatteryCare 0.9.16.0 (HKLM-x32\...\{C6A6036D-FBD0-4324-BEAA-C0845257160C}_is1) (Version: 0.9.16.0 - Filipe Lourenço)
BlackBerry Device Communication Components (HKLM-x32\...\{4EFE9A4D-D5AF-4F43-A379-BD876CDEDAA0}) (Version: 2.0.0.27 - Research In Motion Ltd.)
BlackBerry Device Software Updater (HKLM-x32\...\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}) (Version: 6.0.1.37 - Research In Motion Ltd)
CalMANv4 (HKLM-x32\...\{47AE2378-012A-46CA-BA09-F7D88FA601A3}) (Version: 4.6.5.400 - SpectraCal)
Canon MF Toolbox 4.9.1.1.mf13 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf13 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.0 - CANON INC.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
COWON Media Center - jetAudio Basic VX (HKLM-x32\...\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}) (Version: 8.0.11 - COWON)
CutePDF Professional 3.6 (Evaluation) (HKLM-x32\...\CutePDF Professional (Evaluation)_is1) (Version:  - Acro Software Inc.)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version:  - )
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.3426 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.3426 - CyberLink Corp.) Hidden
Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
Dell Driver Download Manager (HKCU\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
DigitalPersona Personal 4.01 (HKLM\...\{FC09380E-74BE-41F5-8353-E97113969040}) (Version: 4.02.3769 - DigitalPersona, Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
Elevated Installer (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Eye-One Diagnostics (HKLM-x32\...\Eye-One Diagnostics_is1) (Version:  - GretagMacbeth)
Eye-One Match 3.6.1 (HKLM-x32\...\Eye-One Match_is1) (Version: 3.6.1 - GretagMacbeth)
Eye-One Share (HKLM-x32\...\Eye-One Share) (Version:  - )
Free M4a to MP3 Converter 8.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{b43ffffb-1adc-4bcb-b277-7844ebff94da}) (Version: 3.2.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.17.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{C8B7EFDF-28EA-4A17-B89A-C03317E3B5CF}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Help (HKLM-x32\...\{234DADAD-3C3C-4FB1-90A4-0AF015D56E18}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 2510 series Setup Guide (HKLM-x32\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
i1ColorPoint 1.0 (HKLM-x32\...\i1ColorPoint 1.0) (Version: 1.0.1 - GretagMacbeth)
Image Resizer for Windows (64 bit) (HKLM\...\{B6EFF29D-7CAB-4CE0-9FFC-3D55D27E948D}) (Version: 3.0.4442.6002 - Brice Lambson)
Image Resizer for Windows (HKLM-x32\...\{14ebe571-096e-4cdd-8ee5-a2c0cc6b9b5e}) (Version: 3.0.4442.6002 - Brice Lambson)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Maintenance Samsung CLX-6220 Series (HKLM-x32\...\Samsung CLX-6220 Series) (Version:  - Samsung Electronics Co.,Ltd)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Online Services Sign In (HKLM-x32\...\{A91E3887-5185-4091-AF33-AB0048444055}) (Version: 1.0.1427.40 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Mp3tag v2.57 (HKLM-x32\...\Mp3tag) (Version: v2.57 - Florian Heidenreich)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.718 - NVIDIA Corporation) Hidden
Oplisker 0.1.4 (HKLM-x32\...\{A6C2BC14-AC0B-4EB1-B7F9-E9E9049DBF83}_is1) (Version:  - Ostegn Technology)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.0 - Power Software Ltd)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 1.3.3 - Dell Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Roxio Burn (x32 Version: 1.01 - Roxio) Hidden
SDFormatter (HKLM-x32\...\{A5355F15-F98B-4704-9BAE-E53B9FE48F48}) (Version: 3.1.0 - SD Association)
Skype™ 6.0 (HKLM-x32\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.6.1014 - SUPERAntiSpyware.com)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TagScanner 5.1.649 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wnyiper (x32 Version: 010.000.1549 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2675 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0436 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0210 - Intuit Inc.) Hidden
TurboTax 2011 wnyiper (x32 Version: 011.000.1375 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0120 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2309 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0474 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0186 - Intuit Inc.) Hidden
TurboTax 2012 wnyiper (x32 Version: 012.000.1585 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1874 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0477 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0164 - Intuit Inc.) Hidden
TurboTax 2013 wnyiper (x32 Version: 013.000.1311 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
TurboTax Audit Support Center 3.0 (HKLM-x32\...\{E371C150-A9F1-49CE-ACC1-51AEFD01C1D5}_is1) (Version:  - TurboTax)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{2720451F-5D04-43EC-AB1F-26D948FD971B}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Validity Sensors DDK (HKLM\...\{661DD62F-D0F2-4573-902B-DBCAAD8229AF}) (Version: 3.1.379 - Validity Sensors, Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
06-09-2014 18:14:14 ComboFix created restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2014-09-06 15:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {1266CE61-4EB4-4B9E-A61C-B0B964C5FA0D} - System32\Tasks\Digital Sites => C:\Users\Rob\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {21F0A55A-3E01-4DF8-A915-1C31422825E8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {7837B0BC-7EAC-4E70-A422-19F9D4C7D4E6} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-08-07] ()
Task: {86493929-87C3-4AD0-9168-B15171206B52} - System32\Tasks\4472 => Wscript.exe C:\Users\Rob\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {86C4FF45-31DA-4F63-A34F-B5D9F92382FC} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-17] ()
Task: {ABBED69D-5F4B-45C3-8434-F10862551D5A} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {B0CE0677-02C7-4E5F-B2CF-B0CA7CACED9D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)
Task: {D4F90CC8-41F3-4C3E-AFF3-0DE6CD4DE621} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {D7E51AAF-2F03-4C49-BDF9-F62877DA6C5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-09] (Google Inc.)
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-04-05 20:54 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2011-04-06 10:02 - 2009-05-29 18:35 - 00027648 _____ () C:\Windows\System32\ssy2cl6.dll
2011-03-30 10:35 - 2010-08-02 13:55 - 00726640 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2013-10-13 19:12 - 2012-07-26 08:27 - 00252928 _____ () C:\Program Files (x86)\BatteryCare\OpenHardwareMonitorLib.dll
2014-09-02 22:59 - 2014-09-02 22:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-06 15:00 - 2014-09-06 15:00 - 02845184 _____ () C:\Program Files\AVAST Software\Avast\defs\14090601\algo.dll
2014-09-02 22:59 - 2014-09-02 22:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 01:09 - 2014-08-29 22:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2013-11-19 20:49 - 2013-11-19 20:49 - 00854016 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-11-19 20:49 - 2013-11-19 20:49 - 00476520 _____ () C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Rob\Local Settings:init
AlternateDataStreams: C:\Users\Rob\AppData\Local:init
AlternateDataStreams: C:\Users\Rob\AppData\Local\Application Data:init
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: Desktop Disc Tool => "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: PDVD9LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: RemoteControl9 => "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
MSCONFIG\startupreg: RIMBBLaunchAgent.exe => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2014 03:55:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (09/06/2014 01:54:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 10.0.9200.16866, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 10.0.9200.16899, time stamp: 0x536844fc
Exception code: 0xc00000fd
Fault offset: 0x0009cbc5
Faulting process id: 0x2868
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/05/2014 10:19:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000000000008009f
Faulting process id: 0x1088
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
Element not found.  (HRESULT : 0x80070490) (0x80070490)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)
 
Error: (09/05/2014 02:47:55 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (09/06/2014 03:17:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/06/2014 03:16:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (09/06/2014 03:16:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (09/06/2014 03:15:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (09/06/2014 03:00:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SSPORT service failed to start due to the following error: 
%%2
 
Error: (09/06/2014 03:00:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The PDIHWCTL service failed to start due to the following error: 
%%2
 
Error: (09/06/2014 02:59:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%2
 
Error: (09/06/2014 02:57:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/06/2014 02:57:40 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/06/2014 02:56:42 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (11/05/2012 10:52:06 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-06 14:56:42.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-09-06 14:56:42.670
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:45.397
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:45.277
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:01.001
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-02-13 19:07:00.876
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SeqCal.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 22:10:48.633
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-11-29 22:10:48.493
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Moborobo\MoboroboAssDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU M 640 @ 2.80GHz
Percentage of memory in use: 27%
Total physical RAM: 7990.6 MB
Available physical RAM: 5809.62 MB
Total Pagefile: 15979.38 MB
Available Pagefile: 13533.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:452.09 GB) (Free:114.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:13.67 GB) (Free:7.05 GB) NTFS
Drive g: (HACK_X_1GB) (Removable) (Total:0.93 GB) (Free:0.89 GB) FAT
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 15DFF512)
Partition 1: (Active) - (Size=452.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 952.5 MB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 06 September 2014 - 05:20 PM

Hi,

however, multiple (5) chrome.exe *32 processes are still showing...

Just to be clear: These processes are also showing when not a single browser window of Chrome is open?


Please download this attached Attached File  fixlist.txt   528bytes   3 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#13 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 05:59 PM

hi...sorry for not being clear...

 

when the chrome browser is not open - there are no chrome.exe *32 processes...when chrome browser is open, there are (4-6) chrome.exe *32 processes...

 

before i ran FRST with the fixlist above, i had (6) processes...after running FRST with fixlist, i now have (4) processes...is this normal or not?

 

here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014 02
Ran by Rob at 2014-09-06 18:51:27 Run:2
Running from C:\Users\Rob\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CMD: wmic process get processid,parentprocessid,executablepath
2014-09-05 22:19 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\AzarSohna
2014-09-05 22:18 - 2014-09-05 22:19 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
2014-09-05 22:18 - 2014-09-05 22:18 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-08-22 18:47 - 2014-08-22 18:50 - 00000000 ____D () C:\Users\Rob\AppData\Local\CottonModel
CMD: type "C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt"
EmptyTemp:
*****************
 
 
=========  wmic process get processid,parentprocessid,executablepath =========
 
E x e c u t a b l e P a t h                                                                                                                                                                                     P a r e n t P r o c e s s I d     P r o c e s s I d     
 
                                                                                                                                                                                                                 0                                 0                     
 
                                                                                                                                                                                                                 0                                 4                     
 
                                                                                                                                                                                                                 4                                 4 7 2                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ c s r s s . e x e                                                                                                                                                       5 4 0                             5 8 4                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ c s r s s . e x e                                                                                                                                                       6 6 0                             6 6 8                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w i n i n i t . e x e                                                                                                                                                   5 4 0                             6 7 6                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w i n l o g o n . e x e                                                                                                                                                 6 6 0                             7 2 4                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s e r v i c e s . e x e                                                                                                                                                 6 7 6                             7 7 6                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ l s a s s . e x e                                                                                                                                                       6 7 6                             7 8 4                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ l s m . e x e                                                                                                                                                           6 7 6                             7 9 2                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             8 8 8                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ n v v s v c . e x e                                                                                                                                                     7 7 6                             9 6 4                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             1 0 0 4               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             6 4 0                 
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             4 9 6                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             5 9 6                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             1 0 4 8               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ D r i v e r S t o r e \ F i l e R e p o s i t o r y \ s t w r t 6 4 . i n f _ a m d 6 4 _ n e u t r a l _ d 5 5 0 f a 1 f 2 c f 8 9 9 6 d \ S T a c S V 6 4 . e x e     7 7 6                             1 0 8 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             1 3 2 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ v c s F P S e r v i c e . e x e                                                                                                                                         7 7 6                             1 4 4 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             1 5 0 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ n v v s v c . e x e                                                                                                                                                     9 6 4                             1 5 8 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ W L A N E x t . e x e                                                                                                                                                   4 9 6                             1 6 4 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ c o n h o s t . e x e                                                                                                                                                   5 8 4                             1 6 4 8               
 
 C : \ P r o g r a m   F i l e s \ A V A S T   S o f t w a r e \ A v a s t \ A v a s t S v c . e x e                                                                                                             7 7 6                             1 7 0 0               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ s p o o l s v . e x e                                                                                                                                                   7 7 6                             1 9 8 0               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ D i g i t a l P e r s o n a \ B i n \ D p H o s t W . e x e                                                                                                       7 7 6                             2 0 1 2               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             1 3 8 8               
 
 C : \ P r o g r a m   F i l e s \ S U P E R A n t i S p y w a r e \ S A S C O R E 6 4 . E X E                                                                                                                   7 7 6                             1 7 4 4               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ A r c S o f t \ e s i n t e r \ B i n \ e s e r v u t i l . e x e                                                                       7 7 6                             1 7 2 4               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ D r i v e r S t o r e \ F i l e R e p o s i t o r y \ s t w r t 6 4 . i n f _ a m d 6 4 _ n e u t r a l _ d 5 5 0 f a 1 f 2 c f 8 9 9 6 d \ A E S T S r 6 4 . e x e     7 7 6                             1 8 1 6               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ A V G \ A V G 2 0 1 4 \ a v g i d s a g e n t . e x e                                                                                                             7 7 6                             1 8 7 2               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ A V G \ A V G 2 0 1 4 \ a v g w d s v c . e x e                                                                                                                   7 7 6                             1 8 4 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             2 0 5 6               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ G a r m i n \ C o r e   U p d a t e   S e r v i c e \ G a r m i n . C a r t o g r a p h y . M a p U p d a t e . C o r e S e r v i c e . e x e                     7 7 6                             2 1 0 8               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ A V G \ A V G 2 0 1 4 \ a v g n s a . e x e                                                                                                                       1 8 4 0                           2 3 7 2               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ A V G \ A V G 2 0 1 4 \ a v g e m c a . e x e                                                                                                                     1 8 4 0                           2 3 8 0               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ M i c r o s o f t   S h a r e d \ V S 7 D E B U G \ m d m . e x e                                                                       7 7 6                             2 7 2 4               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             2 8 0 4               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ s v c h o s t . e x e                                                                                                                                                   7 7 6                             2 8 8 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ t a s k h o s t . e x e                                                                                                                                                 7 7 6                             3 3 8 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ D w m . e x e                                                                                                                                                           4 9 6                             3 4 2 4               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ W U D F H o s t . e x e                                                                                                                                                 4 9 6                             3 4 9 2               
 
 C : \ W i n d o w s \ E x p l o r e r . E X E                                                                                                                                                                   3 3 6 4                           3 5 2 8               
 
 C : \ P r o g r a m   F i l e s \ S y n a p t i c s \ S y n T P \ S y n T P E n h . e x e                                                                                                                       3 5 2 8                           3 9 8 8               
 
 C : \ P r o g r a m   F i l e s \ I D T \ W D M \ s t t r a y 6 4 . e x e                                                                                                                                       3 5 2 8                           3 9 9 6               
 
 C : \ W i n d o w s \ S y s t e m 3 2 \ i g f x p e r s . e x e                                                                                                                                                 3 5 2 8                           2 9 2 4               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ S T M i c r o e l e c t r o n i c s \ A c c e l e r o m e t e r P 1 1 \ F F _ P r o t e c t i o n . e x e                                                         3 5 2 8                           3 3 4 4               
 
 C : \ P r o g r a m   F i l e s \ C a n o n \ C a n o n   M F   N e t w o r k   S c a n   U t i l i t y \ C N M F S U T 6 . E X E                                                                               3 5 2 8                           3 7 2 4               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ B a t t e r y C a r e \ B a t t e r y C a r e . e x e                                                                                                             3 5 2 8                           3 7 1 2               
 
 C : \ P r o g r a m   F i l e s \ S y n a p t i c s \ S y n T P \ S y n T P H e l p e r . e x e                                                                                                                 3 9 8 8                           3 8 8 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w b e m \ w m i p r v s e . e x e                                                                                                                                       8 8 8                             8 8 4                 
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ G a r m i n \ E x p r e s s   T r a y \ E x p r e s s T r a y . e x e                                                                                             3 5 2 8                           3 7 6 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ S e a r c h I n d e x e r . e x e                                                                                                                                       7 7 6                             4 0 4 8               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ A r c S o f t \ T o t a l M e d i a   T h e a t r e   6 \ T o t a l M e d i a   S e r v e r \ T M   S e r v e r . e x e                                           3 5 2 8                           4 1 1 2               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ D i g i t a l P e r s o n a \ B i n \ D p A g e n t . e x e                                                                                                       1 1 0 4                           4 1 2 4               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ R e s e a r c h   I n   M o t i o n \ U S B   D r i v e r s \ R I M B B L a u n c h A g e n t . e x e                                   1 1 0 4                           4 1 5 6               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ R u n D l l 3 2 . e x e                                                                                                                                                 3 5 2 8                           4 2 0 4               
 
 C : \ P r o g r a m D a t a \ A d - A w a r e   B r o w s i n g   P r o t e c t i o n \ a d a w a r e b p . e x e                                                                                               1 1 0 4                           4 2 4 4               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ A V G \ A V G 2 0 1 4 \ a v g u i . e x e                                                                                                                         1 1 0 4                           4 2 6 4               
 
 C : \ P r o g r a m   F i l e s \ D i g i t a l P e r s o n a \ B i n \ D P A g e n t . e x e                                                                                                                   4 1 2 4                           4 3 4 4               
 
 C : \ P r o g r a m   F i l e s \ A V A S T   S o f t w a r e \ A v a s t \ a v a s t u i . e x e                                                                                                               1 1 0 4                           4 4 7 2               
 
 C : \ P r o g r a m   F i l e s \ W i n d o w s   M e d i a   P l a y e r \ w m p n e t w k . e x e                                                                                                             7 7 6                             4 6 2 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w b e m \ w m i p r v s e . e x e                                                                                                                                       8 8 8                             4 9 1 2               
 
 C : \ W i n d o w s \ S y s W O W 6 4 \ c t f m o n . e x e                                                                                                                                                     4 2 6 4                           4 2 8 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w b e m \ u n s e c a p p . e x e                                                                                                                                       8 8 8                             5 4 1 2               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ I n t u i t \ U p d a t e   S e r v i c e \ I n t u i t U p d a t e S e r v i c e . e x e                                               7 7 6                             5 7 8 4               
 
 C : \ P r o g r a m   F i l e s   ( x 8 6 ) \ C o m m o n   F i l e s \ I n t u i t \ U p d a t e   S e r v i c e   v 4 \ I n t u i t U p d a t e S e r v i c e . e x e                                         7 7 6                             4 7 8 4               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w u a u c l t . e x e                                                                                                                                                   1 0 4 8                           6 0 3 2               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ S e a r c h P r o t o c o l H o s t . e x e                                                                                                                             4 0 4 8                           2 5 6                 
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ S e a r c h F i l t e r H o s t . e x e                                                                                                                                 4 0 4 8                           4 2 9 2               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ p r e v h o s t . e x e                                                                                                                                                 8 8 8                             4 7 7 2               
 
                                                                                                                                                                                                                 6 4 0                             4 8 2 8               
 
 C : \ U s e r s \ R o b \ D e s k t o p \ F R S T \ F R S T 6 4 . e x e                                                                                                                                         3 5 2 8                           1 8 6 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ c m d . e x e                                                                                                                                                           1 8 6 8                           1 2 6 8               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ c o n h o s t . e x e                                                                                                                                                   6 6 8                             4 2 8 0               
 
 C : \ W i n d o w s \ s y s t e m 3 2 \ w b e m \ W M I C . e x e                                                                                                                                               1 2 6 8                           3 5 9 6               
 
 
========= End of CMD: =========
 
C:\ProgramData\AzarSohna => Moved successfully.
C:\ProgramData\Windows Genuine Advantage => Moved successfully.
C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
C:\Users\Rob\AppData\Local\CottonModel => Moved successfully.
 
=========  type "C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt" =========
 
The system cannot find the path specified.
 
========= End of CMD: =========
 
EmptyTemp: => Removed 254.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#14 hackr

hackr
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 06 September 2014 - 06:54 PM

hi...did a little googling on the chrome.exe *32 processes and it appears this is normal...that said, based on the last log file i sent, is my computer fixed now?...if so, what was the issue that all these steps fixed?

 

appreciate the asisstance!

 

here's the info on multiple chrome.exe processes:

 

http://www.fixedbyvonnie.com/2013/09/why-do-i-see-multiple-chrome-exe-processes-in-the-task-manager/#.VAueQfldWTJ



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:21 AM

Posted 07 September 2014 - 03:25 AM

Yes, Chrome uses multiple processes to run, this is completely normal behaviour. We would have to worry about them when there are Chrome processes running although no browser window is open because this is something that malware likes to do.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:
  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.


Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.4
Java 7 Update 25
Java 7 Update 45 (64-bit)
Internet Explorer Version 10




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users