Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multiple dllhost.exe running and un killable


  • This topic is locked This topic is locked
19 replies to this topic

#1 Iberaven

Iberaven

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 10 September 2014 - 04:00 PM

so here it is in a nutshell, inlaws computer came to me to look at, i ran scans found malware and viruses, removed them, re ran scanns and they came back clean.  but the computer is ungodly slow, took over 3 hours to run frst.  task manager shows about 30 dllhost.exe com surrogates running taking all the resources and they are un killable.  i saw someone else posted about this and got it fixed so i posted here as well, here are my frst scan logfile followed by my additional logfile
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Erin (administrator) on ERIN-PC on 10-09-2014 09:48:59
Running from C:\Users\Erin\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company) C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2784256 2012-06-19] (Eastman Kodak Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
HKLM-x32\...\runonceex: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234840 2012-06-18] (Eastman Kodak Company)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-28] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\Run: [duewjaihk] => rundll32.exe "C:\Users\Erin\AppData\Local\Temp\\b3c\AppData\Local\Microsoft\duewjaihk.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-28] (Adobe Systems Incorporated)
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\Policies\system: [WallpaperStyle] 2
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\MountPoints2: E - E:\Start.exe
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.facebook.com/?ref=hp
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - {EE21DDEF-7DF2-4DED-9F0B-8279955C937F} URL = http://www.facebook.com/search/?src=os&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BrowserHelper Class -> {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Toolbar: HKCU - No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Erin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Erin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Erin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Erin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 01999D4E7A1CF1C2B7762D7DA0C4CC814F801E9F76A5395CB9E6295437C3FE90
CHR DefaultSearchURL: Default -> C955CD6D0C494F22DD5979DA145A9486DA3538D65E6E2827BF6403D63D6E7B84
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKCU\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Erin\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-21]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2012-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [777728 2012-06-19] (Eastman Kodak Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S4 lxbm_device; C:\Windows\system32\lxbmcoms.exe [566192 2007-01-30] ( )
S4 lxbm_device; C:\Windows\SysWOW64\lxbmcoms.exe [537520 2007-01-30] ( )
S4 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) [File not signed]
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 iscFlash; c:\SwSetup\sp47543\iscflashx64.sys [23344 2009-08-26] (Insyde Software) [File not signed]
S3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.) [File not signed]
S3 cpuz132; \??\C:\Users\Erin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U4 eabfiltr; No ImagePath
S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 09:58 - 2014-09-10 09:58 - 00007168 __RSH () C:\Users\Erin\AppData\Roaming\{00003893-590C-067E-029B-55C8FA73CBA7}.exe
2014-09-10 09:49 - 2014-09-10 10:25 - 00025361 _____ () C:\Users\Erin\Downloads\FRST.txt
2014-09-10 09:47 - 2014-09-10 10:00 - 00000000 ____D () C:\FRST
2014-09-10 09:43 - 2014-09-10 09:44 - 02105856 _____ (Farbar) C:\Users\Erin\Downloads\FRST64.exe
2014-09-10 09:13 - 2014-09-10 09:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:04 - 2014-09-09 16:01 - 00522503 _____ () C:\Users\Erin\Desktop\avgrep.txt
2014-09-07 19:55 - 2014-09-10 09:12 - 00519260 _____ () C:\Windows\PFRO.log
2014-09-07 19:29 - 2014-09-07 19:29 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\AVG2014
2014-09-07 19:24 - 2014-09-07 19:24 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\TuneUp Software
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-07 18:23 - 2014-09-07 18:23 - 00000000 ___HD () C:\$AVG
2014-09-07 18:22 - 2014-09-07 19:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-07 17:54 - 2014-09-09 09:05 - 00000000 ____D () C:\Users\Erin\AppData\Local\Avg2014
2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\MFAData
2014-09-07 17:49 - 2014-09-07 17:50 - 04927216 _____ (AVG Technologies) C:\Users\Erin\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-07 17:39 - 2014-09-10 09:12 - 00000168 _____ () C:\Windows\setupact.log
2014-09-07 17:39 - 2014-09-07 17:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-06 21:01 - 2014-09-06 21:01 - 04901352 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup417.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 21:01 - 2014-09-06 21:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 20:17 - 2014-09-06 20:17 - 00000208 _____ () C:\Windows\wininit.ini
2014-09-06 19:59 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140906-195925.backup
2014-09-06 19:42 - 2014-09-06 19:42 - 00001262 _____ () C:\Users\Erin\Desktop\Spybot - Search & Destroy.lnk
2014-09-06 19:41 - 2014-09-07 20:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-06 19:41 - 2014-09-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-06 19:34 - 2014-09-06 19:35 - 16409960 _____ (Safer Networking Limited ) C:\Users\Erin\Downloads\spybotsd162.exe
2014-09-01 16:52 - 2014-09-01 16:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-01 16:44 - 2014-09-01 16:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012.exe
2014-09-01 16:42 - 2014-09-01 16:43 - 04872677 _____ () C:\Users\Erin\Downloads\mbam-chameleon-3.1.4.0.zip
2014-09-01 16:31 - 2014-09-01 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 14:30 - 2014-09-01 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 14:27 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 14:27 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 14:27 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-01 14:27 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-01 14:26 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 14:26 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-01 14:26 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-01 14:26 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 13:18 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 13:18 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 13:18 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 13:18 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 13:18 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 13:17 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 13:17 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 13:17 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 13:17 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 13:17 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 13:16 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 13:16 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-01 13:16 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-01 13:16 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-01 13:16 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-01 13:16 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-01 13:16 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-01 13:16 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-01 13:16 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-01 13:16 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-01 13:15 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-01 13:15 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-01 13:15 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-01 13:15 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-01 13:15 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-01 13:15 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-01 13:15 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-01 13:15 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-01 13:15 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-01 13:15 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-01 13:15 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-01 13:15 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-01 13:15 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-01 13:15 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-01 13:15 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-01 13:15 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-01 13:15 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-01 13:15 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-01 13:15 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-01 13:15 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-01 13:15 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-01 13:15 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-01 13:15 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-01 13:15 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-01 13:15 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-01 13:15 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-01 13:15 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-01 13:15 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-01 13:15 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-01 13:15 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-01 13:15 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-01 13:15 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-01 13:15 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-01 13:15 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-01 13:15 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-01 13:15 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-01 13:15 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-01 13:15 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-01 13:15 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-01 13:15 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-01 13:15 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-01 13:15 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-01 13:15 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-01 13:15 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-01 13:15 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-01 13:15 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-01 13:15 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-01 13:15 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-01 13:15 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-01 13:15 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-01 13:15 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-01 13:15 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-01 13:15 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-01 13:15 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-01 13:15 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-01 13:15 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-01 13:15 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 13:15 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 13:14 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-01 13:14 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-01 13:14 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-01 13:14 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-01 13:14 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-01 13:14 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-01 13:14 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-01 13:14 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-01 13:14 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-01 13:08 - 2014-09-01 13:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-01 13:08 - 2014-09-01 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-01 13:05 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 13:05 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-01 13:05 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 13:05 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 13:05 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 13:03 - 2014-08-06 19:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-01 13:03 - 2014-08-06 19:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 12:55 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 12:55 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 12:55 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 12:55 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 12:55 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 12:55 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-01 09:23 - 2014-09-01 17:16 - 00000000 ____D () C:\Users\Erin\Desktop\mbar
2014-08-23 15:16 - 2014-08-23 15:16 - 06010880 _____ () C:\Program Files (x86)\GUT5A6F.tmp
2014-08-23 15:16 - 2014-08-23 15:16 - 00000000 ____D () C:\Program Files (x86)\GUM5A6E.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 10:25 - 2014-09-10 09:49 - 00025361 _____ () C:\Users\Erin\Downloads\FRST.txt
2014-09-10 10:25 - 2012-07-26 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 10:25 - 2009-09-29 19:40 - 01614132 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 10:07 - 2011-08-04 21:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 10:00 - 2014-09-10 09:47 - 00000000 ____D () C:\FRST
2014-09-10 09:58 - 2014-09-10 09:58 - 00007168 __RSH () C:\Users\Erin\AppData\Roaming\{00003893-590C-067E-029B-55C8FA73CBA7}.exe
2014-09-10 09:44 - 2014-09-10 09:43 - 02105856 _____ (Farbar) C:\Users\Erin\Downloads\FRST64.exe
2014-09-10 09:41 - 2013-02-12 21:40 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000UA.job
2014-09-10 09:29 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 09:29 - 2009-07-13 21:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 09:28 - 2010-10-15 22:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-10 09:15 - 2011-04-14 14:04 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-10 09:13 - 2014-09-10 09:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 09:12 - 2014-09-07 19:55 - 00519260 _____ () C:\Windows\PFRO.log
2014-09-10 09:12 - 2014-09-07 17:39 - 00000168 _____ () C:\Windows\setupact.log
2014-09-10 09:12 - 2011-08-04 21:36 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 09:12 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 08:52 - 2010-02-14 10:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-10 08:50 - 2009-08-24 16:57 - 00000000 ____D () C:\ProgramData\Temp
2014-09-09 16:01 - 2014-09-09 09:04 - 00522503 _____ () C:\Users\Erin\Desktop\avgrep.txt
2014-09-09 09:05 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\Avg2014
2014-09-07 20:41 - 2010-12-20 05:40 - 00000000 ____D () C:\Temp
2014-09-07 20:11 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-07 19:55 - 2012-12-21 12:44 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-07 19:38 - 2011-12-23 00:55 - 00000000 ____D () C:\Users\Erin\AppData\Local\CrashDumps
2014-09-07 19:29 - 2014-09-07 19:29 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\AVG2014
2014-09-07 19:26 - 2014-09-07 18:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-07 19:24 - 2014-09-07 19:24 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\TuneUp Software
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-07 19:02 - 2011-12-19 21:54 - 00000258 _____ () C:\Windows\Tasks\NUSchedule.job
2014-09-07 18:23 - 2014-09-07 18:23 - 00000000 ___HD () C:\$AVG
2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\MFAData
2014-09-07 17:50 - 2014-09-07 17:49 - 04927216 _____ (AVG Technologies) C:\Users\Erin\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-07 17:39 - 2014-09-07 17:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-07 17:01 - 2009-07-24 23:11 - 00000000 ____D () C:\Windows\Panther
2014-09-07 17:00 - 2010-12-13 13:03 - 00000000 ____D () C:\Windows\Minidump
2014-09-07 11:38 - 2013-02-12 21:40 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000Core.job
2014-09-06 21:01 - 2014-09-06 21:01 - 04901352 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup417.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 21:01 - 2014-09-06 21:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 20:17 - 2014-09-06 20:17 - 00000208 _____ () C:\Windows\wininit.ini
2014-09-06 19:52 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:42 - 2014-09-06 19:42 - 00001262 _____ () C:\Users\Erin\Desktop\Spybot - Search & Destroy.lnk
2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-06 19:35 - 2014-09-06 19:34 - 16409960 _____ (Safer Networking Limited ) C:\Users\Erin\Downloads\spybotsd162.exe
2014-09-01 17:16 - 2014-09-01 09:23 - 00000000 ____D () C:\Users\Erin\Desktop\mbar
2014-09-01 16:52 - 2014-09-01 16:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-01 16:45 - 2014-09-01 16:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012.exe
2014-09-01 16:43 - 2014-09-01 16:42 - 04872677 _____ () C:\Users\Erin\Downloads\mbam-chameleon-3.1.4.0.zip
2014-09-01 16:31 - 2014-09-01 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-01 15:02 - 2013-01-13 20:32 - 00000258 __RSH () C:\Users\Erin\ntuser.pol
2014-09-01 15:02 - 2009-11-04 13:50 - 00000000 ____D () C:\Users\Erin
2014-09-01 14:59 - 2009-07-13 21:45 - 00482288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-01 14:51 - 2011-11-29 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-01 14:38 - 2013-08-14 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-01 14:32 - 2013-03-20 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 14:31 - 2013-03-20 12:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 14:31 - 2013-03-20 12:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 14:30 - 2014-09-01 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files\iTunes
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files\iPod
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-01 14:25 - 2014-05-06 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 13:22 - 2014-06-20 11:18 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-01 13:11 - 2010-03-24 20:14 - 00000000 ____D () C:\ProgramData\Apple
2014-09-01 13:08 - 2014-09-01 13:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-01 13:08 - 2014-09-01 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-01 13:08 - 2012-05-23 13:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-01 13:00 - 2011-10-31 15:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-01 13:00 - 2009-11-06 06:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-01 12:42 - 2011-08-04 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 12:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-09-01 12:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-01 12:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-25 06:53 - 2010-01-04 20:46 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 18:01 - 2011-08-04 21:36 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-23 18:01 - 2011-08-04 21:36 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-23 15:16 - 2014-08-23 15:16 - 06010880 _____ () C:\Program Files (x86)\GUT5A6F.tmp
2014-08-23 15:16 - 2014-08-23 15:16 - 00000000 ____D () C:\Program Files (x86)\GUM5A6E.tmp
2014-08-22 19:07 - 2014-09-01 13:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-09-01 13:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-09-01 13:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-24 04:34
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014
Ran by Erin at 2014-09-10 10:45:47
Running from C:\Users\Erin\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Activate Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.1.20.0 - Symantec)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 10 Plugin (HKLM-x32\...\{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}) (Version: 10.0.45.2 - Adobe Systems, Inc.)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (x32 Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden
Alps Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version:  - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version:  - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version:  - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version:  - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version:  - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version:  - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
center (x32 Version: 6.2.5.0 - Eastman Kodak Company) Hidden
Clip Art Collection (HKLM-x32\...\{158104AB-D92E-45BC-8268-5D351C95F6AD}) (Version: 1.0.0.0 - W3i)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3101 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Driver Whiz (HKLM-x32\...\{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}) (Version: 8.0.1 - Driver Whiz)
ENE CIR Receiver Driver (HKLM\...\5F4DD0919B4763856B77AD385DEEEFCDF01784A8) (Version: 2.7.3.519 - ENE)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Advisor (HKLM-x32\...\{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}) (Version: 3.2.9652.3188 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart DVD (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart Internet TV (HKLM-x32\...\InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}) (Version: 3.0.1916 - Hewlett-Packard)
HP MediaSmart Internet TV (x32 Version: 3.0.1916 - Hewlett-Packard) Hidden
HP MediaSmart Live TV (HKLM-x32\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.0.1924 - Hewlett-Packard)
HP MediaSmart Live TV (x32 Version: 3.0.1924 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (x32 Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3123 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (x32 Version: 3.0.3123 - Hewlett-Packard) Hidden
HP MediaSmart SlingPlayer (HKLM-x32\...\{90F6051D-A69F-4159-9203-7E20430E1056}) (Version: 2.1.1.60 - Sling Media, Inc.)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.0.30.1 - Hewlett-Packard)
HP MediaSmart Software Notebook Demo (HKLM-x32\...\{82A213BD-B6AA-4281-A2D3-59D51893CC56}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.0.1913 - Hewlett-Packard)
HP MediaSmart Webcam (x32 Version: 3.0.1913 - Hewlett-Packard) Hidden
HP Quick Launch Buttons (HKLM-x32\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.17.1 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}) (Version: 1.2.3220.3079 - Hewlett-Packard)
HP Smart Web Printing (HKLM-x32\...\HP Smart Web Printing) (Version: 131.1.35898 - Hewlett-Packard)
HP Smart Web Printing (x32 Version: 131.1.35898 - Hewlett-Packard) Hidden
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{D46D081B-F60E-467E-A7C4-117B70D76731}) (Version: 5.001.000.014 - Hewlett-Packard)
HP User Guides 0146 (HKLM-x32\...\{45E5D641-3C82-4F95-92FB-AE5459DF2988}) (Version: 1.02.0002 - Hewlett-Packard)
HP Wireless Assistant (HKLM-x32\...\{F9A43C0C-F274-4EC0-B02E-202C15C09C00}) (Version: 3.50.12.1 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
iTunes (HKLM\...\{CF8FFD12-602B-422D-AF1D-511B411E7632}) (Version: 10.6.1.7 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.1.2 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 18 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.180 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kgcbaby (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgchlwn (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcinvt (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgckids (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
kgcmove (x32 Version: 5.03.0000.0003 - EASTMAN KODAK Company) Hidden
kgcvday (x32 Version: 5.03.0000.0002 - EASTMAN KODAK Company) Hidden
Kodak AIO Printer (Version: 7.5.0.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.5.9.60 - Eastman Kodak Company)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version:  - Eastman Kodak Company)
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1913 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.1913 - CyberLink Corp.) Hidden
Lexmark 4200 Series (HKLM\...\Lexmark 4200 Series) (Version:  - Lexmark International, Inc.)
LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.97 - LSI Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Live Search Toolbar (HKLM-x32\...\{DF802C05-4660-418c-970C-B988ADB1D316}) (Version: 3.0.560.0 - Microsoft Live Search Toolbar)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2013.4.0.10 - Symantec Corporation)
Norton Utilities 15 (HKLM-x32\...\Norton Utilities 15_is1) (Version: 15.0 - Symantec Corporation)
ocr (x32 Version: 6.2.3.50 - Eastman Kodak Company) Hidden
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
PCDADDIN (x32 Version: 6.02.0001.0003 - EASTMAN KODAK Company) Hidden
PCDHELP (x32 Version: 6.02.0001.0001 - EASTMAN KODAK Company) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3101 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3101 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3101 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3101 - CyberLink Corp.) Hidden
PowerRecover (x32 Version: 5.5.1923 - CyberLink Corp.) Hidden
PreReq (x32 Version: 6.2.4.0 - Eastman Kodak Company) Hidden
QLBCASL (x32 Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
ShopAtHome.com Helper (HKLM-x32\...\ShopAtHome.com Helper) (Version: 7.0.3.15 - ShopAtHome.com)
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SlingBoxWatchYourTVAnyWhere (HKLM-x32\...\{4313E16C-811B-469F-8815-6EB98085F8B2}) (Version: 2.1.1.58 - Sling Media)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
System Tool2011 (HKLM-x32\...\System Tool2011) (Version:  - )
The Print Shop CD Label Creator (HKLM-x32\...\{8AF872EF-E6C5-41C8-BCA2-1990396D21DE}) (Version:  - Broderbund LLC)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2275199602-3988718927-1175884840-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2275199602-3988718927-1175884840-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-2275199602-3988718927-1175884840-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
08-09-2014 01:16:36 Installed AVG 2014
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2014-09-06 19:59 - 00450712 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A865014-1D4D-44E9-9888-FBCB5EADA514} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-08-04] (Hewlett-Packard)
Task: {1084B032-6F48-4415-A417-998470122B96} - System32\Tasks\SearchGuardPlusUpdater => C:\Program Files\Search Guard PlusU\sgpupdaters.exe
Task: {15820D0B-8C83-4D50-A06E-93369ED2048B} - System32\Tasks\CapSvcInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-07-24] (CL)
Task: {175AB5C1-B547-4222-9721-54FBEB8FFFA3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: {30F1734F-4653-47FB-AF57-E63A643AE05A} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-07-23] (CyberLink Corp.)
Task: {394E2238-FE55-46A1-9765-553EFAA9715E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000UA => C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-30] (Google Inc.)
Task: {3A21A60D-CF88-48E4-AEB5-1AFF44584992} - System32\Tasks\{FCD4913C-9829-45B4-8A5A-9999976980E5} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-03-27] (Apple Inc.)
Task: {43002C07-31E9-4AC6-BF36-FC336832565B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {556C4D79-91BD-4757-A43D-252B17579D9F} - System32\Tasks\NUSchedule => C:\Program Files (x86)\Norton Utilities 15\nu.exe [2012-12-26] (Symantec Corporation)
Task: {61F6047D-4BED-4A40-BD08-E8B2BE099DC6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {7FFEE32E-C7BC-4FE5-A270-082F3FB2DB90} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {8501FF1B-9FE8-4EEB-88AB-B1F8E3BEFAC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-28] (Adobe Systems Incorporated)
Task: {86A9CCA2-F15C-4D0A-9CCD-E061C57EC70C} - System32\Tasks\RMSchedule => C:\Program Files (x86)\Registry Mechanic\Launcher.exe
Task: {966DB880-FC15-4DF7-A7BB-C70808B7D4CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {96BA0186-454B-46C7-895A-5A4E318CD4A6} - System32\Tasks\CapSchedInst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-07-24] (CL)
Task: {9AD370C4-6FD5-4505-81AB-35738CBA9F24} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000Core => C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-12-30] (Google Inc.)
Task: {9CE62644-BD34-4505-97A2-B7D9A88BE099} - System32\Tasks\TVAgent => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-07-24] (CyberLink Corp.)
Task: {ACC83A9F-AE98-4C42-B3D8-057FE2B69B29} - System32\Tasks\AVG\PC Tuneup 2011\Integrator\Start On Windows Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
Task: {B1C24019-39AC-4C78-90C2-870368DEBB58} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16
Task: {CA24AC81-C30E-4B98-92B8-8D9E448484A4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04] (Google Inc.)
Task: {CA9F0F24-9344-4923-BFF2-07ED4F92B5BE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-04] (Google Inc.)
Task: {D4A16DC6-15E2-4681-A60F-B8B87B473FFA} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-07-23] (CyberLink)
Task: {D976C64F-444F-4CBC-9054-630BC47CBD81} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DB8B62AC-22D5-4F7F-9B6F-FC469B3E52CA} - System32\Tasks\{6EF8C896-CFF1-44A4-AB41-71AF7DCCA706} => C:\Program Files (x86)\iTunes\iTunes.exe [2012-03-27] (Apple Inc.)
Task: {DF48DC51-48C9-4790-9D08-8D2A7636F636} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {F728D04B-77C9-4AFE-82AE-8E46C74F9F24} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\SymErr.exe [2013-05-29] (Symantec Corporation)
Task: {F7846045-8E62-41A6-81D9-2544620AB437} - System32\Tasks\CapUninst => c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-07-24] (CL)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EasyShare Registration Task.job => Pêöe"4ðL¡¥7ž µâF\<
 sÀ €!Þ
&.!C:\Windows\system32\rundll32.exeZC:\PROGRA~3\Kodak\EasyShareSetup\$REGIS~1\Registration_8.3.20.1.sxt _RegistrationOffer@16Erin0Û&
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000Core.job => C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000UA.job => C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NUSchedule.job => C:\Program Files (x86)\Norton Utilities 15\nu.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-05-02 12:50 - 2009-10-16 18:12 - 00177664 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxdxdrpp.dll
2009-08-24 17:27 - 2009-01-21 11:47 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-18 07:12 - 2012-05-30 07:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON IDENTITY SAFE\ENGINE\2013.4.0.10\wincfi39.dll
2009-07-23 11:37 - 2009-07-23 11:37 - 00931112 ____N () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2011-02-23 17:24 - 2011-02-23 17:24 - 00406016 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Kfx.dll
2011-02-23 17:23 - 2011-02-23 17:23 - 00264192 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
2011-02-23 17:21 - 2011-02-23 17:21 - 00356352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
2011-02-23 17:19 - 2011-02-23 17:19 - 00237568 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
2011-02-23 17:38 - 2011-02-23 17:38 - 00234496 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
2011-02-23 17:15 - 2011-02-23 17:15 - 00090112 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
2011-02-23 17:39 - 2011-07-18 18:47 - 00078848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
2011-02-23 17:11 - 2011-07-18 18:47 - 00062464 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
2006-03-07 10:05 - 2011-07-18 18:47 - 01564672 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AreaIFDLL.dll
2011-02-23 17:37 - 2011-02-23 17:37 - 00761856 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
2011-02-23 17:17 - 2011-02-23 17:17 - 00152576 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
2011-02-23 18:00 - 2011-07-18 18:47 - 00684032 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
2011-02-23 17:24 - 2011-07-18 18:47 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
2011-02-23 17:15 - 2011-07-18 18:47 - 00129536 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
2011-02-23 18:55 - 2011-07-18 18:47 - 11503616 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
2009-09-28 21:19 - 2011-07-18 18:47 - 00782336 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
2009-09-28 21:19 - 2011-07-18 18:47 - 00868352 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
2009-09-28 21:20 - 2011-07-18 18:47 - 00462848 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
2009-09-28 21:19 - 2011-07-18 18:47 - 00155648 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
2009-09-28 21:21 - 2011-07-18 18:47 - 00528384 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
2009-09-28 21:20 - 2011-07-18 18:47 - 02236416 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
2009-09-28 21:21 - 2011-07-18 18:47 - 00847872 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
2009-09-28 21:21 - 2011-07-18 18:47 - 01396736 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
2011-02-23 18:04 - 2011-07-18 18:47 - 00171520 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
2011-02-23 17:38 - 2011-07-18 18:47 - 00052224 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
2011-02-23 17:36 - 2011-07-18 18:47 - 00143360 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
2011-02-23 17:15 - 2011-07-18 18:47 - 00084480 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
2011-02-23 15:25 - 2011-07-18 18:47 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
2011-02-23 19:02 - 2011-07-18 18:47 - 00339968 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
2011-02-23 18:01 - 2011-07-18 18:47 - 00098304 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
2011-02-23 18:05 - 2011-07-18 18:47 - 00315392 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
2011-02-23 17:55 - 2011-07-18 18:47 - 00688128 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
2011-02-23 19:00 - 2011-07-18 18:47 - 00471040 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Escom.dll
2007-02-20 05:10 - 2007-02-20 05:10 - 00192512 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VistaPCD.cyx
2007-02-20 03:34 - 2007-02-20 03:34 - 00010240 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\LocVistaPCD.dll
2007-02-20 05:09 - 2007-02-20 05:09 - 00094208 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\AddIn\VPCD.dll
2011-02-23 17:16 - 2011-07-18 18:47 - 00044544 _____ () C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
2014-09-07 05:20 - 2014-08-29 19:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-07 05:20 - 2014-08-29 19:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-07 05:20 - 2014-08-29 19:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-07 05:20 - 2014-08-29 19:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-07 05:20 - 2014-08-29 19:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:0B4227B4
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
AlternateDataStreams: C:\ProgramData\Temp:D287FACF
AlternateDataStreams: C:\ProgramData\Temp:D3A96964
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: BBSvc => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: lxbm_device => 2
MSCONFIG\Services: lxdx_device => 2
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Erin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: Google Update => "C:\Users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: HPADVISOR => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
MSCONFIG\startupreg: HPCam_Menu => "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: lxbmmon.exe => "C:\Program Files (x86)\Lexmark 4200 Series\lxbmmon.exe"
MSCONFIG\startupreg: My Web Search Bar Search Scope Monitor => "C:\PROGRA~2\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
MSCONFIG\startupreg: MyWebSearch Email Plugin => C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSCONFIG\startupreg: MyWebSearch Plugin => rundll32 C:\PROGRA~2\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RegistryMechanic => C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
MSCONFIG\startupreg: ShopAtHomeUpdater => C:\Users\Erin\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe
MSCONFIG\startupreg: ShopAtHomeWatcher => C:\Users\Erin\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SmartMenu => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
MSCONFIG\startupreg: SSDMonitor => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: UpdatePRCShortCut => "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
MSCONFIG\startupreg: WirelessAssistant => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Intel® 4 Series Internal Chipset
Description: Intel® 4 Series Internal Chipset
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Norton Identity Safe Settings Manager
Description: Norton Identity Safe Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ccSet_NST
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2014 00:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x004924ea
Faulting process id: 0x1fd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/10/2014 00:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x003cc2ab
Faulting process id: 0x1b94
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/10/2014 09:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 6.1.168.192.in-addr.arpa. PTR Erin-PC.local.
 
Error: (09/10/2014 09:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   17 6.1.168.192.in-addr.arpa. PTR Erin-PC-2.local.
 
Error: (09/07/2014 07:57:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 6.1.168.192.in-addr.arpa. PTR Erin-PC.local.
 
Error: (09/07/2014 07:57:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   17 6.1.168.192.in-addr.arpa. PTR Erin-PC-2.local.
 
Error: (09/07/2014 07:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x0015062f
Faulting process id: 0x9c0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/07/2014 06:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x00136cef
Faulting process id: 0xf80
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/07/2014 06:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17239, time stamp: 0x4a5bc6b7
Faulting module name: MSHTML.dll, version: 11.0.9600.17239, time stamp: 0x53d26078
Exception code: 0xc0000005
Fault offset: 0x00136cef
Faulting process id: 0xd98
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (09/07/2014 05:41:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.
 
 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
 
 
System errors:
=============
Error: (09/10/2014 10:53:12 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (09/10/2014 09:15:22 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/10/2014 09:14:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/10/2014 09:13:38 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
ccSet_NST
 
Error: (09/10/2014 09:13:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SBSD Security Center Service service failed to start due to the following error: 
%%1053
 
Error: (09/10/2014 09:13:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
 
Error: (09/10/2014 09:12:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:10:18 PM on ‎9/‎9/‎2014 was unexpected.
 
Error: (09/09/2014 08:09:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/09/2014 08:09:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
Error: (09/09/2014 08:09:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (09/10/2014 00:10:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c0000005004924ea1fd001cfcd29a705b2cbC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll2bc2b17f-391e-11e4-80c6-002622a06ead
 
Error: (09/10/2014 00:05:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c0000005003cc2ab1b9401cfcd29459cd118C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll75d1c7b0-391d-11e4-80c6-002622a06ead
 
Error: (09/10/2014 09:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 6.1.168.192.in-addr.arpa. PTR Erin-PC.local.
 
Error: (09/10/2014 09:13:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   17 6.1.168.192.in-addr.arpa. PTR Erin-PC-2.local.
 
Error: (09/07/2014 07:57:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   15 6.1.168.192.in-addr.arpa. PTR Erin-PC.local.
 
Error: (09/07/2014 07:57:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.6:5353   17 6.1.168.192.in-addr.arpa. PTR Erin-PC-2.local.
 
Error: (09/07/2014 07:38:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c00000050015062f9c001cfcb0d10e3d357C:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll2bf61958-3701-11e4-84b0-002622a06ead
 
Error: (09/07/2014 06:58:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c000000500136ceff8001cfcb07bccce7ccC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll9036d5c0-36fb-11e4-84b0-002622a06ead
 
Error: (09/07/2014 06:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.172394a5bc6b7MSHTML.dll11.0.9600.1723953d26078c000000500136cefd9801cfcb00dc0a0f5dC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll3ab59466-36f5-11e4-84b0-002622a06ead
 
Error: (09/07/2014 05:41:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: 
Details:
The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-01-26 19:50:31.439
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\usp10.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 3998.96 MB
Available physical RAM: 1354.32 MB
Total Pagefile: 7996.1 MB
Available Pagefile: 3759.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:285.45 GB) (Free:191.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.44 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 488378EB)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 10 September 2014 - 04:32 PM

Hi,

please run Combofix:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#3 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 10 September 2014 - 11:32 PM

here is the combofix log
 

ComboFix 14-09-11.01 - Erin 09/10/2014  16:20:03.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3999.2166 [GMT -7:00]
Running from: c:\users\Erin\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Public\videos\HP MediaSmart Demo.exe
c:\windows\wininit.ini
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct: 
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-11 to 2014-09-11  )))))))))))))))))))))))))))))))
.
.
2014-09-10 16:47 . 2014-09-10 19:56 -------- d-----w- C:\FRST
2014-09-10 16:13 . 2014-09-10 16:13 -------- d-----w- c:\programdata\Norton
2014-09-08 02:29 . 2014-09-08 02:29 -------- d-----w- c:\users\Erin\AppData\Roaming\AVG2014
2014-09-08 02:24 . 2014-09-08 02:24 -------- d-----w- c:\users\Erin\AppData\Roaming\TuneUp Software
2014-09-08 01:23 . 2014-09-08 01:23 -------- d-----w- C:\$AVG
2014-09-08 01:22 . 2014-09-08 02:26 -------- d-----w- c:\programdata\AVG2014
2014-09-08 00:54 . 2014-09-09 16:05 -------- d-----w- c:\users\Erin\AppData\Local\Avg2014
2014-09-08 00:54 . 2014-09-08 00:54 -------- d-----w- c:\users\Erin\AppData\Local\MFAData
2014-09-07 04:01 . 2014-09-07 04:01 -------- d-----w- c:\program files\CCleaner
2014-09-07 03:28 . 2014-08-21 18:24 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C3DFC248-2A63-4BF0-904A-D39BDD8942BF}\mpengine.dll
2014-09-07 02:41 . 2014-09-08 03:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-09-07 02:41 . 2014-09-07 02:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2014-09-01 21:27 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-09-01 21:27 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-09-01 21:27 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-09-01 21:27 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-09-01 21:26 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-09-01 21:26 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-09-01 21:26 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-09-01 21:26 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-09-01 20:17 . 2014-06-03 10:02 3241984 ----a-w- c:\windows\system32\msi.dll
2014-09-01 20:17 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\SysWow64\msi.dll
2014-09-01 20:17 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-09-01 20:17 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-09-01 20:17 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-09-01 20:17 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-09-01 20:17 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-09-01 20:17 . 2014-07-16 03:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-01 20:17 . 2014-07-16 02:46 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-01 20:15 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-09-01 20:14 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-01 20:14 . 2014-04-12 02:22 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-09-01 20:14 . 2014-04-12 02:22 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-09-01 20:14 . 2014-04-12 02:19 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-09-01 20:14 . 2014-04-12 02:19 31232 ----a-w- c:\windows\system32\lsass.exe
2014-09-01 20:14 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-01 20:14 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-01 20:14 . 2014-04-12 02:19 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-09-01 20:14 . 2014-04-12 02:19 28160 ----a-w- c:\windows\system32\secur32.dll
2014-09-01 20:13 . 2014-09-01 20:13 -------- d-----w- c:\program files\Bonjour
2014-09-01 20:13 . 2014-09-01 20:13 -------- d-----w- c:\program files (x86)\Bonjour
2014-09-01 20:08 . 2014-09-01 20:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-09-01 20:08 . 2014-09-01 20:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-09-01 20:08 . 2014-09-01 20:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-09-01 20:08 . 2014-09-01 20:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-09-01 20:08 . 2014-09-01 20:08 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-09-01 20:05 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-09-01 20:05 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-09-01 20:05 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-09-01 20:05 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-09-01 20:05 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-09-01 20:03 . 2014-08-07 02:06 529920 ----a-w- c:\windows\system32\aepdu.dll
2014-09-01 20:03 . 2014-08-07 02:01 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-08-23 22:16 . 2014-08-23 22:16 -------- d-----w- c:\program files (x86)\GUM5A6E.tmp
2014-08-23 22:16 . 2014-08-23 22:16 6010880 ----a-w- c:\program files (x86)\GUT5A6F.tmp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-01 19:50 . 2012-07-15 15:56 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-25 13:53 . 2010-01-05 03:46 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-06 17:50 . 2014-08-06 17:50 123672 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2014-08-01 06:41 . 2009-11-05 14:58 99218768 ----a-w- c:\windows\system32\MRT.exe
2014-07-22 04:03 . 2014-07-22 04:03 244504 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-06-30 19:43 . 2014-06-30 19:43 152344 ----a-w- c:\windows\system32\drivers\avgdiska.sys
2014-06-17 23:21 . 2014-06-17 23:21 235800 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2014-06-17 23:07 . 2014-06-17 23:07 328984 ----a-w- c:\windows\system32\drivers\avgloga.sys
2014-06-17 23:06 . 2014-06-17 23:06 269080 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2014-06-17 23:06 . 2014-06-17 23:06 190744 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2014-06-17 23:06 . 2014-06-17 23:06 31512 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"EKStatusMonitor"="c:\program files (x86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe" [2012-06-19 2784256]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-08-25 5188112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2012-06-19 2234840]
"FlashPlayerUpdate"="c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe" [2014-03-28 841096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2011-2-23 323584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iscFlash;iscFlash;c:\swsetup\sp47543\iscflashx64.sys;c:\swsetup\sp47543\iscflashx64.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw1v64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw1v64.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys;c:\windows\SYSNATIVE\drivers\SymDSMon.sys [x]
R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys;c:\windows\SYSNATIVE\drivers\SymSpeedDisk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 lxbm_device;lxbm_device;c:\windows\system32\lxbmcoms.exe;c:\windows\SYSNATIVE\lxbmcoms.exe [x]
R4 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe;c:\windows\SYSNATIVE\lxdxcoms.exe [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe;c:\program files (x86)\AVG\AVG2014\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2014\avgwdsvc.exe [x]
S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [x]
S2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe;c:\program files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [x]
S2 NCO;Norton Identity Safe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe;c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-07 11:07 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 18:35]
.
2014-02-11 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 04:36]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-05 04:36]
.
2014-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000Core.job
- c:\users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13 21:29]
.
2014-09-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000UA.job
- c:\users\Erin\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-13 21:29]
.
2014-09-11 c:\windows\Tasks\NUSchedule.job
- c:\program files (x86)\Norton Utilities 15\nu.exe [2012-12-26 18:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 417304]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E4878B45-E2C0-4307-B6E8-734922F92F5B} - (no file)
WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files (x86)\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,
   1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{7B13EC3E-999A-4B70-B9CB-2617B8323822}"=hex:51,66,7a,6c,4c,1d,38,12,50,ef,00,
   7f,a8,d7,1e,0e,c6,dd,65,57,bd,6c,7c,36
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
   7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{A0154E07-2B48-475C-A82A-80EFD84EA33E}"=hex:51,66,7a,6c,4c,1d,38,12,69,4d,06,
   a4,7a,65,32,02,d7,3c,c3,af,dd,10,e7,2a
"{CF51DE5B-EB36-4114-BB69-84DF63FBADB4}"=hex:51,66,7a,6c,4c,1d,38,12,35,dd,42,
   cb,04,a5,7a,04,c4,7f,c7,9f,66,a5,e9,a0
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
   89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
   07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{06E3475C-5521-4DE8-BB12-50720F21631C}"=hex:51,66,7a,6c,4c,1d,38,12,32,44,f0,
   02,13,1b,86,08,c4,04,13,32,0a,7f,27,08
"{11111111-1111-1111-1111-110011431152}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
   15,23,5f,7f,54,6e,07,52,40,14,1d,55,46
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
   64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{626A9BF6-A6F4-18F4-159B-52A7A586C40B}"=hex:51,66,7a,6c,4c,1d,38,12,98,98,79,
   66,c6,e8,9a,5d,6a,8d,11,e7,a0,d8,80,1f
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AB56DFDE-0C14-45B3-9DF6-7B0EBA617870}"=hex:51,66,7a,6c,4c,1d,38,12,b0,dc,45,
   af,26,42,dd,00,e2,e0,38,4e,bf,3f,3c,64
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{B7ACDF9C-C4F9-4D5D-998E-B147866B4D4C}"=hex:51,66,7a,6c,4c,1d,38,12,f2,dc,bf,
   b3,cb,8a,33,08,e6,98,f2,07,83,35,09,58
"{C585D593-E7F3-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,38,12,fd,d6,96,
   c1,c1,a9,3c,0d,dd,16,15,56,83,b0,46,f0
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
   d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{DF22384F-CF68-4D19-969F-10423715528B}"=hex:51,66,7a,6c,4c,1d,38,12,21,3b,31,
   db,5a,81,77,08,e9,89,53,02,32,4b,16,9f
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
   fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC}"=hex:51,66,7a,6c,4c,1d,38,12,49,e1,1e,
   1a,d6,12,cd,0b,d4,1a,c8,43,e4,f4,32,a8
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
   51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{C585D593-E7F4-4852-A200-561686EE02E4}"=hex:51,66,7a,6c,4c,1d,38,12,fd,d6,96,
   c1,c6,a9,3c,0d,dd,16,15,56,83,b0,46,f0
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"=hex:51,66,7a,6c,4c,1d,38,12,b2,5b,08,
   35,ee,ea,6a,0e,ce,a3,23,69,9f,8d,9c,17
"{66516A07-F617-488A-90CF-4E690CFB3C5F}"=hex:51,66,7a,6c,4c,1d,38,12,69,69,42,
   62,25,b8,e4,0d,ef,d9,0d,29,09,a5,78,4b
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
   e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1a,f8,d0,3e,88,67,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
c:\program files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
.
**************************************************************************
.
Completion time: 2014-09-10  19:42:27 - machine was rebooted
ComboFix-quarantined-files.txt  2014-09-11 02:42
.
Pre-Run: 203,800,580,096 bytes free
Post-Run: 204,385,206,272 bytes free
.
- - End Of File - - 4473E7CCB15F7BB2955A87BEFAC679E7
A9736F67F0B877A41A72D74497A11B40


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 11 September 2014 - 04:26 AM

Ok, these dllhost.exe processes should now be gone, right?


Step 1

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 September 2014 - 10:05 AM

yes they are gone thanks for that.  ok i  am doing the tds killer now



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 11 September 2014 - 10:18 AM

Ok.

#7 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 September 2014 - 10:26 AM

08:06:07.0437 0x0d0c  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
08:06:14.0520 0x0d0c  ============================================================
08:06:14.0520 0x0d0c  Current date / time: 2014/09/11 08:06:14.0520
08:06:14.0521 0x0d0c  SystemInfo:
08:06:14.0521 0x0d0c  
08:06:14.0521 0x0d0c  OS Version: 6.1.7601 ServicePack: 1.0
08:06:14.0521 0x0d0c  Product type: Workstation
08:06:14.0521 0x0d0c  ComputerName: ERIN-PC
08:06:14.0521 0x0d0c  UserName: Erin
08:06:14.0521 0x0d0c  Windows directory: C:\Windows
08:06:14.0521 0x0d0c  System windows directory: C:\Windows
08:06:14.0521 0x0d0c  Running under WOW64
08:06:14.0521 0x0d0c  Processor architecture: Intel x64
08:06:14.0521 0x0d0c  Number of processors: 2
08:06:14.0521 0x0d0c  Page size: 0x1000
08:06:14.0521 0x0d0c  Boot type: Normal boot
08:06:14.0522 0x0d0c  ============================================================
08:06:19.0517 0x0d0c  KLMD registered as C:\Windows\system32\drivers\63543852.sys
08:06:19.0838 0x0d0c  System UUID: {F7CC9617-C171-6E8F-924A-6B2C264613DB}
08:06:21.0173 0x0d0c  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:06:21.0185 0x0d0c  ============================================================
08:06:21.0185 0x0d0c  \Device\Harddisk0\DR0:
08:06:21.0186 0x0d0c  MBR partitions:
08:06:21.0186 0x0d0c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
08:06:21.0186 0x0d0c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23AE6800
08:06:21.0186 0x0d0c  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23B4A800, BlocksNum 0x18E3800
08:06:21.0186 0x0d0c  ============================================================
08:06:21.0223 0x0d0c  C: <-> \Device\Harddisk0\DR0\Partition2
08:06:21.0325 0x0d0c  D: <-> \Device\Harddisk0\DR0\Partition3
08:06:21.0325 0x0d0c  ============================================================
08:06:21.0325 0x0d0c  Initialize success
08:06:21.0325 0x0d0c  ============================================================
08:06:56.0710 0x0100  ============================================================
08:06:56.0710 0x0100  Scan started
08:06:56.0710 0x0100  Mode: Manual; SigCheck; TDLFS; 
08:06:56.0710 0x0100  ============================================================
08:06:56.0710 0x0100  KSN ping started
08:06:59.0652 0x0100  KSN ping finished: true
08:07:20.0767 0x0100  ================ Scan system memory ========================
08:07:20.0767 0x0100  Scan was interrupted by user!
08:07:20.0941 0x0100  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x41000 ( enabled : updated )
08:07:20.0988 0x0100  Win FW state via NFP2: enabled
08:07:25.0566 0x0100  ============================================================
08:07:25.0566 0x0100  Scan finished
08:07:25.0566 0x0100  ============================================================
08:07:25.0590 0x1274  Detected object count: 0
08:07:25.0590 0x1274  Actual detected object count: 0
08:07:35.0071 0x0ce8  ============================================================
08:07:35.0071 0x0ce8  Scan started
08:07:35.0071 0x0ce8  Mode: Manual; SigCheck; TDLFS; 
08:07:35.0071 0x0ce8  ============================================================
08:07:35.0071 0x0ce8  KSN ping started
08:07:38.0273 0x0ce8  KSN ping finished: true
08:07:42.0046 0x0ce8  ================ Scan system memory ========================
08:07:42.0046 0x0ce8  System memory - ok
08:07:42.0047 0x0ce8  ================ Scan services =============================
08:07:42.0564 0x0ce8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
08:07:42.0730 0x0ce8  1394ohci - ok
08:07:42.0801 0x0ce8  [ 3E2427D4966C7606097341E55AB4E105, 59A06E65A746D511BF76736A11DF4DA0692D8212ECEB2419238D6615A83388A4 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
08:07:42.0829 0x0ce8  Accelerometer - ok
08:07:43.0056 0x0ce8  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:07:43.0094 0x0ce8  ACDaemon - ok
08:07:43.0178 0x0ce8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
08:07:43.0244 0x0ce8  ACPI - ok
08:07:43.0337 0x0ce8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
08:07:43.0498 0x0ce8  AcpiPmi - ok
08:07:43.0729 0x0ce8  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:07:43.0769 0x0ce8  AdobeFlashPlayerUpdateSvc - ok
08:07:43.0899 0x0ce8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
08:07:43.0972 0x0ce8  adp94xx - ok
08:07:44.0034 0x0ce8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
08:07:44.0095 0x0ce8  adpahci - ok
08:07:44.0216 0x0ce8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
08:07:44.0259 0x0ce8  adpu320 - ok
08:07:44.0359 0x0ce8  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
08:07:44.0703 0x0ce8  AeLookupSvc - ok
08:07:44.0913 0x0ce8  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
08:07:45.0032 0x0ce8  AESTFilters - ok
08:07:45.0163 0x0ce8  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
08:07:45.0380 0x0ce8  AFD - ok
08:07:45.0783 0x0ce8  [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
08:07:45.0986 0x0ce8  AgereModemAudio - ok
08:07:46.0100 0x0ce8  [ C98356D813B581E9C425B42A5D146CE0, F78919616CB275008FFF2DB57C03F86132C52A257C4ED00FF289C57035A89CE7 ] AgereSoftModem  C:\Windows\system32\DRIVERS\agrsm64.sys
08:07:46.0267 0x0ce8  AgereSoftModem - ok
08:07:46.0366 0x0ce8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
08:07:46.0409 0x0ce8  agp440 - ok
08:07:46.0451 0x0ce8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
08:07:46.0550 0x0ce8  ALG - ok
08:07:46.0615 0x0ce8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
08:07:46.0656 0x0ce8  aliide - ok
08:07:46.0667 0x0ce8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
08:07:46.0705 0x0ce8  amdide - ok
08:07:46.0826 0x0ce8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
08:07:46.0908 0x0ce8  AmdK8 - ok
08:07:46.0943 0x0ce8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
08:07:47.0025 0x0ce8  AmdPPM - ok
08:07:47.0161 0x0ce8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
08:07:47.0191 0x0ce8  amdsata - ok
08:07:47.0238 0x0ce8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
08:07:47.0272 0x0ce8  amdsbs - ok
08:07:47.0332 0x0ce8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
08:07:47.0363 0x0ce8  amdxata - ok
08:07:47.0432 0x0ce8  [ 4DE0D5D747A73797C95A97DCCE5018B5, 17EC669675C2E43515EFE2D8BCC9DDFFBE64F99EBFB9A6DAB429F65A2B504560 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
08:07:47.0517 0x0ce8  androidusb - ok
08:07:47.0612 0x0ce8  [ 05F1A0A81A98CF27E3F028213FB6C36A, 17B94C95976C2635954C5D222B926CD3E31843E0F3599F636E9F9182ECCA9622 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
08:07:47.0698 0x0ce8  ApfiltrService - ok
08:07:47.0829 0x0ce8  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
08:07:48.0020 0x0ce8  AppID - ok
08:07:48.0061 0x0ce8  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
08:07:48.0133 0x0ce8  AppIDSvc - ok
08:07:48.0339 0x0ce8  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
08:07:48.0660 0x0ce8  Appinfo - ok
08:07:48.0766 0x0ce8  [ 6B73E94F9FE82D45781B8C8A09483082, C35EEAE7457168387A7C77A315524A3703ABDE49D9F23F59057315D9249D3473 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:07:48.0780 0x0ce8  Apple Mobile Device - ok
08:07:49.0147 0x0ce8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
08:07:49.0196 0x0ce8  arc - ok
08:07:49.0313 0x0ce8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
08:07:49.0385 0x0ce8  arcsas - ok
08:07:49.0828 0x0ce8  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:07:49.0849 0x0ce8  aspnet_state - ok
08:07:50.0037 0x0ce8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
08:07:50.0105 0x0ce8  AsyncMac - ok
08:07:50.0161 0x0ce8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
08:07:50.0187 0x0ce8  atapi - ok
08:07:50.0353 0x0ce8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:07:50.0529 0x0ce8  AudioEndpointBuilder - ok
08:07:50.0568 0x0ce8  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
08:07:50.0700 0x0ce8  AudioSrv - ok
08:07:50.0886 0x0ce8  [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
08:07:50.0922 0x0ce8  Avgdiska - ok
08:07:51.0324 0x0ce8  [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
08:07:51.0526 0x0ce8  AVGIDSAgent - ok
08:07:51.0626 0x0ce8  [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
08:07:51.0700 0x0ce8  AVGIDSDriver - ok
08:07:51.0799 0x0ce8  [ B0E4A1F342A3F8B75C4A4ADB044761C9, 208D033EE04206FEDFC99102025A53D53EF2D3FB373882776DE43D663BE9A01B ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
08:07:51.0825 0x0ce8  AVGIDSHA - ok
08:07:51.0900 0x0ce8  [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
08:07:52.0104 0x0ce8  Avgldx64 - ok
08:07:52.0321 0x0ce8  [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
08:07:52.0361 0x0ce8  Avgloga - ok
08:07:52.0438 0x0ce8  [ 22B257B0A8A83924CB96D1BA2A076C2F, BA1E33DC2D76F9347160E159BFB857E673222745409686E32E707EB2847A2520 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
08:07:52.0480 0x0ce8  Avgmfx64 - ok
08:07:52.0558 0x0ce8  [ C4F9056928B26BCAF15872E46B29184F, 0A1574937D120B8872947C4C68F1706BB9713B0D00AD62BE8082499C944114BA ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
08:07:52.0593 0x0ce8  Avgrkx64 - ok
08:07:52.0656 0x0ce8  [ 0971913995F5FAFD711B0B2426A175E9, 1009E628997B56697BA976E376A9E9D39082E7057D6EFF37D57FDCA2057B9498 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
08:07:52.0722 0x0ce8  Avgtdia - ok
08:07:52.0929 0x0ce8  [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
08:07:53.0036 0x0ce8  avgwd - ok
08:07:53.0198 0x0ce8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
08:07:53.0327 0x0ce8  AxInstSV - ok
08:07:53.0419 0x0ce8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
08:07:53.0612 0x0ce8  b06bdrv - ok
08:07:53.0684 0x0ce8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
08:07:53.0749 0x0ce8  b57nd60a - ok
08:07:53.0848 0x0ce8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
08:07:53.0907 0x0ce8  BDESVC - ok
08:07:53.0978 0x0ce8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
08:07:54.0054 0x0ce8  Beep - ok
08:07:54.0254 0x0ce8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
08:07:54.0396 0x0ce8  BFE - ok
08:07:54.0488 0x0ce8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
08:07:54.0582 0x0ce8  BITS - ok
08:07:54.0646 0x0ce8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
08:07:54.0686 0x0ce8  blbdrive - ok
08:07:55.0005 0x0ce8  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
08:07:55.0035 0x0ce8  Bonjour Service - ok
08:07:55.0146 0x0ce8  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
08:07:55.0200 0x0ce8  bowser - ok
08:07:55.0264 0x0ce8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:07:55.0310 0x0ce8  BrFiltLo - ok
08:07:55.0404 0x0ce8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:07:55.0544 0x0ce8  BrFiltUp - ok
08:07:55.0732 0x0ce8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
08:07:56.0032 0x0ce8  BridgeMP - ok
08:07:56.0161 0x0ce8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
08:07:56.0373 0x0ce8  Browser - ok
08:07:56.0456 0x0ce8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
08:07:56.0555 0x0ce8  Brserid - ok
08:07:56.0574 0x0ce8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
08:07:56.0664 0x0ce8  BrSerWdm - ok
08:07:56.0779 0x0ce8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
08:07:56.0847 0x0ce8  BrUsbMdm - ok
08:07:56.0854 0x0ce8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
08:07:56.0911 0x0ce8  BrUsbSer - ok
08:07:56.0971 0x0ce8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
08:07:57.0048 0x0ce8  BTHMODEM - ok
08:07:57.0104 0x0ce8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
08:07:57.0197 0x0ce8  bthserv - ok
08:07:57.0300 0x0ce8  catchme - ok
08:07:57.0368 0x0ce8  [ 56685951208AC81CF923B9B08BEDF3B7, F5FF438B9A54AD8D54E82DE60E1771C9685A95D5E590D69EB1E4E78D3B9B7769 ] ccSet_NST       C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys
08:07:57.0498 0x0ce8  ccSet_NST - ok
08:07:57.0571 0x0ce8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
08:07:57.0703 0x0ce8  cdfs - ok
08:07:57.0779 0x0ce8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
08:07:57.0816 0x0ce8  cdrom - ok
08:07:57.0904 0x0ce8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
08:07:58.0015 0x0ce8  CertPropSvc - ok
08:07:58.0197 0x0ce8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
08:07:58.0279 0x0ce8  circlass - ok
08:07:58.0331 0x0ce8  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
08:07:58.0396 0x0ce8  CLFS - ok
08:07:58.0496 0x0ce8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:07:58.0528 0x0ce8  clr_optimization_v2.0.50727_32 - ok
08:07:58.0637 0x0ce8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:07:58.0687 0x0ce8  clr_optimization_v2.0.50727_64 - ok
08:07:59.0094 0x0ce8  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:07:59.0131 0x0ce8  clr_optimization_v4.0.30319_32 - ok
08:07:59.0218 0x0ce8  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:07:59.0257 0x0ce8  clr_optimization_v4.0.30319_64 - ok
08:07:59.0376 0x0ce8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
08:07:59.0500 0x0ce8  CmBatt - ok
08:07:59.0538 0x0ce8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
08:07:59.0605 0x0ce8  cmdide - ok
08:07:59.0667 0x0ce8  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
08:07:59.0852 0x0ce8  CNG - ok
08:08:00.0102 0x0ce8  [ C7A0E61D5714AC20DE52D4F66EC773B8, 53F0C91FD62E6787221EFB4BFDB087C2087CACD6B0C0605F58FC391F546EBA7A ] Com4QLBEx       C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
08:08:00.0124 0x0ce8  Com4QLBEx - ok
08:08:00.0207 0x0ce8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
08:08:00.0227 0x0ce8  Compbatt - ok
08:08:00.0351 0x0ce8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
08:08:00.0425 0x0ce8  CompositeBus - ok
08:08:00.0434 0x0ce8  COMSysApp - ok
08:08:00.0598 0x0ce8  cpuz132 - ok
08:08:00.0668 0x0ce8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
08:08:00.0696 0x0ce8  crcdisk - ok
08:08:00.0806 0x0ce8  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
08:08:00.0955 0x0ce8  CryptSvc - ok
08:08:01.0080 0x0ce8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
08:08:01.0265 0x0ce8  DcomLaunch - ok
08:08:01.0315 0x0ce8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
08:08:01.0588 0x0ce8  defragsvc - ok
08:08:01.0737 0x0ce8  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
08:08:01.0898 0x0ce8  DfsC - ok
08:08:01.0954 0x0ce8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
08:08:02.0079 0x0ce8  Dhcp - ok
08:08:02.0199 0x0ce8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
08:08:02.0389 0x0ce8  discache - ok
08:08:02.0416 0x0ce8  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
08:08:02.0446 0x0ce8  Disk - ok
08:08:02.0729 0x0ce8  [ 7C85CC5570BF718D2B9AD9F53B1B5B55, A8177F14CC2E40ECAC07C2C9971F8B6E181B890BC845296AABDDC2EA268FFD0A ] DiskDoctorService C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
08:08:02.0818 0x0ce8  DiskDoctorService - ok
08:08:02.0885 0x0ce8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
08:08:02.0958 0x0ce8  Dnscache - ok
08:08:03.0036 0x0ce8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
08:08:03.0229 0x0ce8  dot3svc - ok
08:08:03.0317 0x0ce8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
08:08:03.0452 0x0ce8  DPS - ok
08:08:03.0564 0x0ce8  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
08:08:03.0765 0x0ce8  drmkaud - ok
08:08:03.0874 0x0ce8  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
08:08:03.0963 0x0ce8  DXGKrnl - ok
08:08:04.0057 0x0ce8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
08:08:04.0229 0x0ce8  EapHost - ok
08:08:04.0534 0x0ce8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
08:08:04.0859 0x0ce8  ebdrv - ok
08:08:04.0925 0x0ce8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
08:08:04.0975 0x0ce8  EFS - ok
08:08:05.0089 0x0ce8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
08:08:05.0211 0x0ce8  ehRecvr - ok
08:08:05.0236 0x0ce8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
08:08:05.0336 0x0ce8  ehSched - ok
08:08:05.0569 0x0ce8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
08:08:05.0682 0x0ce8  elxstor - ok
08:08:05.0747 0x0ce8  [ A9EC08727C64D985678F5B64C03823F0, 00F4856BF61068716EE9FDD9020B90AE4489F4DA6C5822F5AA0326CD7610F6A6 ] enecir          C:\Windows\system32\DRIVERS\enecir.sys
08:08:05.0821 0x0ce8  enecir - ok
08:08:05.0930 0x0ce8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
08:08:06.0058 0x0ce8  ErrDev - ok
08:08:06.0342 0x0ce8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
08:08:06.0565 0x0ce8  EventSystem - ok
08:08:06.0657 0x0ce8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
08:08:06.0763 0x0ce8  exfat - ok
08:08:06.0849 0x0ce8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
08:08:06.0919 0x0ce8  fastfat - ok
08:08:07.0174 0x0ce8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
08:08:07.0299 0x0ce8  Fax - ok
08:08:07.0320 0x0ce8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
08:08:07.0358 0x0ce8  fdc - ok
08:08:07.0464 0x0ce8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
08:08:07.0546 0x0ce8  fdPHost - ok
08:08:07.0576 0x0ce8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
08:08:07.0743 0x0ce8  FDResPub - ok
08:08:07.0849 0x0ce8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
08:08:07.0882 0x0ce8  FileInfo - ok
08:08:07.0911 0x0ce8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
08:08:08.0063 0x0ce8  Filetrace - ok
08:08:08.0097 0x0ce8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
08:08:08.0183 0x0ce8  flpydisk - ok
08:08:08.0363 0x0ce8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
08:08:08.0412 0x0ce8  FltMgr - ok
08:08:08.0524 0x0ce8  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
08:08:08.0772 0x0ce8  FontCache - ok
08:08:08.0952 0x0ce8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:08:08.0987 0x0ce8  FontCache3.0.0.0 - ok
08:08:09.0179 0x0ce8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
08:08:09.0210 0x0ce8  FsDepends - ok
08:08:09.0328 0x0ce8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
08:08:09.0368 0x0ce8  Fs_Rec - ok
08:08:09.0440 0x0ce8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
08:08:09.0493 0x0ce8  fvevol - ok
08:08:09.0717 0x0ce8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
08:08:09.0753 0x0ce8  gagp30kx - ok
08:08:09.0841 0x0ce8  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
08:08:10.0034 0x0ce8  gpsvc - ok
08:08:10.0136 0x0ce8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:08:10.0168 0x0ce8  gupdate - ok
08:08:10.0219 0x0ce8  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:08:10.0245 0x0ce8  gupdatem - ok
08:08:10.0372 0x0ce8  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:08:10.0396 0x0ce8  gusvc - ok
08:08:10.0442 0x0ce8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
08:08:10.0518 0x0ce8  hcw85cir - ok
08:08:10.0613 0x0ce8  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:08:10.0666 0x0ce8  HdAudAddService - ok
08:08:10.0706 0x0ce8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
08:08:10.0816 0x0ce8  HDAudBus - ok
08:08:10.0876 0x0ce8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
08:08:10.0926 0x0ce8  HidBatt - ok
08:08:10.0954 0x0ce8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
08:08:11.0064 0x0ce8  HidBth - ok
08:08:11.0146 0x0ce8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
08:08:11.0186 0x0ce8  HidIr - ok
08:08:11.0323 0x0ce8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
08:08:11.0575 0x0ce8  hidserv - ok
08:08:11.0648 0x0ce8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
08:08:11.0749 0x0ce8  HidUsb - ok
08:08:11.0787 0x0ce8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
08:08:11.0954 0x0ce8  hkmsvc - ok
08:08:12.0234 0x0ce8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:08:12.0339 0x0ce8  HomeGroupListener - ok
08:08:12.0541 0x0ce8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:08:12.0637 0x0ce8  HomeGroupProvider - ok
08:08:12.0821 0x0ce8  [ 2A8B93A01621E100A578E83C768AFA2C, 6637D260AF180D1F200D219796FCE6D524FC6BF57C0CEEF9E1B3616E85865AD1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
08:08:12.0904 0x0ce8  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
08:08:15.0850 0x0ce8  Detect skipped due to KSN trusted
08:08:15.0850 0x0ce8  HP Support Assistant Service - ok
08:08:15.0957 0x0ce8  [ CCBE758967CC0F53F5BA3B271653C4E6, B050B39A209CC30A801E0F903AE441B0F0C50DFAE747E71E4016F8D7552B2AE8 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
08:08:16.0002 0x0ce8  hpdskflt - ok
08:08:16.0159 0x0ce8  [ 9AF482D058BE59CC28BCE52E7C4B747C, 2D150CD0C82B575CDE2E1B3941FD72EFCB254850D6FF1D7C40D3B29643018EFF ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
08:08:16.0231 0x0ce8  HpqKbFiltr - ok
08:08:16.0409 0x0ce8  [ D2946D9F020AE76E9CEF9B4A6DF838C0, C29CE594879385DA12B8EAA90B258905827B613839CCD820DE49215B68676995 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
08:08:16.0580 0x0ce8  hpqwmiex - ok
08:08:16.0675 0x0ce8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
08:08:16.0706 0x0ce8  HpSAMD - ok
08:08:16.0757 0x0ce8  [ E2223A37896A76861D7F79FD81A2A193, 9AFB0188CA5ED8A4F01FC7C8C4835097312AC15B754684880C6A1E48634ED687 ] hpsrv           C:\Windows\system32\Hpservice.exe
08:08:16.0780 0x0ce8  hpsrv - ok
08:08:16.0933 0x0ce8  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
08:08:17.0109 0x0ce8  HTTP - ok
08:08:17.0223 0x0ce8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
08:08:17.0249 0x0ce8  hwpolicy - ok
08:08:17.0524 0x0ce8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
08:08:17.0590 0x0ce8  i8042prt - ok
08:08:17.0901 0x0ce8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
08:08:17.0955 0x0ce8  iaStorV - ok
08:08:18.0059 0x0ce8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:08:18.0149 0x0ce8  idsvc - ok
08:08:18.0232 0x0ce8  IEEtwCollectorService - ok
08:08:18.0834 0x0ce8  [ C6238C6ABD6AC99F5D152DA4E9439A3D, 6FC490B94CEF523C7C099AEA3D36AB75C9896B1D83D4467D237E698A8E0D9E7B ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
08:08:19.0619 0x0ce8  igfx - ok
08:08:19.0670 0x0ce8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
08:08:19.0691 0x0ce8  iirsp - ok
08:08:19.0747 0x0ce8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
08:08:19.0844 0x0ce8  IKEEXT - ok
08:08:20.0048 0x0ce8  [ 88A20FA54C73DED4E8DAC764E9130AE9, BBD9C8D12063F0A464FE0C48C6913A772EF5A5DCB8A00EBD37E494DCB752A5FF ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
08:08:20.0111 0x0ce8  IntcHdmiAddService - ok
08:08:20.0148 0x0ce8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
08:08:20.0175 0x0ce8  intelide - ok
08:08:20.0257 0x0ce8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
08:08:20.0313 0x0ce8  intelppm - ok
08:08:20.0366 0x0ce8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
08:08:20.0467 0x0ce8  IPBusEnum - ok
08:08:20.0587 0x0ce8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:08:20.0716 0x0ce8  IpFilterDriver - ok
08:08:20.0793 0x0ce8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
08:08:20.0931 0x0ce8  iphlpsvc - ok
08:08:20.0987 0x0ce8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
08:08:21.0031 0x0ce8  IPMIDRV - ok
08:08:21.0134 0x0ce8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
08:08:21.0236 0x0ce8  IPNAT - ok
08:08:21.0507 0x0ce8  [ 50D6CCC6FF5561F9F56946B3E6164FB8, 27529E751D3CB13B651B54474F04A17DF5737AD0170CD41F601E779F90603D11 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
08:08:21.0593 0x0ce8  iPod Service - ok
08:08:21.0615 0x0ce8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
08:08:21.0691 0x0ce8  IRENUM - ok
08:08:21.0757 0x0ce8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
08:08:21.0785 0x0ce8  isapnp - ok
08:08:22.0017 0x0ce8  [ CDA1AC2FFC8603859702A2C7DF5BBD36, 0F2A1F6AB2472A535DD2CAF162263DFBBDC0DC7D48EB2AB4676CC307E12F6D11 ] iscFlash        c:\SwSetup\sp47543\iscflashx64.sys
08:08:22.0036 0x0ce8  iscFlash - detected UnsignedFile.Multi.Generic ( 1 )
08:08:25.0260 0x0ce8  Detect skipped due to KSN trusted
08:08:25.0260 0x0ce8  iscFlash - ok
08:08:25.0324 0x0ce8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
08:08:25.0393 0x0ce8  iScsiPrt - ok
08:08:25.0459 0x0ce8  [ F8844B00C10E386C704C610E95A9847D, 3E3CFDDD0DD9E98542BAE07ED9CF922D98370C94BE364BA84F677EAA01ED775A ] JMCR            C:\Windows\system32\DRIVERS\jmcr.sys
08:08:25.0570 0x0ce8  JMCR - ok
08:08:25.0677 0x0ce8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
08:08:25.0707 0x0ce8  kbdclass - ok
08:08:25.0809 0x0ce8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
08:08:25.0901 0x0ce8  kbdhid - ok
08:08:25.0926 0x0ce8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
08:08:25.0958 0x0ce8  KeyIso - ok
08:08:26.0476 0x0ce8  [ 162A5E3A691B903111526147C8D29E6D, 4AB44480053B2E224D5A391982CC2DFB7457847B867C1D4EADCE843F27355BBC ] Kodak AiO Network Discovery Service C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
08:08:26.0516 0x0ce8  Kodak AiO Network Discovery Service - ok
08:08:26.0839 0x0ce8  [ B5E53FCA219A6491E9A1BA146A5D2452, 3B8ED1B3271D69CA284504217476874845DEDEFC56639F9896963B73360D8F3B ] Kodak AiO Status Monitor Service C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
08:08:26.0912 0x0ce8  Kodak AiO Status Monitor Service - detected UnsignedFile.Multi.Generic ( 1 )
08:08:30.0258 0x0ce8  Detect skipped due to KSN trusted
08:08:30.0259 0x0ce8  Kodak AiO Status Monitor Service - ok
08:08:30.0303 0x0ce8  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
08:08:30.0339 0x0ce8  KSecDD - ok
08:08:30.0403 0x0ce8  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
08:08:30.0439 0x0ce8  KSecPkg - ok
08:08:30.0629 0x0ce8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
08:08:30.0707 0x0ce8  ksthunk - ok
08:08:30.0767 0x0ce8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
08:08:31.0002 0x0ce8  KtmRm - ok
08:08:31.0165 0x0ce8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
08:08:31.0291 0x0ce8  LanmanServer - ok
08:08:31.0346 0x0ce8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:08:31.0435 0x0ce8  LanmanWorkstation - ok
08:08:31.0567 0x0ce8  [ 7550D101BF49FDB1F92666A233EE36C4, 281EE6C9AAE0A3FDA8D0FE7CD6BA55C481B8719799A526601FEA0542345CAF18 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
08:08:31.0603 0x0ce8  LightScribeService - detected UnsignedFile.Multi.Generic ( 1 )
08:08:34.0491 0x0ce8  Detect skipped due to KSN trusted
08:08:34.0491 0x0ce8  LightScribeService - ok
08:08:34.0513 0x0ce8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
08:08:34.0616 0x0ce8  lltdio - ok
08:08:34.0952 0x0ce8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
08:08:35.0117 0x0ce8  lltdsvc - ok
08:08:35.0144 0x0ce8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
08:08:35.0221 0x0ce8  lmhosts - ok
08:08:35.0311 0x0ce8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
08:08:35.0343 0x0ce8  LSI_FC - ok
08:08:35.0382 0x0ce8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
08:08:35.0416 0x0ce8  LSI_SAS - ok
08:08:35.0434 0x0ce8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:08:35.0468 0x0ce8  LSI_SAS2 - ok
08:08:35.0520 0x0ce8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:08:35.0551 0x0ce8  LSI_SCSI - ok
08:08:35.0609 0x0ce8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
08:08:35.0706 0x0ce8  luafv - ok
08:08:35.0745 0x0ce8  lxbm_device - ok
08:08:35.0769 0x0ce8  lxdx_device - ok
08:08:35.0879 0x0ce8  mbamchameleon - ok
08:08:35.0933 0x0ce8  MBAMSwissArmy - ok
08:08:36.0025 0x0ce8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
08:08:36.0102 0x0ce8  Mcx2Svc - ok
08:08:36.0170 0x0ce8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
08:08:36.0200 0x0ce8  megasas - ok
08:08:36.0310 0x0ce8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
08:08:36.0349 0x0ce8  MegaSR - ok
08:08:36.0432 0x0ce8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
08:08:36.0514 0x0ce8  MMCSS - ok
08:08:36.0533 0x0ce8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
08:08:36.0628 0x0ce8  Modem - ok
08:08:36.0682 0x0ce8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
08:08:36.0833 0x0ce8  monitor - ok
08:08:37.0002 0x0ce8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
08:08:37.0030 0x0ce8  mouclass - ok
08:08:37.0124 0x0ce8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
08:08:37.0211 0x0ce8  mouhid - ok
08:08:37.0288 0x0ce8  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
08:08:37.0320 0x0ce8  mountmgr - ok
08:08:37.0343 0x0ce8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
08:08:37.0389 0x0ce8  mpio - ok
08:08:37.0487 0x0ce8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
08:08:37.0606 0x0ce8  mpsdrv - ok
08:08:37.0673 0x0ce8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
08:08:37.0807 0x0ce8  MpsSvc - ok
08:08:37.0843 0x0ce8  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
08:08:37.0918 0x0ce8  MRxDAV - ok
08:08:37.0979 0x0ce8  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
08:08:38.0082 0x0ce8  mrxsmb - ok
08:08:38.0129 0x0ce8  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:08:38.0286 0x0ce8  mrxsmb10 - ok
08:08:38.0309 0x0ce8  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:08:38.0338 0x0ce8  mrxsmb20 - ok
08:08:38.0423 0x0ce8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
08:08:38.0444 0x0ce8  msahci - ok
08:08:38.0493 0x0ce8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
08:08:38.0527 0x0ce8  msdsm - ok
08:08:38.0563 0x0ce8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
08:08:38.0726 0x0ce8  MSDTC - ok
08:08:38.0796 0x0ce8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
08:08:38.0870 0x0ce8  Msfs - ok
08:08:39.0037 0x0ce8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
08:08:39.0201 0x0ce8  mshidkmdf - ok
08:08:39.0279 0x0ce8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
08:08:39.0308 0x0ce8  msisadrv - ok
08:08:39.0402 0x0ce8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
08:08:39.0498 0x0ce8  MSiSCSI - ok
08:08:39.0505 0x0ce8  msiserver - ok
08:08:39.0562 0x0ce8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
08:08:39.0659 0x0ce8  MSKSSRV - ok
08:08:39.0796 0x0ce8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
08:08:39.0936 0x0ce8  MSPCLOCK - ok
08:08:39.0999 0x0ce8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
08:08:40.0089 0x0ce8  MSPQM - ok
08:08:40.0186 0x0ce8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
08:08:40.0241 0x0ce8  MsRPC - ok
08:08:40.0285 0x0ce8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
08:08:40.0308 0x0ce8  mssmbios - ok
08:08:40.0341 0x0ce8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
08:08:40.0429 0x0ce8  MSTEE - ok
08:08:40.0491 0x0ce8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
08:08:40.0554 0x0ce8  MTConfig - ok
08:08:40.0610 0x0ce8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
08:08:40.0641 0x0ce8  Mup - ok
08:08:40.0725 0x0ce8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
08:08:40.0854 0x0ce8  napagent - ok
08:08:40.0911 0x0ce8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
08:08:41.0024 0x0ce8  NativeWifiP - ok
08:08:41.0156 0x0ce8  [ 1BF9D6476061B31CD7FC2BF848529A56, 95B585543240E823D7850ADEEEA7A4738EF9E18A4B07D921F145F6EF466F0271 ] NCO             C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe
08:08:41.0209 0x0ce8  NCO - ok
08:08:41.0364 0x0ce8  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
08:08:41.0447 0x0ce8  NDIS - ok
08:08:41.0583 0x0ce8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
08:08:41.0679 0x0ce8  NdisCap - ok
08:08:41.0719 0x0ce8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
08:08:41.0840 0x0ce8  NdisTapi - ok
08:08:41.0926 0x0ce8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
08:08:42.0054 0x0ce8  Ndisuio - ok
08:08:42.0085 0x0ce8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
08:08:42.0215 0x0ce8  NdisWan - ok
08:08:42.0263 0x0ce8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
08:08:42.0351 0x0ce8  NDProxy - ok
08:08:42.0393 0x0ce8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
08:08:42.0488 0x0ce8  NetBIOS - ok
08:08:42.0531 0x0ce8  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
08:08:42.0643 0x0ce8  NetBT - ok
08:08:42.0675 0x0ce8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
08:08:42.0707 0x0ce8  Netlogon - ok
08:08:42.0777 0x0ce8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
08:08:42.0856 0x0ce8  Netman - ok
08:08:42.0950 0x0ce8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:42.0985 0x0ce8  NetMsmqActivator - ok
08:08:43.0026 0x0ce8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:43.0046 0x0ce8  NetPipeActivator - ok
08:08:43.0095 0x0ce8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
08:08:43.0271 0x0ce8  netprofm - ok
08:08:43.0326 0x0ce8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:43.0380 0x0ce8  NetTcpActivator - ok
08:08:43.0456 0x0ce8  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:08:43.0491 0x0ce8  NetTcpPortSharing - ok
08:08:43.0905 0x0ce8  [ E72F4522801FFB8F0456924FB0017BFF, 7260C6D0725D3B3E0083AF06D901073AE8753E6CD97400B2A1D7F6D62A727CC5 ] NETw1v64        C:\Windows\system32\DRIVERS\NETw1v64.sys
08:08:44.0497 0x0ce8  NETw1v64 - ok
08:08:45.0054 0x0ce8  [ 24F64343F14A119308456E1CA7507B26, E9219B173426E872977C3D615552B066C697A31D003AE3F0012BF1C6FFCEFF51 ] NETw5s64        C:\Windows\system32\DRIVERS\NETw5s64.sys
08:08:45.0631 0x0ce8  NETw5s64 - ok
08:08:46.0002 0x0ce8  [ 64428DFDAF6E88366CB51F45A79C5F69, 31187D38C1AB52120A3CB7AC3CE47ED9682AC37B0F06B9A9610C0065DD4E7B13 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
08:08:46.0770 0x0ce8  netw5v64 - ok
08:08:46.0853 0x0ce8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
08:08:47.0445 0x0ce8  nfrd960 - ok
08:08:47.0556 0x0ce8  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
08:08:47.0628 0x0ce8  NlaSvc - ok
08:08:47.0745 0x0ce8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
08:08:49.0272 0x0ce8  Npfs - ok
08:08:49.0607 0x0ce8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
08:08:49.0740 0x0ce8  nsi - ok
08:08:49.0791 0x0ce8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
08:08:49.0885 0x0ce8  nsiproxy - ok
08:08:50.0052 0x0ce8  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
08:08:50.0184 0x0ce8  Ntfs - ok
08:08:50.0228 0x0ce8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
08:08:50.0350 0x0ce8  Null - ok
08:08:50.0393 0x0ce8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
08:08:50.0426 0x0ce8  nvraid - ok
08:08:50.0456 0x0ce8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
08:08:50.0490 0x0ce8  nvstor - ok
08:08:50.0541 0x0ce8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
08:08:50.0572 0x0ce8  nv_agp - ok
08:08:50.0595 0x0ce8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
08:08:50.0635 0x0ce8  ohci1394 - ok
08:08:50.0980 0x0ce8  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:08:51.0007 0x0ce8  ose - ok
08:08:51.0291 0x0ce8  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:08:51.0542 0x0ce8  osppsvc - ok
08:08:51.0675 0x0ce8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
08:08:51.0765 0x0ce8  p2pimsvc - ok
08:08:51.0947 0x0ce8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
08:08:52.0037 0x0ce8  p2psvc - ok
08:08:52.0059 0x0ce8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
08:08:52.0096 0x0ce8  Parport - ok
08:08:52.0122 0x0ce8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
08:08:52.0153 0x0ce8  partmgr - ok
08:08:52.0193 0x0ce8  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
08:08:52.0295 0x0ce8  PcaSvc - ok
08:08:52.0364 0x0ce8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
08:08:52.0406 0x0ce8  pci - ok
08:08:52.0440 0x0ce8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
08:08:52.0462 0x0ce8  pciide - ok
08:08:52.0489 0x0ce8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
08:08:52.0517 0x0ce8  pcmcia - ok
08:08:52.0552 0x0ce8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
08:08:52.0572 0x0ce8  pcw - ok
08:08:52.0621 0x0ce8  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
08:08:52.0761 0x0ce8  PEAUTH - ok
08:08:52.0851 0x0ce8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
08:08:52.0888 0x0ce8  PerfHost - ok
08:08:52.0996 0x0ce8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
08:08:53.0193 0x0ce8  pla - ok
08:08:53.0333 0x0ce8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
08:08:53.0542 0x0ce8  PlugPlay - ok
08:08:53.0568 0x0ce8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
08:08:53.0628 0x0ce8  PNRPAutoReg - ok
08:08:53.0688 0x0ce8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
08:08:53.0740 0x0ce8  PNRPsvc - ok
08:08:53.0781 0x0ce8  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
08:08:53.0910 0x0ce8  PolicyAgent - ok
08:08:54.0039 0x0ce8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
08:08:54.0193 0x0ce8  Power - ok
08:08:54.0306 0x0ce8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
08:08:54.0400 0x0ce8  PptpMiniport - ok
08:08:54.0438 0x0ce8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
08:08:54.0488 0x0ce8  Processor - ok
08:08:54.0641 0x0ce8  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
08:08:54.0745 0x0ce8  ProfSvc - ok
08:08:54.0774 0x0ce8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:08:54.0810 0x0ce8  ProtectedStorage - ok
08:08:54.0920 0x0ce8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
08:08:55.0013 0x0ce8  Psched - ok
08:08:55.0202 0x0ce8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
08:08:55.0325 0x0ce8  ql2300 - ok
08:08:55.0390 0x0ce8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
08:08:55.0422 0x0ce8  ql40xx - ok
08:08:55.0511 0x0ce8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
08:08:55.0599 0x0ce8  QWAVE - ok
08:08:55.0650 0x0ce8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
08:08:55.0772 0x0ce8  QWAVEdrv - ok
08:08:55.0794 0x0ce8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
08:08:55.0911 0x0ce8  RasAcd - ok
08:08:55.0971 0x0ce8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
08:08:56.0112 0x0ce8  RasAgileVpn - ok
08:08:56.0161 0x0ce8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
08:08:56.0276 0x0ce8  RasAuto - ok
08:08:56.0378 0x0ce8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
08:08:56.0556 0x0ce8  Rasl2tp - ok
08:08:56.0606 0x0ce8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
08:08:56.0757 0x0ce8  RasMan - ok
08:08:56.0805 0x0ce8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
08:08:56.0931 0x0ce8  RasPppoe - ok
08:08:56.0952 0x0ce8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
08:08:57.0069 0x0ce8  RasSstp - ok
08:08:57.0130 0x0ce8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
08:08:57.0226 0x0ce8  rdbss - ok
08:08:57.0246 0x0ce8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
08:08:57.0281 0x0ce8  rdpbus - ok
08:08:57.0418 0x0ce8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
08:08:57.0554 0x0ce8  RDPCDD - ok
08:08:57.0587 0x0ce8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
08:08:57.0730 0x0ce8  RDPENCDD - ok
08:08:57.0748 0x0ce8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
08:08:57.0822 0x0ce8  RDPREFMP - ok
08:08:57.0918 0x0ce8  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
08:08:58.0079 0x0ce8  RDPWD - ok
08:08:58.0196 0x0ce8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
08:08:58.0257 0x0ce8  rdyboost - ok
08:08:58.0335 0x0ce8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
08:08:58.0435 0x0ce8  RemoteAccess - ok
08:08:58.0474 0x0ce8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
08:08:58.0650 0x0ce8  RemoteRegistry - ok
08:08:58.0783 0x0ce8  [ 498EB62A160674E793FA40FD65390625, F7EFD480E6C95F5B6202EEB87F519A8A8187F7F26281FB3E302EDD1AD5771025 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
08:08:58.0851 0x0ce8  RichVideo - ok
08:08:58.0892 0x0ce8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
08:08:59.0047 0x0ce8  RpcEptMapper - ok
08:08:59.0058 0x0ce8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
08:08:59.0147 0x0ce8  RpcLocator - ok
08:08:59.0258 0x0ce8  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
08:08:59.0409 0x0ce8  RpcSs - ok
08:08:59.0532 0x0ce8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
08:08:59.0625 0x0ce8  rspndr - ok
08:08:59.0726 0x0ce8  [ B49DC435AE3695BAC5623DD94B05732D, D63160B09385ED31C2A479ADC5AFCA483906F38598874972025D680BDB45ECA0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
08:08:59.0894 0x0ce8  RTL8167 - ok
08:08:59.0925 0x0ce8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
08:08:59.0974 0x0ce8  SamSs - ok
08:09:00.0017 0x0ce8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
08:09:00.0061 0x0ce8  sbp2port - ok
08:09:00.0275 0x0ce8  [ 794D4B48DFB6E999537C7C3947863463, 93DA8AA20D6B02A3360E7F56150F126E75266E9372E6409D42B89DA588EF49C3 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
08:09:00.0434 0x0ce8  SBSDWSCService - ok
08:09:00.0472 0x0ce8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
08:09:00.0591 0x0ce8  SCardSvr - ok
08:09:00.0628 0x0ce8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
08:09:00.0723 0x0ce8  scfilter - ok
08:09:00.0791 0x0ce8  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
08:09:00.0965 0x0ce8  Schedule - ok
08:09:01.0016 0x0ce8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
08:09:01.0100 0x0ce8  SCPolicySvc - ok
08:09:01.0216 0x0ce8  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
08:09:01.0260 0x0ce8  sdbus - ok
08:09:01.0280 0x0ce8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
08:09:01.0361 0x0ce8  SDRSVC - ok
08:09:01.0447 0x0ce8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
08:09:01.0556 0x0ce8  secdrv - ok
08:09:01.0592 0x0ce8  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
08:09:01.0682 0x0ce8  seclogon - ok
08:09:01.0728 0x0ce8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
08:09:01.0838 0x0ce8  SENS - ok
08:09:01.0974 0x0ce8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
08:09:02.0039 0x0ce8  SensrSvc - ok
08:09:02.0107 0x0ce8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
08:09:02.0184 0x0ce8  Serenum - ok
08:09:02.0213 0x0ce8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
08:09:02.0291 0x0ce8  Serial - ok
08:09:02.0309 0x0ce8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
08:09:02.0523 0x0ce8  sermouse - ok
08:09:02.0568 0x0ce8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
08:09:02.0654 0x0ce8  SessionEnv - ok
08:09:02.0751 0x0ce8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
08:09:02.0840 0x0ce8  sffdisk - ok
08:09:02.0847 0x0ce8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
08:09:02.0892 0x0ce8  sffp_mmc - ok
08:09:02.0899 0x0ce8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
08:09:02.0959 0x0ce8  sffp_sd - ok
08:09:03.0035 0x0ce8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
08:09:03.0099 0x0ce8  sfloppy - ok
08:09:03.0243 0x0ce8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
08:09:03.0374 0x0ce8  SharedAccess - ok
08:09:03.0507 0x0ce8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:09:03.0679 0x0ce8  ShellHWDetection - ok
08:09:03.0754 0x0ce8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:09:03.0794 0x0ce8  SiSRaid2 - ok
08:09:03.0890 0x0ce8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
08:09:03.0933 0x0ce8  SiSRaid4 - ok
08:09:04.0030 0x0ce8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
08:09:04.0118 0x0ce8  Smb - ok
08:09:04.0370 0x0ce8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
08:09:04.0456 0x0ce8  SNMPTRAP - ok
08:09:04.0649 0x0ce8  [ A8493E43F9D4B22BBED2D424D03ED273, 83F648FB8492650541B2B75D1D84386057E24F24CA28FA79D7F2FBFCF7A40BBE ] SpeedDiskService C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
08:09:04.0750 0x0ce8  SpeedDiskService - ok
08:09:04.0775 0x0ce8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
08:09:04.0830 0x0ce8  spldr - ok
08:09:04.0918 0x0ce8  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
08:09:05.0018 0x0ce8  Spooler - ok
08:09:05.0206 0x0ce8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
08:09:05.0412 0x0ce8  sppsvc - ok
08:09:05.0482 0x0ce8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
08:09:05.0615 0x0ce8  sppuinotify - ok
08:09:05.0675 0x0ce8  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
08:09:05.0842 0x0ce8  srv - ok
08:09:05.0972 0x0ce8  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
08:09:06.0061 0x0ce8  srv2 - ok
08:09:06.0103 0x0ce8  [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
08:09:06.0208 0x0ce8  SrvHsfHDA - ok
08:09:06.0284 0x0ce8  [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
08:09:06.0457 0x0ce8  SrvHsfV92 - ok
08:09:06.0566 0x0ce8  [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
08:09:06.0678 0x0ce8  SrvHsfWinac - ok
08:09:06.0723 0x0ce8  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
08:09:06.0812 0x0ce8  srvnet - ok
08:09:06.0929 0x0ce8  [ 8F8324ED1DE63FFC7B1A02CD2D963C72, E58603F81DEAFF1D45CB83FB6E625E6A13868741B833B1C9E60D672179D18EE0 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
08:09:07.0056 0x0ce8  ssadbus - ok
08:09:07.0114 0x0ce8  [ 58221EFCB74167B73667F0024C661CE0, D9B67A8897B4DC3E4729187F17ABEB4710CF57440D718E17ED828439198D34DB ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
08:09:07.0181 0x0ce8  ssadmdfl - ok
08:09:07.0243 0x0ce8  [ 4DA7C71BFAC5AD71255B7E4CAB980163, 4CC0F9C8E96ECEF36EEB021E448A9734B63512D030516DC38B1A2EEAA1043AEC ] ssadmdm         C:\Windows\system32\DRIVERS\ssadmdm.sys
08:09:07.0288 0x0ce8  ssadmdm - ok
08:09:07.0343 0x0ce8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
08:09:07.0454 0x0ce8  SSDPSRV - ok
08:09:07.0504 0x0ce8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
08:09:07.0604 0x0ce8  SstpSvc - ok
08:09:07.0783 0x0ce8  [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C, 8EBBFA456D93E63AF9D64CC95A58651E2C1B1398B6052C0E65D3005AD5AC8CB5 ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
08:09:07.0826 0x0ce8  STacSV - ok
08:09:07.0862 0x0ce8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
08:09:07.0877 0x0ce8  stexstor - ok
08:09:07.0969 0x0ce8  [ DFFBC024DFC7BB05B2129E05CBC7A201, CA07944B864D7F3DA673040CF6314FECCAF80B8EADAF648392AE79697DAC15B4 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
08:09:08.0053 0x0ce8  STHDA - ok
08:09:08.0136 0x0ce8  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
08:09:08.0231 0x0ce8  StillCam - ok
08:09:08.0305 0x0ce8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
08:09:08.0469 0x0ce8  stisvc - ok
08:09:08.0726 0x0ce8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
08:09:08.0755 0x0ce8  swenum - ok
08:09:08.0810 0x0ce8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
08:09:08.0984 0x0ce8  swprv - ok
08:09:09.0009 0x0ce8  [ E7B1BCB70355A84D6DFEE12702B588D0, 34517BE06617A6426CEEE8D8B75D281E2B7DEDCE71C79634D0F9301CBAA676EA ] SymDSMon        C:\Windows\system32\drivers\SymDSMon.sys
08:09:09.0037 0x0ce8  SymDSMon - ok
08:09:09.0058 0x0ce8  [ F0268941519D73658199ECB1BB712BE1, A2027920706F37494C0A75F331110FE2419FC2189BA1892B317950BF0624B753 ] SYMSpeedDisk    C:\Windows\system32\drivers\SymSpeedDisk.sys
08:09:09.0085 0x0ce8  SYMSpeedDisk - ok
08:09:09.0186 0x0ce8  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
08:09:09.0355 0x0ce8  SysMain - ok
08:09:09.0406 0x0ce8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:09:09.0466 0x0ce8  TabletInputService - ok
08:09:09.0549 0x0ce8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
08:09:09.0627 0x0ce8  TapiSrv - ok
08:09:09.0714 0x0ce8  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
08:09:09.0769 0x0ce8  TBS - ok
08:09:09.0941 0x0ce8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
08:09:10.0090 0x0ce8  Tcpip - ok
08:09:10.0211 0x0ce8  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
08:09:10.0331 0x0ce8  TCPIP6 - ok
08:09:10.0388 0x0ce8  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
08:09:10.0681 0x0ce8  tcpipreg - ok
08:09:10.0742 0x0ce8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
08:09:10.0852 0x0ce8  TDPIPE - ok
08:09:10.0904 0x0ce8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
08:09:10.0944 0x0ce8  TDTCP - ok
08:09:11.0029 0x0ce8  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
08:09:11.0104 0x0ce8  tdx - ok
08:09:11.0139 0x0ce8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
08:09:11.0169 0x0ce8  TermDD - ok
08:09:11.0295 0x0ce8  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
08:09:11.0455 0x0ce8  TermService - ok
08:09:11.0523 0x0ce8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
08:09:11.0597 0x0ce8  Themes - ok
08:09:11.0670 0x0ce8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
08:09:11.0749 0x0ce8  THREADORDER - ok
08:09:11.0807 0x0ce8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
08:09:11.0972 0x0ce8  TrkWks - ok
08:09:12.0028 0x0ce8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:09:12.0135 0x0ce8  TrustedInstaller - ok
08:09:12.0332 0x0ce8  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
08:09:12.0461 0x0ce8  tssecsrv - ok
08:09:12.0500 0x0ce8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
08:09:12.0623 0x0ce8  TsUsbFlt - ok
08:09:12.0782 0x0ce8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
08:09:12.0930 0x0ce8  tunnel - ok
08:09:12.0970 0x0ce8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
08:09:13.0001 0x0ce8  uagp35 - ok
08:09:13.0059 0x0ce8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
08:09:13.0166 0x0ce8  udfs - ok
08:09:13.0217 0x0ce8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
08:09:13.0266 0x0ce8  UI0Detect - ok
08:09:13.0288 0x0ce8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
08:09:13.0312 0x0ce8  uliagpkx - ok
08:09:13.0341 0x0ce8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
08:09:13.0417 0x0ce8  umbus - ok
08:09:13.0474 0x0ce8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
08:09:13.0549 0x0ce8  UmPass - ok
08:09:13.0590 0x0ce8  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
08:09:13.0728 0x0ce8  upnphost - ok
08:09:13.0859 0x0ce8  [ CD03479F2DA26500B203ED075C146A7A, D2A6C1D64AC213B3A181AFD298B3C3AAA820B0D9783812F10512846BC3BD8584 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
08:09:13.0937 0x0ce8  USBAAPL64 - detected UnsignedFile.Multi.Generic ( 1 )
08:09:20.0767 0x0ce8  Detect skipped due to KSN trusted
08:09:20.0767 0x0ce8  USBAAPL64 - ok
08:09:20.0809 0x0ce8  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
08:09:20.0864 0x0ce8  usbccgp - ok
08:09:20.0896 0x0ce8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
08:09:21.0021 0x0ce8  usbcir - ok
08:09:21.0047 0x0ce8  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
08:09:21.0108 0x0ce8  usbehci - ok
08:09:21.0268 0x0ce8  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
08:09:21.0354 0x0ce8  usbhub - ok
08:09:21.0481 0x0ce8  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
08:09:21.0515 0x0ce8  usbohci - ok
08:09:21.0594 0x0ce8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
08:09:21.0642 0x0ce8  usbprint - ok
08:09:21.0749 0x0ce8  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
08:09:21.0800 0x0ce8  usbscan - ok
08:09:21.0825 0x0ce8  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:09:21.0924 0x0ce8  USBSTOR - ok
08:09:21.0974 0x0ce8  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
08:09:22.0051 0x0ce8  usbuhci - ok
08:09:22.0094 0x0ce8  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
08:09:22.0217 0x0ce8  usbvideo - ok
08:09:22.0236 0x0ce8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
08:09:22.0378 0x0ce8  UxSms - ok
08:09:22.0399 0x0ce8  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
08:09:22.0426 0x0ce8  VaultSvc - ok
08:09:22.0488 0x0ce8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
08:09:22.0511 0x0ce8  vdrvroot - ok
08:09:22.0718 0x0ce8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
08:09:22.0865 0x0ce8  vds - ok
08:09:22.0916 0x0ce8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
08:09:22.0982 0x0ce8  vga - ok
08:09:23.0025 0x0ce8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
08:09:23.0101 0x0ce8  VgaSave - ok
08:09:23.0154 0x0ce8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
08:09:23.0175 0x0ce8  vhdmp - ok
08:09:23.0302 0x0ce8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
08:09:23.0317 0x0ce8  viaide - ok
08:09:23.0393 0x0ce8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
08:09:23.0410 0x0ce8  volmgr - ok
08:09:23.0493 0x0ce8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
08:09:23.0525 0x0ce8  volmgrx - ok
08:09:23.0597 0x0ce8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
08:09:23.0628 0x0ce8  volsnap - ok
08:09:23.0701 0x0ce8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
08:09:23.0744 0x0ce8  vsmraid - ok
08:09:23.0925 0x0ce8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
08:09:24.0105 0x0ce8  VSS - ok
08:09:24.0201 0x0ce8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
08:09:24.0379 0x0ce8  vwifibus - ok
08:09:24.0491 0x0ce8  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
08:09:24.0535 0x0ce8  vwififlt - ok
08:09:24.0547 0x0ce8  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
08:09:24.0578 0x0ce8  vwifimp - ok
08:09:24.0653 0x0ce8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
08:09:24.0740 0x0ce8  W32Time - ok
08:09:24.0839 0x0ce8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
08:09:24.0901 0x0ce8  WacomPen - ok
08:09:24.0996 0x0ce8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
08:09:25.0088 0x0ce8  WANARP - ok
08:09:25.0167 0x0ce8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
08:09:25.0265 0x0ce8  Wanarpv6 - ok
08:09:25.0445 0x0ce8  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
08:09:25.0558 0x0ce8  WatAdminSvc - ok
08:09:25.0654 0x0ce8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
08:09:25.0942 0x0ce8  wbengine - ok
08:09:25.0977 0x0ce8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
08:09:26.0043 0x0ce8  WbioSrvc - ok
08:09:26.0116 0x0ce8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
08:09:26.0248 0x0ce8  wcncsvc - ok
08:09:26.0301 0x0ce8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:09:26.0361 0x0ce8  WcsPlugInService - ok
08:09:26.0471 0x0ce8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
08:09:26.0498 0x0ce8  Wd - ok
08:09:26.0663 0x0ce8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
08:09:26.0766 0x0ce8  Wdf01000 - ok
08:09:26.0879 0x0ce8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
08:09:27.0050 0x0ce8  WdiServiceHost - ok
08:09:27.0059 0x0ce8  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
08:09:27.0120 0x0ce8  WdiSystemHost - ok
08:09:27.0164 0x0ce8  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
08:09:27.0331 0x0ce8  WebClient - ok
08:09:27.0389 0x0ce8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
08:09:27.0528 0x0ce8  Wecsvc - ok
08:09:27.0554 0x0ce8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
08:09:27.0658 0x0ce8  wercplsupport - ok
08:09:27.0728 0x0ce8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
08:09:27.0838 0x0ce8  WerSvc - ok
08:09:27.0988 0x0ce8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
08:09:28.0044 0x0ce8  WfpLwf - ok
08:09:28.0089 0x0ce8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
08:09:28.0116 0x0ce8  WIMMount - ok
08:09:28.0271 0x0ce8  WinDefend - ok
08:09:28.0431 0x0ce8  WinHttpAutoProxySvc - ok
08:09:28.0504 0x0ce8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
08:09:28.0681 0x0ce8  Winmgmt - ok
08:09:28.0871 0x0ce8  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
08:09:29.0117 0x0ce8  WinRM - ok
08:09:29.0213 0x0ce8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
08:09:29.0265 0x0ce8  WinUsb - ok
08:09:29.0352 0x0ce8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
08:09:29.0501 0x0ce8  Wlansvc - ok
08:09:30.0108 0x0ce8  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:09:30.0267 0x0ce8  wlidsvc - ok
08:09:30.0316 0x0ce8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
08:09:30.0391 0x0ce8  WmiAcpi - ok
08:09:30.0430 0x0ce8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
08:09:30.0586 0x0ce8  wmiApSrv - ok
08:09:30.0636 0x0ce8  WMPNetworkSvc - ok
08:09:30.0701 0x0ce8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
08:09:30.0789 0x0ce8  WPCSvc - ok
08:09:30.0827 0x0ce8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
08:09:30.0894 0x0ce8  WPDBusEnum - ok
08:09:30.0964 0x0ce8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
08:09:31.0038 0x0ce8  ws2ifsl - ok
08:09:31.0062 0x0ce8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
08:09:31.0110 0x0ce8  wscsvc - ok
08:09:31.0155 0x0ce8  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
08:09:31.0192 0x0ce8  WSDPrintDevice - ok
08:09:31.0197 0x0ce8  WSearch - ok
08:09:31.0334 0x0ce8  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
08:09:31.0450 0x0ce8  wuauserv - ok
08:09:31.0532 0x0ce8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
08:09:31.0625 0x0ce8  WudfPf - ok
08:09:31.0726 0x0ce8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
08:09:31.0777 0x0ce8  WUDFRd - ok
08:09:31.0872 0x0ce8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
08:09:31.0921 0x0ce8  wudfsvc - ok
08:09:31.0996 0x0ce8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
08:09:32.0117 0x0ce8  WwanSvc - ok
08:09:32.0212 0x0ce8  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
08:09:32.0330 0x0ce8  yukonw7 - ok
08:09:32.0375 0x0ce8  ================ Scan global ===============================
08:09:32.0462 0x0ce8  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
08:09:32.0535 0x0ce8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:09:32.0573 0x0ce8  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
08:09:32.0638 0x0ce8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
08:09:32.0682 0x0ce8  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
08:09:32.0699 0x0ce8  [ Global ] - ok
08:09:32.0699 0x0ce8  ================ Scan MBR ==================================
08:09:32.0715 0x0ce8  [ A9736F67F0B877A41A72D74497A11B40 ] \Device\Harddisk0\DR0
08:09:34.0030 0x0ce8  \Device\Harddisk0\DR0 - ok
08:09:34.0030 0x0ce8  ================ Scan VBR ==================================
08:09:34.0049 0x0ce8  [ 261FC2E4D90FDA263E5A8BDAD05B9CF6 ] \Device\Harddisk0\DR0\Partition1
08:09:34.0052 0x0ce8  \Device\Harddisk0\DR0\Partition1 - ok
08:09:34.0112 0x0ce8  [ A60FC56ADF0486CF6698FD949036F339 ] \Device\Harddisk0\DR0\Partition2
08:09:34.0113 0x0ce8  \Device\Harddisk0\DR0\Partition2 - ok
08:09:34.0169 0x0ce8  [ 5467285D825E8B311DD2EFB81D7C8B04 ] \Device\Harddisk0\DR0\Partition3
08:09:34.0171 0x0ce8  \Device\Harddisk0\DR0\Partition3 - ok
08:09:34.0172 0x0ce8  ================ Scan generic autorun ======================
08:09:34.0252 0x0ce8  [ 87A4570E9D15A2821015B7FB6B821654, BDF5266905DC3F9ED0DBE41798D9907FC9E8D030DD5C28975BBF9BFD8BD9DA71 ] C:\Windows\system32\igfxtray.exe
08:09:34.0275 0x0ce8  IgfxTray - ok
08:09:34.0308 0x0ce8  [ 842683D8F1A58A76E5A03DA35B4962EE, 7D1B1918D69566694D7D0E82A8A1C7537A5C3A1533DC80F60FE212DD2DBC6099 ] C:\Windows\system32\hkcmd.exe
08:09:34.0336 0x0ce8  HotKeysCmds - ok
08:09:34.0369 0x0ce8  [ 99F8C1060BFB20D2039716BBF741D6C2, 8C578E288D88697E88AB9BEAE79D33AF23AD6176D830D5916BD2DD42EC6FADC5 ] C:\Windows\system32\igfxpers.exe
08:09:34.0399 0x0ce8  Persistence - ok
08:09:34.0551 0x0ce8  ‮tluafed - ok
08:09:34.0551 0x0ce8  Waiting for KSN requests completion. In queue: 65
08:09:35.0551 0x0ce8  Waiting for KSN requests completion. In queue: 65
08:09:36.0551 0x0ce8  Waiting for KSN requests completion. In queue: 65
08:09:37.0551 0x0ce8  Waiting for KSN requests completion. In queue: 65
08:09:38.0551 0x0ce8  Waiting for KSN requests completion. In queue: 65
08:09:39.0554 0x0ce8  Waiting for KSN requests completion. In queue: 65
08:09:40.0563 0x0ce8  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x41000 ( enabled : updated )
08:09:40.0581 0x0ce8  Win FW state via NFP2: enabled
08:09:43.0528 0x0ce8  ============================================================
08:09:43.0528 0x0ce8  Scan finished
08:09:43.0528 0x0ce8  ============================================================
08:09:43.0542 0x0b38  Detected object count: 0
08:09:43.0542 0x0b38  Actual detected object count: 0




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Erin (administrator) on ERIN-PC on 11-09-2014 08:21:54
Running from C:\Users\Erin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\wicainventory.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp45-kb2972216-x64.exe
(Microsoft Corporation) C:\453b5ff2d18853af6720cec9f884\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [.tluafed** <*>] => C:\Users\Erin\Application Data\{00003893-590C-067E-029B-55C8FA73CBA7}.ex <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2784256 2012-06-19] (Eastman Kodak Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234840 2012-06-18] (Eastman Kodak Company)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-28] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
BootExecute: autocheck autochk * C:\PROGRA~2\NORTON~3\Tools\SPEEDD~1\aDSBatch.exe /startup
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - {EE21DDEF-7DF2-4DED-9F0B-8279955C937F} URL = http://www.facebook.com/search/?src=os&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BrowserHelper Class -> {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Erin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Erin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Erin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Erin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 01999D4E7A1CF1C2B7762D7DA0C4CC814F801E9F76A5395CB9E6295437C3FE90
CHR DefaultSearchURL: Default -> C955CD6D0C494F22DD5979DA145A9486DA3538D65E6E2827BF6403D63D6E7B84
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKCU\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Erin\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-21]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2012-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [777728 2012-06-19] (Eastman Kodak Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S4 lxbm_device; C:\Windows\system32\lxbmcoms.exe [566192 2007-01-30] ( )
S4 lxbm_device; C:\Windows\SysWOW64\lxbmcoms.exe [537520 2007-01-30] ( )
S4 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) [File not signed]
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 iscFlash; c:\SwSetup\sp47543\iscflashx64.sys [23344 2009-08-26] (Insyde Software) [File not signed]
R3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
R3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
R3 SYMSpeedDisk; C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Erin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U4 eabfiltr; No ImagePath
S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 08:20 - 2014-09-11 08:20 - 00000000 ____D () C:\453b5ff2d18853af6720cec9f884
2014-09-11 08:05 - 2014-09-11 08:05 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Erin\Downloads\tdsskiller.exe
2014-09-11 08:05 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:05 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:38 - 2014-09-11 07:58 - 00000112 _____ () C:\Windows\setupact.log
2014-09-10 22:38 - 2014-09-10 22:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 21:37 - 2014-09-10 19:30 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140910-213733.backup
2014-09-10 19:42 - 2014-09-10 19:42 - 00030536 _____ () C:\ComboFix.txt
2014-09-10 16:15 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-10 16:15 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-10 16:15 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-10 16:11 - 2014-09-10 19:42 - 00000000 ____D () C:\Qoobox
2014-09-10 16:01 - 2014-09-10 19:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 15:52 - 2014-09-10 15:52 - 05576769 ____R (Swearware) C:\Users\Erin\Downloads\ComboFix.exe
2014-09-10 10:03 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:03 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 09:59 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:59 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:49 - 2014-09-11 08:21 - 00024152 _____ () C:\Users\Erin\Desktop\FRST.txt
2014-09-10 09:47 - 2014-09-11 08:21 - 00000000 ____D () C:\FRST
2014-09-10 09:43 - 2014-09-10 09:44 - 02105856 _____ (Farbar) C:\Users\Erin\Desktop\FRST64.exe
2014-09-10 09:13 - 2014-09-10 09:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:04 - 2014-09-09 16:01 - 00522503 _____ () C:\Users\Erin\Desktop\avgrep.txt
2014-09-07 19:29 - 2014-09-07 19:29 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\AVG2014
2014-09-07 19:24 - 2014-09-07 19:24 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\TuneUp Software
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-07 18:23 - 2014-09-07 18:23 - 00000000 ____D () C:\$AVG
2014-09-07 18:22 - 2014-09-07 19:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-07 17:54 - 2014-09-09 09:05 - 00000000 ____D () C:\Users\Erin\AppData\Local\Avg2014
2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\MFAData
2014-09-07 17:49 - 2014-09-07 17:50 - 04927216 _____ (AVG Technologies) C:\Users\Erin\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 04901352 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup417.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 21:01 - 2014-09-06 21:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 19:59 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140906-195925.backup
2014-09-06 19:42 - 2014-09-06 19:42 - 00001262 _____ () C:\Users\Erin\Desktop\Spybot - Search & Destroy.lnk
2014-09-06 19:41 - 2014-09-10 22:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-06 19:41 - 2014-09-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-06 19:34 - 2014-09-06 19:35 - 16409960 _____ (Safer Networking Limited ) C:\Users\Erin\Downloads\spybotsd162.exe
2014-09-01 16:52 - 2014-09-01 16:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-01 16:44 - 2014-09-01 16:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012.exe
2014-09-01 16:42 - 2014-09-01 16:43 - 04872677 _____ () C:\Users\Erin\Downloads\mbam-chameleon-3.1.4.0.zip
2014-09-01 16:31 - 2014-09-01 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 14:30 - 2014-09-01 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 14:27 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 14:27 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 14:27 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-01 14:27 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-01 14:26 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 14:26 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-01 14:26 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-01 14:26 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 13:18 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 13:18 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 13:18 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 13:18 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 13:18 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 13:17 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 13:17 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 13:17 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 13:17 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 13:17 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 13:16 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 13:16 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-01 13:16 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-01 13:16 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-01 13:16 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-01 13:16 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-01 13:16 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-01 13:16 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-01 13:16 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-01 13:16 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-01 13:15 - 2014-07-31 16:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-01 13:15 - 2014-07-31 16:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-01 13:15 - 2014-07-25 07:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-01 13:15 - 2014-07-25 07:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-01 13:15 - 2014-07-25 07:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-01 13:15 - 2014-07-25 06:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-01 13:15 - 2014-07-25 06:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-01 13:15 - 2014-07-25 06:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-01 13:15 - 2014-07-25 06:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-01 13:15 - 2014-07-25 06:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-01 13:15 - 2014-07-25 06:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-01 13:15 - 2014-07-25 06:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-01 13:15 - 2014-07-25 06:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-01 13:15 - 2014-07-25 06:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-01 13:15 - 2014-07-25 06:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-01 13:15 - 2014-07-25 06:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-01 13:15 - 2014-07-25 06:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-01 13:15 - 2014-07-25 05:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-01 13:15 - 2014-07-25 05:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-01 13:15 - 2014-07-25 05:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-01 13:15 - 2014-07-25 05:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-01 13:15 - 2014-07-25 05:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-01 13:15 - 2014-07-25 05:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-01 13:15 - 2014-07-25 05:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-01 13:15 - 2014-07-25 05:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-01 13:15 - 2014-07-25 05:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-01 13:15 - 2014-07-25 05:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-01 13:15 - 2014-07-25 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-01 13:15 - 2014-07-25 05:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-01 13:15 - 2014-07-25 05:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-01 13:15 - 2014-07-25 05:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-01 13:15 - 2014-07-25 05:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-01 13:15 - 2014-07-25 05:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-01 13:15 - 2014-07-25 05:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-01 13:15 - 2014-07-25 05:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-01 13:15 - 2014-07-25 05:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-01 13:15 - 2014-07-25 04:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-01 13:15 - 2014-07-25 04:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-01 13:15 - 2014-07-25 04:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-01 13:15 - 2014-07-25 04:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-01 13:15 - 2014-07-25 04:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-01 13:15 - 2014-07-25 04:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-01 13:15 - 2014-07-25 04:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-01 13:15 - 2014-07-25 04:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-01 13:15 - 2014-07-25 04:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-01 13:15 - 2014-07-25 04:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-01 13:15 - 2014-07-25 04:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-01 13:15 - 2014-07-25 04:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-01 13:15 - 2014-07-25 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-01 13:15 - 2014-07-25 04:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-01 13:15 - 2014-07-25 03:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-01 13:15 - 2014-07-25 03:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-01 13:15 - 2014-07-25 03:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-01 13:15 - 2014-07-25 03:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-01 13:15 - 2014-07-25 03:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-01 13:15 - 2014-07-25 03:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-01 13:15 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 13:15 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 13:14 - 2014-06-05 07:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-01 13:14 - 2014-06-05 07:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-01 13:14 - 2014-06-05 07:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-01 13:14 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-01 13:14 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-01 13:14 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-01 13:14 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-01 13:14 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-01 13:14 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-01 13:08 - 2014-09-01 13:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-01 13:08 - 2014-09-01 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-01 13:05 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 13:05 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-01 13:05 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 13:05 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 13:05 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 12:55 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 12:55 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 12:55 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 12:55 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 12:55 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 12:55 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-01 09:23 - 2014-09-01 17:16 - 00000000 ____D () C:\Users\Erin\Desktop\mbar
2014-08-23 15:16 - 2014-08-23 15:16 - 06010880 _____ () C:\Program Files (x86)\GUT5A6F.tmp
2014-08-23 15:16 - 2014-08-23 15:16 - 00000000 ____D () C:\Program Files (x86)\GUM5A6E.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 08:23 - 2014-09-10 09:49 - 00024152 _____ () C:\Users\Erin\Desktop\FRST.txt
2014-09-11 08:21 - 2014-09-10 09:47 - 00000000 ____D () C:\FRST
2014-09-11 08:20 - 2014-09-11 08:20 - 00000000 ____D () C:\453b5ff2d18853af6720cec9f884
2014-09-11 08:18 - 2011-11-29 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 08:17 - 2012-03-13 11:12 - 00785406 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 08:17 - 2009-07-13 22:13 - 00785406 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:10 - 2009-09-29 19:40 - 01700872 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 08:10 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 08:10 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 08:06 - 2013-08-14 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 08:06 - 2011-08-04 21:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 08:06 - 2009-11-05 07:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 08:05 - 2014-09-11 08:05 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Erin\Downloads\tdsskiller.exe
2014-09-11 08:05 - 2014-05-06 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-11 08:02 - 2009-08-24 16:57 - 00000000 ____D () C:\ProgramData\Temp
2014-09-11 07:58 - 2014-09-10 22:38 - 00000112 _____ () C:\Windows\setupact.log
2014-09-11 07:58 - 2011-08-04 21:36 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 07:58 - 2011-04-14 14:04 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-11 07:58 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 01:38 - 2013-02-12 21:40 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000UA.job
2014-09-11 01:25 - 2012-07-26 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-10 22:38 - 2014-09-10 22:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 22:38 - 2009-11-04 13:50 - 00000000 ____D () C:\Users\Erin
2014-09-10 22:29 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 22:29 - 2011-12-23 00:55 - 00000000 ____D () C:\Users\Erin\AppData\Local\CrashDumps
2014-09-10 19:42 - 2014-09-10 19:42 - 00030536 _____ () C:\ComboFix.txt
2014-09-10 19:42 - 2014-09-10 16:11 - 00000000 ____D () C:\Qoobox
2014-09-10 19:42 - 2014-04-23 07:59 - 00000000 ____D () C:\Users\dub_cm_auto
2014-09-10 19:42 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-09-10 19:35 - 2014-09-10 16:01 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 19:33 - 2010-10-15 22:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-10 19:30 - 2014-09-10 21:37 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140910-213733.backup
2014-09-10 19:30 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-10 19:17 - 2011-12-19 21:54 - 00000258 _____ () C:\Windows\Tasks\NUSchedule.job
2014-09-10 15:52 - 2014-09-10 15:52 - 05576769 ____R (Swearware) C:\Users\Erin\Downloads\ComboFix.exe
2014-09-10 11:38 - 2013-02-12 21:40 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000Core.job
2014-09-10 09:44 - 2014-09-10 09:43 - 02105856 _____ (Farbar) C:\Users\Erin\Desktop\FRST64.exe
2014-09-10 09:13 - 2014-09-10 09:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 08:52 - 2010-02-14 10:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-09 16:01 - 2014-09-09 09:04 - 00522503 _____ () C:\Users\Erin\Desktop\avgrep.txt
2014-09-09 09:05 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\Avg2014
2014-09-07 20:41 - 2010-12-20 05:40 - 00000000 ____D () C:\Temp
2014-09-07 19:55 - 2012-12-21 12:44 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-07 19:29 - 2014-09-07 19:29 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\AVG2014
2014-09-07 19:26 - 2014-09-07 18:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-07 19:24 - 2014-09-07 19:24 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\TuneUp Software
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-07 18:23 - 2014-09-07 18:23 - 00000000 ____D () C:\$AVG
2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\MFAData
2014-09-07 17:50 - 2014-09-07 17:49 - 04927216 _____ (AVG Technologies) C:\Users\Erin\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-07 17:01 - 2009-07-24 23:11 - 00000000 ____D () C:\Windows\Panther
2014-09-07 17:00 - 2010-12-13 13:03 - 00000000 ____D () C:\Windows\Minidump
2014-09-06 21:01 - 2014-09-06 21:01 - 04901352 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup417.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 21:01 - 2014-09-06 21:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 19:52 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:42 - 2014-09-06 19:42 - 00001262 _____ () C:\Users\Erin\Desktop\Spybot - Search & Destroy.lnk
2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-06 19:35 - 2014-09-06 19:34 - 16409960 _____ (Safer Networking Limited ) C:\Users\Erin\Downloads\spybotsd162.exe
2014-09-04 19:10 - 2014-09-10 09:59 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-10 09:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 17:16 - 2014-09-01 09:23 - 00000000 ____D () C:\Users\Erin\Desktop\mbar
2014-09-01 16:52 - 2014-09-01 16:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-01 16:45 - 2014-09-01 16:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012.exe
2014-09-01 16:43 - 2014-09-01 16:42 - 04872677 _____ () C:\Users\Erin\Downloads\mbam-chameleon-3.1.4.0.zip
2014-09-01 16:31 - 2014-09-01 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-01 15:02 - 2013-01-13 20:32 - 00000258 __RSH () C:\Users\Erin\ntuser.pol
2014-09-01 14:59 - 2009-07-13 21:45 - 00482288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-01 14:32 - 2013-03-20 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 14:31 - 2013-03-20 12:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 14:31 - 2013-03-20 12:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 14:30 - 2014-09-01 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files\iTunes
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files\iPod
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-01 13:22 - 2014-06-20 11:18 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-01 13:11 - 2010-03-24 20:14 - 00000000 ____D () C:\ProgramData\Apple
2014-09-01 13:08 - 2014-09-01 13:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-01 13:08 - 2014-09-01 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-01 13:08 - 2012-05-23 13:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-01 13:00 - 2011-10-31 15:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-01 13:00 - 2009-11-06 06:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-01 12:42 - 2011-08-04 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 12:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-09-01 12:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-01 12:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-25 06:53 - 2010-01-04 20:46 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 18:01 - 2011-08-04 21:36 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-23 18:01 - 2011-08-04 21:36 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-23 15:16 - 2014-08-23 15:16 - 06010880 _____ () C:\Program Files (x86)\GUT5A6F.tmp
2014-08-23 15:16 - 2014-08-23 15:16 - 00000000 ____D () C:\Program Files (x86)\GUM5A6E.tmp
2014-08-22 19:07 - 2014-09-01 13:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-09-01 13:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-09-01 13:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-05-24 04:34
 
==================== End Of Log ============================


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 11 September 2014 - 11:50 AM

How is your computer running now?


Step 1

Please download this attached Attached File  fixlist.txt   1.84KB   7 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 3

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 11 September 2014 - 04:00 PM

here is the content of the fixlog
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Erin at 2014-09-11 11:56:57 Run:3
Running from C:\Users\Erin\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [.tluafed** <*>] => C:\Users\Erin\Application Data\{00003893-590C-067E-029B-55C8FA73CBA7}.ex <===== ATTENTION (Value Name with invalid characters)
SearchScopes: HKLM - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
C:\Users\Erin\Application Data\{00003893-590C-067E-029B-55C8FA73CBA7}.*
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
SearchScopes: HKCU - {3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2438727
EmptyTemp:
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\.tluafed** <*> => Value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C}" => Key not found.
"HKCR\CLSID\{3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C}" => Key not found.
"C:\Users\Erin\Application Data\{00003893-590C-067E-029B-55C8FA73CBA7}.*" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C}" => Key not found.
"HKCR\Wow6432Node\CLSID\{3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCR\Wow6432Node\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C}" => Key not found.
"HKCR\CLSID\{3EF4DC3F-0F8E-4CAC-B1B3-13EECC1A005C}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
"HKCR\CLSID\{cca2e567-1987-4100-a3c6-5b4267084510}" => Key not found.
EmptyTemp: => Removed 20.2 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====






i am running eset now will post that and the new frst log when they finish


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 11 September 2014 - 04:21 PM

Ok. :)

#11 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 September 2014 - 12:59 AM

this is what the eset report generated

C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll Win32/Toolbar.Conduit.Y potentially unwanted application
C:\Users\Erin\AppData\Local\Zynga\ldrtbZyn0.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Erin\AppData\Local\Zynga\tbZyn0.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Erin\Downloads\ccsetup417.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


#12 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 September 2014 - 01:01 AM

and this is the latest frst scan 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Erin (administrator) on ERIN-PC on 11-09-2014 22:59:48
Running from C:\Users\Erin\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [EKStatusMonitor] => C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.exe [2784256 2012-06-19] (Eastman Kodak Company)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] => C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234840 2012-06-18] (Eastman Kodak Company)
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe [841096 2014-03-28] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\Policies\system: [WallpaperStyle] 2
HKU\.DEFAULT\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2275199602-3988718927-1175884840-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {EE21DDEF-7DF2-4DED-9F0B-8279955C937F} URL = http://www.facebook.com/search/?src=os&q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: BrowserHelper Class -> {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {E4878B45-E2C0-4307-B6E8-734922F92F5B} -  No File
Toolbar: HKCU - No Name - {7B13EC3E-999A-4B70-B9CB-2617B8323822} -  No File
Toolbar: HKCU - No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Erin\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Erin\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Erin\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Erin\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Erin\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> 01999D4E7A1CF1C2B7762D7DA0C4CC814F801E9F76A5395CB9E6295437C3FE90
CHR DefaultSearchURL: Default -> C955CD6D0C494F22DD5979DA145A9486DA3538D65E6E2827BF6403D63D6E7B84
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.8) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Google Wallet) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-12]
CHR HKCU\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\Erin\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx [2012-08-21]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] -  [2012-08-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 DiskDoctorService; C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [777728 2012-06-19] (Eastman Kodak Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
S4 lxbm_device; C:\Windows\system32\lxbmcoms.exe [566192 2007-01-30] ( )
S4 lxbm_device; C:\Windows\SysWOW64\lxbmcoms.exe [537520 2007-01-30] ( )
S4 lxdx_device; C:\Windows\system32\lxdxcoms.exe [1039872 2009-10-16] ( ) [File not signed]
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SpeedDiskService; C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [247808 2010-03-23] (IDT, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DD04000.00A\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
S3 iscFlash; c:\SwSetup\sp47543\iscflashx64.sys [23344 2009-08-26] (Insyde Software) [File not signed]
S3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [191232 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [163384 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\SysWOW64\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz132; \??\C:\Users\Erin\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [X]
U4 eabfiltr; No ImagePath
S3 mbamchameleon; \??\C:\Windows\system32\drivers\mbamchameleon.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 22:59 - 2014-09-11 22:59 - 00021520 _____ () C:\Users\Erin\Desktop\FRST.txt
2014-09-11 13:44 - 2014-09-11 13:44 - 02347384 _____ (ESET) C:\Users\Erin\Downloads\esetsmartinstaller_enu.exe
2014-09-11 13:44 - 2014-09-11 13:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 13:37 - 2014-09-11 13:37 - 00000360 _____ () C:\Windows\PFRO.log
2014-09-11 10:19 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 10:19 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 10:19 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 10:19 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 10:19 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 10:08 - 2014-09-11 10:08 - 526248469 _____ () C:\Windows\MEMORY.DMP
2014-09-11 10:08 - 2014-09-11 10:08 - 00277080 _____ () C:\Windows\Minidump\091114-28782-01.dmp
2014-09-11 08:18 - 2014-08-19 11:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 08:18 - 2014-08-19 10:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 08:18 - 2014-08-18 16:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 08:18 - 2014-08-18 15:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 08:18 - 2014-08-18 15:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 08:18 - 2014-08-18 15:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 08:18 - 2014-08-18 15:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 08:18 - 2014-08-18 15:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 08:18 - 2014-08-18 15:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 08:18 - 2014-08-18 15:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 08:18 - 2014-08-18 15:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 08:18 - 2014-08-18 15:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 08:18 - 2014-08-18 15:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 08:18 - 2014-08-18 15:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 08:18 - 2014-08-18 15:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 08:18 - 2014-08-18 15:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 08:18 - 2014-08-18 15:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 08:18 - 2014-08-18 15:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 08:18 - 2014-08-18 15:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 08:18 - 2014-08-18 14:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 08:18 - 2014-08-18 14:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 08:18 - 2014-08-18 14:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 08:18 - 2014-08-18 14:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 08:18 - 2014-08-18 14:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 08:18 - 2014-08-18 14:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 08:18 - 2014-08-18 14:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 08:18 - 2014-08-18 14:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 08:18 - 2014-08-18 14:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 08:18 - 2014-08-18 14:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 08:18 - 2014-08-18 14:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 08:18 - 2014-08-18 14:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 08:18 - 2014-08-18 14:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 08:18 - 2014-08-18 14:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 08:18 - 2014-08-18 14:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 08:18 - 2014-08-18 14:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 08:18 - 2014-08-18 14:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 08:18 - 2014-08-18 14:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 08:18 - 2014-08-18 14:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 08:18 - 2014-08-18 14:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 08:18 - 2014-08-18 14:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 08:18 - 2014-08-18 14:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 08:18 - 2014-08-18 14:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 08:18 - 2014-08-18 14:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 08:18 - 2014-08-18 14:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 08:18 - 2014-08-18 14:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 08:18 - 2014-08-18 14:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 08:18 - 2014-08-18 14:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 08:18 - 2014-08-18 14:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 08:18 - 2014-08-18 14:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 08:18 - 2014-08-18 14:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 08:18 - 2014-08-18 14:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 08:18 - 2014-08-18 13:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 08:18 - 2014-08-18 13:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 08:18 - 2014-08-18 13:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 08:18 - 2014-08-18 13:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 08:18 - 2014-08-18 13:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 08:05 - 2014-09-11 08:05 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Erin\Downloads\tdsskiller.exe
2014-09-11 08:05 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:05 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 22:38 - 2014-09-11 13:37 - 00000280 _____ () C:\Windows\setupact.log
2014-09-10 22:38 - 2014-09-10 22:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 21:37 - 2014-09-10 19:30 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140910-213733.backup
2014-09-10 19:42 - 2014-09-10 19:42 - 00030536 _____ () C:\ComboFix.txt
2014-09-10 16:15 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-10 16:15 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-10 16:15 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-10 16:15 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-10 16:11 - 2014-09-10 19:42 - 00000000 ____D () C:\Qoobox
2014-09-10 16:01 - 2014-09-10 19:35 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 15:52 - 2014-09-10 15:52 - 05576769 ____R (Swearware) C:\Users\Erin\Downloads\ComboFix.exe
2014-09-10 10:07 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 10:07 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 10:03 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 10:03 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 09:59 - 2014-09-04 19:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:59 - 2014-09-04 19:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:47 - 2014-09-11 22:59 - 00000000 ____D () C:\FRST
2014-09-10 09:43 - 2014-09-10 09:44 - 02105856 _____ (Farbar) C:\Users\Erin\Desktop\FRST64.exe
2014-09-10 09:13 - 2014-09-10 09:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-09 09:04 - 2014-09-09 16:01 - 00522503 _____ () C:\Users\Erin\Desktop\avgrep.txt
2014-09-07 19:29 - 2014-09-07 19:29 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\AVG2014
2014-09-07 19:24 - 2014-09-07 19:24 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\TuneUp Software
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-07 18:23 - 2014-09-07 18:23 - 00000000 ____D () C:\$AVG
2014-09-07 18:22 - 2014-09-07 19:26 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-07 17:54 - 2014-09-09 09:05 - 00000000 ____D () C:\Users\Erin\AppData\Local\Avg2014
2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\MFAData
2014-09-07 17:49 - 2014-09-07 17:50 - 04927216 _____ (AVG Technologies) C:\Users\Erin\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 04901352 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup417.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 21:01 - 2014-09-06 21:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 19:59 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140906-195925.backup
2014-09-06 19:42 - 2014-09-06 19:42 - 00001262 _____ () C:\Users\Erin\Desktop\Spybot - Search & Destroy.lnk
2014-09-06 19:41 - 2014-09-10 22:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-06 19:41 - 2014-09-06 19:52 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:41 - 2014-09-06 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-06 19:34 - 2014-09-06 19:35 - 16409960 _____ (Safer Networking Limited ) C:\Users\Erin\Downloads\spybotsd162.exe
2014-09-01 16:52 - 2014-09-01 16:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-01 16:44 - 2014-09-01 16:45 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012.exe
2014-09-01 16:42 - 2014-09-01 16:43 - 04872677 _____ () C:\Users\Erin\Downloads\mbam-chameleon-3.1.4.0.zip
2014-09-01 16:31 - 2014-09-01 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 14:30 - 2014-09-01 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 14:27 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-01 14:27 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-01 14:27 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-01 14:27 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-01 14:26 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-01 14:26 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-01 14:26 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-01 14:26 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-01 13:18 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 13:18 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 13:18 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 13:18 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 13:18 - 2014-05-30 01:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 13:18 - 2014-05-30 00:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 13:18 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 13:17 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 13:17 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 13:17 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 13:17 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 13:17 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 13:17 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 13:16 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 13:16 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-01 13:16 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-09-01 13:16 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-09-01 13:16 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-09-01 13:16 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-09-01 13:16 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-09-01 13:16 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-09-01 13:16 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-09-01 13:16 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-09-01 13:16 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-09-01 13:15 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 13:15 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 13:14 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-09-01 13:14 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-09-01 13:14 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-09-01 13:14 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-09-01 13:14 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-09-01 13:14 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-01 13:08 - 2014-09-01 13:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-01 13:08 - 2014-09-01 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-01 13:05 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-01 13:05 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-01 13:05 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 13:05 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 13:05 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 12:55 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 12:55 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 12:55 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 12:55 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 12:55 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 12:55 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 12:55 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-01 09:23 - 2014-09-01 17:16 - 00000000 ____D () C:\Users\Erin\Desktop\mbar
2014-08-23 15:16 - 2014-08-23 15:16 - 06010880 _____ () C:\Program Files (x86)\GUT5A6F.tmp
2014-08-23 15:16 - 2014-08-23 15:16 - 00000000 ____D () C:\Program Files (x86)\GUM5A6E.tmp
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 23:00 - 2014-09-11 22:59 - 00021520 _____ () C:\Users\Erin\Desktop\FRST.txt
2014-09-11 22:59 - 2014-09-10 09:47 - 00000000 ____D () C:\FRST
2014-09-11 22:56 - 2013-02-12 21:40 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000UA.job
2014-09-11 22:56 - 2012-07-26 22:17 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 22:56 - 2011-12-19 21:54 - 00000258 _____ () C:\Windows\Tasks\NUSchedule.job
2014-09-11 22:56 - 2011-08-04 21:36 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 22:56 - 2009-09-29 19:40 - 01757417 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 22:56 - 2009-08-24 16:57 - 00000000 ____D () C:\ProgramData\Temp
2014-09-11 18:06 - 2011-08-04 21:36 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 13:45 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:45 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 13:44 - 2014-09-11 13:44 - 02347384 _____ (ESET) C:\Users\Erin\Downloads\esetsmartinstaller_enu.exe
2014-09-11 13:44 - 2014-09-11 13:44 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-11 13:38 - 2011-04-14 14:04 - 00000000 ____D () C:\ProgramData\Kodak
2014-09-11 13:37 - 2014-09-11 13:37 - 00000360 _____ () C:\Windows\PFRO.log
2014-09-11 13:37 - 2014-09-10 22:38 - 00000280 _____ () C:\Windows\setupact.log
2014-09-11 13:37 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 13:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 11:38 - 2013-02-12 21:40 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2275199602-3988718927-1175884840-1000Core.job
2014-09-11 10:08 - 2014-09-11 10:08 - 526248469 _____ () C:\Windows\MEMORY.DMP
2014-09-11 10:08 - 2014-09-11 10:08 - 00277080 _____ () C:\Windows\Minidump\091114-28782-01.dmp
2014-09-11 10:08 - 2010-12-13 13:03 - 00000000 ____D () C:\Windows\Minidump
2014-09-11 08:57 - 2010-10-15 22:45 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 08:18 - 2011-11-29 21:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 08:17 - 2012-03-13 11:12 - 00785406 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 08:17 - 2009-07-13 22:13 - 00785406 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:15 - 2013-08-14 17:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 08:06 - 2009-11-05 07:58 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 08:05 - 2014-09-11 08:05 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Erin\Downloads\tdsskiller.exe
2014-09-11 08:05 - 2014-05-06 09:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 22:38 - 2014-09-10 22:38 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-10 22:38 - 2009-11-04 13:50 - 00000000 ____D () C:\Users\Erin
2014-09-10 22:29 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-09-10 22:29 - 2011-12-23 00:55 - 00000000 ____D () C:\Users\Erin\AppData\Local\CrashDumps
2014-09-10 19:42 - 2014-09-10 19:42 - 00030536 _____ () C:\ComboFix.txt
2014-09-10 19:42 - 2014-09-10 16:11 - 00000000 ____D () C:\Qoobox
2014-09-10 19:42 - 2014-04-23 07:59 - 00000000 ____D () C:\Users\dub_cm_auto
2014-09-10 19:42 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-09-10 19:35 - 2014-09-10 16:01 - 00000000 ____D () C:\Windows\erdnt
2014-09-10 19:30 - 2014-09-10 21:37 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts.20140910-213733.backup
2014-09-10 19:30 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-10 15:52 - 2014-09-10 15:52 - 05576769 ____R (Swearware) C:\Users\Erin\Downloads\ComboFix.exe
2014-09-10 09:44 - 2014-09-10 09:43 - 02105856 _____ (Farbar) C:\Users\Erin\Desktop\FRST64.exe
2014-09-10 09:13 - 2014-09-10 09:13 - 00000000 ____D () C:\ProgramData\Norton
2014-09-10 08:52 - 2010-02-14 10:31 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-09-09 16:01 - 2014-09-09 09:04 - 00522503 _____ () C:\Users\Erin\Desktop\avgrep.txt
2014-09-09 09:05 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\Avg2014
2014-09-07 20:41 - 2010-12-20 05:40 - 00000000 ____D () C:\Temp
2014-09-07 19:55 - 2012-12-21 12:44 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-09-07 19:29 - 2014-09-07 19:29 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\AVG2014
2014-09-07 19:26 - 2014-09-07 18:22 - 00000000 ____D () C:\ProgramData\AVG2014
2014-09-07 19:24 - 2014-09-07 19:24 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\Users\Erin\AppData\Roaming\TuneUp Software
2014-09-07 19:24 - 2014-09-07 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-07 18:23 - 2014-09-07 18:23 - 00000000 ____D () C:\$AVG
2014-09-07 17:54 - 2014-09-07 17:54 - 00000000 ____D () C:\Users\Erin\AppData\Local\MFAData
2014-09-07 17:50 - 2014-09-07 17:49 - 04927216 _____ (AVG Technologies) C:\Users\Erin\Downloads\avg_free_stb_all_2014_4765_cnet.exe
2014-09-07 17:01 - 2009-07-24 23:11 - 00000000 ____D () C:\Windows\Panther
2014-09-06 21:01 - 2014-09-06 21:01 - 04901352 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup417.exe
2014-09-06 21:01 - 2014-09-06 21:01 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-06 21:01 - 2014-09-06 21:01 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-06 21:01 - 2014-09-06 21:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-06 19:52 - 2014-09-06 19:41 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-09-06 19:42 - 2014-09-06 19:42 - 00001262 _____ () C:\Users\Erin\Desktop\Spybot - Search & Destroy.lnk
2014-09-06 19:42 - 2014-09-06 19:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2014-09-06 19:35 - 2014-09-06 19:34 - 16409960 _____ (Safer Networking Limited ) C:\Users\Erin\Downloads\spybotsd162.exe
2014-09-04 19:10 - 2014-09-10 09:59 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-04 19:05 - 2014-09-10 09:59 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 17:16 - 2014-09-01 09:23 - 00000000 ____D () C:\Users\Erin\Desktop\mbar
2014-09-01 16:52 - 2014-09-01 16:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012 (1).exe
2014-09-01 16:45 - 2014-09-01 16:44 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Erin\Downloads\mbar-1.07.0.1012.exe
2014-09-01 16:43 - 2014-09-01 16:42 - 04872677 _____ () C:\Users\Erin\Downloads\mbam-chameleon-3.1.4.0.zip
2014-09-01 16:31 - 2014-09-01 16:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Erin\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-01 16:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-01 15:02 - 2013-01-13 20:32 - 00000258 __RSH () C:\Users\Erin\ntuser.pol
2014-09-01 14:59 - 2009-07-13 21:45 - 00482288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-01 14:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-01 14:32 - 2013-03-20 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-01 14:31 - 2013-03-20 12:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 14:31 - 2013-03-20 12:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 14:30 - 2014-09-01 14:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files\iTunes
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files\iPod
2014-09-01 14:30 - 2012-05-23 13:24 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-01 13:22 - 2014-06-20 11:18 - 00000000 ____D () C:\Windows\system32\MpEngineStore
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-01 13:13 - 2014-09-01 13:13 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-01 13:11 - 2010-03-24 20:14 - 00000000 ____D () C:\ProgramData\Apple
2014-09-01 13:08 - 2014-09-01 13:08 - 00001845 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-01 13:08 - 2014-09-01 13:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-01 13:08 - 2012-05-23 13:11 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-01 13:00 - 2011-10-31 15:47 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-01 13:00 - 2009-11-06 06:54 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-01 12:42 - 2011-08-04 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-01 12:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\servicing
2014-09-01 12:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-01 12:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-08-25 06:53 - 2010-01-04 20:46 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 18:01 - 2011-08-04 21:36 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-23 18:01 - 2011-08-04 21:36 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-23 15:16 - 2014-08-23 15:16 - 06010880 _____ () C:\Program Files (x86)\GUT5A6F.tmp
2014-08-23 15:16 - 2014-08-23 15:16 - 00000000 ____D () C:\Program Files (x86)\GUM5A6E.tmp
2014-08-22 19:07 - 2014-09-01 13:05 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-22 18:45 - 2014-09-01 13:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-22 17:59 - 2014-09-01 13:05 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 11:05 - 2014-09-11 08:18 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 10:39 - 2014-09-11 08:18 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 16:01 - 2014-09-11 08:18 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 15:29 - 2014-09-11 08:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 15:29 - 2014-09-11 08:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 15:26 - 2014-09-11 08:18 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 15:20 - 2014-09-11 08:18 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 15:19 - 2014-09-11 08:18 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 15:15 - 2014-09-11 08:18 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 15:15 - 2014-09-11 08:18 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 15:14 - 2014-09-11 08:18 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 15:14 - 2014-09-11 08:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 15:08 - 2014-09-11 08:18 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 15:08 - 2014-09-11 08:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 15:08 - 2014-09-11 08:18 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 15:05 - 2014-09-11 08:18 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 15:03 - 2014-09-11 08:18 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 15:03 - 2014-09-11 08:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 15:03 - 2014-09-11 08:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 14:57 - 2014-09-11 08:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 14:56 - 2014-09-11 08:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 14:51 - 2014-09-11 08:18 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 14:46 - 2014-09-11 08:18 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 14:45 - 2014-09-11 08:18 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 14:45 - 2014-09-11 08:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 14:44 - 2014-09-11 08:18 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 14:44 - 2014-09-11 08:18 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 14:42 - 2014-09-11 08:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 14:40 - 2014-09-11 08:18 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 14:39 - 2014-09-11 08:18 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 14:39 - 2014-09-11 08:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 14:39 - 2014-09-11 08:18 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 14:38 - 2014-09-11 08:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 14:37 - 2014-09-11 08:18 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-18 14:36 - 2014-09-11 08:18 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 14:35 - 2014-09-11 08:18 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 14:27 - 2014-09-11 08:18 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 14:25 - 2014-09-11 08:18 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 14:25 - 2014-09-11 08:18 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 14:23 - 2014-09-11 08:18 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 14:23 - 2014-09-11 08:18 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 14:22 - 2014-09-11 08:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 14:19 - 2014-09-11 08:18 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-18 14:17 - 2014-09-11 08:18 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 14:17 - 2014-09-11 08:18 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 14:16 - 2014-09-11 08:18 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 14:15 - 2014-09-11 08:18 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 14:15 - 2014-09-11 08:18 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 14:09 - 2014-09-11 08:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 14:08 - 2014-09-11 08:18 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 14:07 - 2014-09-11 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-18 13:55 - 2014-09-11 08:18 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 13:46 - 2014-09-11 08:18 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 13:38 - 2014-09-11 08:18 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 13:38 - 2014-09-11 08:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 13:36 - 2014-09-11 08:18 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-11 10:01
 
==================== End Of Log ============================


#13 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 September 2014 - 01:04 AM

found where i messed up re running eset and posting the log, i removed the program without copying the log file, i just exported the results to text file, redoing that step and giving you the right log file



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:37 AM

Posted 12 September 2014 - 04:53 AM

Hi,

there is no need to re-run ESET. Those exported results are completly sufficient.
I want to check one last thing. Do you use disk encryption?


Please download Emsisoft MBR Master and save it to your desktop.
  • Execute the mbrmastr.exe.
  • Click on Backup MBR and save it as emsi to your desktop.
  • Close the program.
  • Add the emsi.mbr that has been saved to a zip-archive (right-click on it -> Send To ->Compressed (zipped) folder) and attach this zip-file to your next post.
  • In addition there's a textfile MBRMastr_<date>_<time>.txt on the desktop. Please copy and paste its contents in your next reply.


#15 Iberaven

Iberaven
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:37 PM

Posted 12 September 2014 - 06:19 AM

eset log
 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=16b4024bcf0c314d954b9c2b378acd78
# engine=20118
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-12 08:00:56
# local_time=2014-09-12 01:00:56 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='AVG AntiVirus Free Edition 2014'
# compatibility_mode=1051 16777213 100 100 0 96688840 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 162052306 0 0
# scanned=225276
# found=4
# cleaned=0
# scan_time=7021
sh=664270A860DDB3D6F23F617D0615070330A71A30 ft=1 fh=192f7aaecaa32147 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Program Files (x86)\Conduit\Community Alerts\Alert0.dll"
sh=37E166E756A9AB25AF72B1B3281B9BC189818A47 ft=1 fh=a195dc62459b977b vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Erin\AppData\Local\Zynga\ldrtbZyn0.dll"
sh=07438AD608CF6EE5F601C55679835DD2C93B413A ft=1 fh=8de9c2755f6a8399 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Erin\AppData\Local\Zynga\tbZyn0.dll"
sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Erin\Downloads\ccsetup417.exe"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users