Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVIRA not removing virus'


  • This topic is locked This topic is locked
26 replies to this topic

#1 BrySwy

BrySwy

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 17 October 2014 - 03:21 PM

I've been running scans with AVIRA, Malwarebytes, Super Anitspyware PRO and Adware Removal Tool, I recently started using the program rkill before I run AVIRA scans. After running all these scans my computer says its free of malware, virus' and adware and will run fairly decent for a few hours then will pop up that it found a virus and starts to act crazy again ive take a few screen shots of out of the normal messages or other things ive came across in my attempts to resolve these issues. can someone please help me to find and fix the issues...Attached File  Capture.JPG   29.71KB   0 downloads
this one i found under my startup programs cant find any info on the publisher seems suspicious Attached File  bevo.JPG   41.52KB   0 downloads
this one has been popping up lately as well all the suddenAttached File  driver message.JPG   19.44KB   0 downloads
 
here is the stats from DDS...........
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16575
Run by Hayley at 17:38:25 on 2014-10-13
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\dlcgcoms.exe
C:\Program Files\iWin Games\iWinTrusted.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyOverride = <-loopback>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: kikin Plugin: {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Ovhics] regsvr32.exe
uRun: [YZRPack] c:\windows\system32\regsvr32.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [DLCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCGtime.dll,_RunDLLEntry@16
mRun: [dlcgmon.exe] "c:\program files\dell aio 810\dlcgmon.exe"
mRun: [FaxCenterServer] "c:\program files\dell fax solutions\fm3032.exe" /s
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-5.1.18.0\QOELoader.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Avira Systray] c:\program files\avira\my avira\Avira.OE.Systray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9293B492-D60F-4FA0-84C9-4ACC2965E569} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R? cbouncsq;cbouncsq
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FlyUsb;FLY Fusion
R? Free Download Manager Controller;Free Download Manager Controller
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? mwluhhvr;mwluhhvr
R? ngyeijnu;ngyeijnu
R? otujrtpi;otujrtpi
R? ssadbus;SAMSUNG Android USB Composite Device driver (WDM)
R? wlcrasvc;Windows Live Mesh remote connections service
S? !SASCORE;SAS Core Service
S? AERTFilters;Andrea RT Filters Service
S? amacpi;Microsoft Away Mode System
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Real-Time Protection
S? avgntflt;avgntflt
S? Avira.OE.ServiceHost;Avira Service Host
S? avkmgr;avkmgr
S? ElRawDisk;ElRawDisk
S? FontCache;Windows Font Cache Service
S? iWinTrusted;iWinTrusted
S? MpFilter;Microsoft Malware Protection Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2014-10-11 22:42:21 -------- dc----w- C:\inetpub
2014-10-11 08:32:17 -------- d-----w- c:\users\hayley\appdata\roaming\Avira
2014-10-11 07:42:31 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-11 07:42:27 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-11 07:25:22 -------- d-----w- c:\program files\Avira
2014-10-11 07:25:18 -------- d-----w- c:\programdata\Avira
2014-10-11 07:24:22 -------- d-----w- c:\programdata\Package Cache
2014-10-11 07:19:02 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-10-11 07:14:16 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-11 07:13:40 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-11 07:13:40 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-11 07:13:40 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-11 07:13:37 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-11 05:22:44 8806800 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{26f8809e-104c-46fa-8e3a-05e295c2bf24}\mpengine.dll
2014-10-11 02:07:57 269480 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp8323.exe
2014-10-11 01:03:31 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-10-11 01:03:29 -------- d-----w- c:\program files\common files\Microsoft
2014-10-11 01:03:29 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-10-10 18:42:15 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-10-10 18:01:41 -------- d-----w- c:\users\hayley\appdata\roaming\Systweak
2014-10-09 03:37:18 -------- d-----w- c:\users\hayley\appdata\local\Temp
2014-10-09 01:58:53 244632 ----a-w- c:\programdata\microsoft\secure\icons\temp\tmp7FAB.exe
2014-10-09 01:37:14 73728 ----a-w- c:\windows\system32\tasks.dll
2014-10-06 18:54:13 -------- d-----w- c:\program files\Bench
2014-10-05 02:08:37 -------- d-----w- c:\program files\VideoLAN
2014-10-05 02:00:09 -------- d-----w- c:\users\hayley\appdata\local\Ovhics
2014-10-05 01:58:25 -------- d-----w- c:\users\hayley\appdata\local\YzkfPack
2014-10-05 01:24:47 1821184 ----a-w- c:\programdata\microsoft\secure\icons\IconsCacheHelper.dll
2014-10-05 00:03:37 19384 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-05 00:00:54 -------- d-----w- c:\users\hayley\appdata\local\globalUpdate
2014-10-05 00:00:54 -------- d-----w- c:\program files\globalUpdate
2014-10-01 09:39:44 908840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{da5be9a0-13d1-4fb2-b076-8b2436970ddb}\gapaengine.dll
2014-09-24 05:33:53 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M  ====================
.
2014-10-07 22:49:06 17712 ----a-w- c:\windows\system32\roboot.exe
2014-09-26 05:09:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-26 05:09:04 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-22 06:41:56 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26:28 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 14:42:27 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35:47 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35:34 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34:49 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 06:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-17 22:05:08 231800 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 17:41:14.73 ===============

Attached Files


Edited by hamluis, 17 October 2014 - 03:30 PM.

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 19 October 2014 - 09:04 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.


warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.


Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 19 October 2014 - 11:37 AM

Hello Jurgen my name is Brian here are the scan logs that you requested....

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-10-2014 01
Ran by Hayley (administrator) on FAMILY-PC on 19-10-2014 10:27:36
Running from C:\Users\Hayley\Desktop
Loaded Profile: Hayley (Available profiles: Hayley)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Dell) C:\Program Files\Dell AIO 810\DLCGmon.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
( ) C:\Windows\System32\dlcgcoms.exe
(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Ambient, LLC) C:\Program Files\WxEx\WxEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [DLCGCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [dlcgmon.exe] => C:\Program Files\Dell AIO 810\dlcgmon.exe [431600 2007-01-12] (Dell)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell Fax Solutions\fm3032.exe [312200 2006-12-08] ()
HKLM\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKLM\...\Run: [QOELOADER] => "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [443728 2009-11-10] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-09-24] (Realtek Semiconductor)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Voseideneto] => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe [293540 2010-01-20] ()
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [DellSupportCenter] => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [DW6] => "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YZRPack] => C:\Windows\System32\regsvr32.exe C:\Users\Hayley\AppData\Local\YzkfPack\mc_config_mp2v.dll
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [Ovhics] => regsvr32.exe C:\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL <===== ATTENTION
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YzkfPack] => C:\Users\Hayley\AppData\Local\YzkfPack\tmp3B0E.exe [131072 2014-10-18] ()
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [Voseideneto] => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe [293540 2010-01-20] ()
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\RunOnce: [compact] => "C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\compact.exe"
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\MountPoints2: {c6e63ef8-e27a-11e3-8dea-0021704b1f11} - G:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Command Processor: "C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\compact.exe" <===== ATTENTION!
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\compact.lnk
ShortcutTarget: compact.lnk -> C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\compact.exe (No File)
Startup: C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WOWDEB.lnk
ShortcutTarget: WOWDEB.lnk -> C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\WOWDEB.EXE (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: kikin Plugin -> {E601996F-E400-41CA-804B-CD6373A7EEE2} -> C:\Program Files\kikin\ie_kikin.dll (kikin)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll (FilmFanatic)
FF Plugin: @ei.iWon_5k.com/Plugin -> C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-05]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR StartupUrls: Default -> "https://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (caodggjhipefhiblmgbchfkehoofabbh) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\caodggjhipefhiblmgbchfkehoofabbh [2014-10-08]
CHR Extension: (Tarot Reading (FREE)) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegplnibkbhflhkcbohabjbmmokildob [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Block site) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-10-10]
CHR Extension: (Date of Birth) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekogipagkbmdlcenkmokkgcdkkfpemce [2014-08-31]
CHR Extension: (Google Sheets) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Free Download Manager Controller\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-08] ( )
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [179368 2013-10-23] (iWin Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 Free Download Manager Controller; C:\ProgramData\Free Download Manager Controller\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20392 2008-12-09] (EldoS Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-19] (LeapFrog)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
S1 cbouncsq; \??\C:\Windows\system32\drivers\cbouncsq.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 mwluhhvr; \??\C:\Windows\system32\drivers\mwluhhvr.sys [X]
S1 ngyeijnu; \??\C:\Windows\system32\drivers\ngyeijnu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 otujrtpi; \??\C:\Windows\system32\drivers\otujrtpi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 10:27 - 2014-10-19 10:31 - 00018006 _____ () C:\Users\Hayley\Desktop\FRST.txt
2014-10-19 10:21 - 2014-10-19 10:31 - 00000000 ___DC () C:\FRST
2014-10-19 10:15 - 2014-10-19 10:15 - 01103360 _____ (Farbar) C:\Users\Hayley\Desktop\FRST.exe
2014-10-19 02:28 - 2014-10-19 11:00 - 00000810 _____ () C:\Windows\Tasks\Security Center Update - 2506715180.job
2014-10-19 02:28 - 2014-10-19 02:28 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Yvkuhiy
2014-10-16 23:38 - 2014-10-16 23:41 - 00002312 _____ () C:\Users\Hayley\Desktop\Rkill.txt
2014-10-16 23:37 - 2014-10-16 23:38 - 00003173 _____ () C:\Users\Hayley\Desktop\attach.txt
2014-10-15 11:16 - 2014-10-15 11:16 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Hayley\Desktop\rkill.exe
2014-10-13 19:07 - 2014-10-13 19:07 - 00015273 _____ () C:\Users\Hayley\Downloads\hijackthis9Oct2014.log
2014-10-13 17:41 - 2014-10-13 17:44 - 00012429 _____ () C:\Users\Hayley\Desktop\dds.txt
2014-10-13 17:35 - 2014-10-13 17:35 - 00688992 ____R (Swearware) C:\Users\Hayley\Desktop\dds.com
2014-10-11 18:43 - 2014-10-11 18:44 - 00029547 _____ () C:\Windows\iis7.log
2014-10-11 18:42 - 2014-10-11 18:42 - 00000000 ___DC () C:\inetpub
2014-10-11 04:32 - 2014-10-11 04:32 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Avira
2014-10-11 03:42 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-11 03:26 - 2014-10-11 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-11 03:26 - 2014-10-11 03:26 - 00001000 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-11 03:25 - 2014-10-11 03:39 - 00000000 ____D () C:\ProgramData\Avira
2014-10-11 03:25 - 2014-10-11 03:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-11 03:24 - 2014-10-11 03:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-11 03:20 - 2014-10-19 11:20 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job
2014-10-11 03:20 - 2014-10-19 04:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job
2014-10-11 03:19 - 2014-10-19 03:22 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-11 03:19 - 2014-10-11 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-11 03:19 - 2014-10-11 03:19 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-11 03:14 - 2014-10-15 14:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 03:13 - 2014-10-11 03:13 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-11 03:13 - 2014-10-11 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 03:13 - 2014-10-11 03:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-11 03:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 03:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 03:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 03:12 - 2014-10-11 03:12 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hayley\Downloads\avira_en_av___ws.exe
2014-10-11 03:10 - 2014-10-11 03:10 - 19809824 _____ (SUPERAntiSpyware) C:\Users\Hayley\Downloads\SUPERAntiSpyware.exe
2014-10-11 03:08 - 2014-10-11 03:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hayley\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-10 21:03 - 2014-10-14 23:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-10-10 21:03 - 2014-10-10 21:03 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-10-10 21:01 - 2014-10-10 21:01 - 00753184 _____ () C:\Users\Hayley\Desktop\Adware-Removal-Tool-v3.9.1.exe
2014-10-10 14:42 - 2014-10-10 14:42 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-10-10 14:17 - 2014-10-10 15:23 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\vlc
2014-10-10 14:01 - 2014-10-10 15:04 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Systweak
2014-10-08 21:37 - 2014-10-10 20:09 - 00073728 _____ () C:\Windows\system32\tasks.dll
2014-10-06 14:54 - 2014-10-11 19:39 - 00000000 ____D () C:\Program Files\Bench
2014-10-04 22:09 - 2014-10-04 22:09 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-04 22:09 - 2014-10-04 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-04 22:08 - 2014-10-04 22:08 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-04 22:00 - 2014-10-18 23:39 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Ovhics
2014-10-04 21:58 - 2014-10-18 23:38 - 00000000 ____D () C:\Users\Hayley\AppData\Local\YzkfPack
2014-10-04 21:36 - 2014-10-04 21:36 - 00000000 ____D () C:\Users\Hayley\Documents\The Giver 2014
2014-10-04 20:03 - 2014-10-10 20:13 - 00019384 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-10-04 20:00 - 2014-10-05 02:06 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-04 20:00 - 2014-10-04 20:00 - 00000000 ____D () C:\Users\Hayley\AppData\Local\globalUpdate
2014-09-24 01:33 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-19 11:19 - 2012-04-19 13:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-19 11:16 - 2014-05-29 12:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 10:31 - 2008-11-29 12:37 - 01316590 _____ () C:\Windows\WindowsUpdate.log
2014-10-19 09:50 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-19 09:50 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-19 09:20 - 2011-11-08 18:41 - 00001356 _____ () C:\Users\Hayley\AppData\Local\d3d9caps.dat
2014-10-19 02:16 - 2014-05-29 12:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-18 23:47 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-18 23:46 - 2006-11-02 09:01 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-17 15:59 - 2012-03-09 02:52 - 00000000 ____D () C:\Users\Hayley\Desktop\brians
2014-10-16 22:40 - 2009-01-23 18:09 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-10-15 17:52 - 2008-01-20 22:47 - 00889480 _____ () C:\Windows\PFRO.log
2014-10-15 17:48 - 2009-01-23 18:30 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Yahoo
2014-10-15 17:48 - 2009-01-23 18:25 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-15 00:57 - 2011-04-01 06:59 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-11 20:09 - 2009-01-23 17:36 - 00000000 ____D () C:\Program Files\Dl_cats
2014-10-11 20:06 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-11 19:44 - 2006-11-02 07:18 - 00000000 __RSD () C:\Windows\Media
2014-10-11 19:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-11 18:43 - 2006-11-02 06:33 - 00784060 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 18:42 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\0409
2014-10-11 18:42 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-10-11 11:38 - 2011-01-26 12:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-11 11:38 - 2011-01-26 12:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 09:55 - 2014-07-30 13:14 - 00000000 ___DC () C:\SUPERDelete
2014-10-11 04:54 - 2011-07-13 22:26 - 00000000 ____D () C:\Program Files\iWin Games
2014-10-11 03:27 - 2009-02-24 09:14 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Mozilla
2014-10-10 16:30 - 2008-11-29 12:35 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-10 15:15 - 2008-11-29 17:49 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-10 15:13 - 2012-11-30 23:11 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MumboJumbo
2014-10-10 15:13 - 2012-11-30 23:11 - 00000000 ____D () C:\Program Files\MumboJumbo
2014-10-10 15:10 - 2008-11-29 17:47 - 00000000 ____D () C:\Program Files\Java
2014-10-10 15:10 - 2008-11-29 17:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-10 15:07 - 2006-11-02 08:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-10 15:06 - 2008-11-29 17:49 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-10-10 14:44 - 2009-12-25 18:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-08 21:27 - 2009-01-23 16:34 - 00000000 ____D () C:\Users\Hayley
2014-10-08 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-08 21:26 - 2006-11-02 06:22 - 45350912 _____ () C:\Windows\system32\config\software_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 43253760 _____ () C:\Windows\system32\config\components_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 36700160 _____ () C:\Windows\system32\config\system_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00401408 _____ () C:\Windows\system32\config\default_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00086016 _____ () C:\Windows\system32\config\sam_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-10-08 21:25 - 2011-10-20 18:27 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
2014-10-08 21:25 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-08 21:25 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-08 21:24 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-07 18:49 - 2014-09-01 21:12 - 00017712 _____ () C:\Windows\system32\roboot.exe
2014-10-04 22:20 - 2011-11-07 19:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-04 21:50 - 2011-12-23 03:33 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\uTorrent
2014-10-04 20:01 - 2014-06-09 09:11 - 00002031 _____ () C:\Users\Hayley\Desktop\Google Chrome.lnk
2014-10-04 18:23 - 2014-05-28 20:54 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-09-26 01:09 - 2012-04-19 13:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-26 01:09 - 2011-05-19 18:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-20 11:49 - 2014-08-12 06:35 - 00000000 ____D () C:\Program Files\Wizards of the Coast
2014-09-19 12:30 - 2014-08-07 12:19 - 00002399 _____ () C:\Windows\setupact.log
 
Files to move or delete:
====================
C:\Users\Hayley\20070813082717640_Samsung_USB_Driver_Installer.exe
 
 
Some content of TEMP:
====================
C:\Users\Hayley\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-10-2014 01
Ran by Hayley at 2014-10-19 12:03:44
Running from C:\Users\Hayley\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.8.0.0 - ) <==== ATTENTION
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
BearShare (HKLM\...\BearShare) (Version: 10.0.0.131832 - Musiclab, LLC)
BearShare (Version: 10.0.0.131832 - Musiclab, LLC) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO 810 (HKLM\...\Dell AIO 810) (Version:  - Dell, Inc.)
Dell PC Fax (HKLM\...\Dell Fax Solutions) (Version:  - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
kikin plugin 2.11 (HKLM\...\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}) (Version: 2.11 - kikin)
LeapFrog Connect (HKLM\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog)
LeapFrog Connect (Version: 2.3.11.8936 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Weather Exchange (HKLM\...\{7DADDB60-CFD0-4AB0-94B6-74FD319F5DE7}) (Version: 1.0.40 - Ambient, LLC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WiseConvert Toolbar (HKLM\...\WiseConvert Toolbar) (Version: 6.9.0.16 - WiseConvert)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> C:\Program Files\kikin\KikinBroker.exe (kikin)
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{8ba2cfef-a1bc-4964-aadc-33be1ae5a33c}\InprocServer32 -> C:\Program Files\WeatherBlink\bar\1.bin\gcSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{a8625cb7-85fe-4936-92a4-b2a7c925209e}\InprocServer32 -> C:\Program Files\GamingWonderland\bar\1.bin\gtSrcAs.dll No File
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
14-10-2014 07:00:14 Windows Update
16-10-2014 07:00:14 Windows Update
17-10-2014 07:00:17 Windows Update
18-10-2014 07:00:20 Windows Update
19-10-2014 07:01:29 Windows Update
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {010A6FF2-4C4A-4420-85B5-5BDC72E44C4B} - \GPUP No Task File <==== ATTENTION
Task: {0C9916F1-3FAD-4697-95D0-1FB303457B84} - \TrustedInstaller Update No Task File <==== ATTENTION
Task: {157F9786-6A0C-412E-934A-EA55FF76C439} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {210F4EAA-8B60-4937-9DA8-2C72598FA454} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35650630-A27F-4542-A5F6-A8D001001F69} - System32\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {56444E3E-B139-46D5-9074-2CB19D2E37F4} - System32\Tasks\Security Center Update - 2506715180 => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe [2010-01-20] () <==== ATTENTION
Task: {58080484-536B-4BB1-A466-C8280EA65404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {584C2DE6-8056-4149-8221-9F0951D4B976} - \Security Center Update - 3938323479 No Task File <==== ATTENTION
Task: {5FC2A971-EB25-4F1B-8ECE-2FB706EC6E45} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {762517F7-8569-4E90-8CD2-167FA89FD8F4} - \RegClean Pro No Task File <==== ATTENTION
Task: {817F1E21-0FD1-4CCE-ACC1-C29C3274BD6F} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8FED3212-A1BA-430C-A682-693ED2F07B8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {9023B842-7AAC-4FEA-AE63-64F5B0AD63A0} - \TrustedInstaller Update 2 No Task File <==== ATTENTION
Task: {961B0E5F-A7F9-4995-BE81-8C891D587BC8} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark Z2400 Series\ezprint.exe
Task: {9A31C52A-D88A-4875-B14B-C135B25DBCD4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9E09A186-7BF7-44D0-BD99-1DC8114ADABB} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {9FBD780C-CB7E-4ED9-BF87-E7C4AE08FED4} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2013-10-23] (iWin Inc.)
Task: {A7354E97-E23D-4A89-890F-21B6EC7BD532} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {D0887F83-6BAF-47EF-A734-B4AFE40DFD0C} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {E411BF8A-CB30-4D13-9D1A-9F60FD93410D} - \ASP No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FA71EF24-2E7F-4EF6-ADFE-2A7ADB21B5C5} - \The Bluetooth service discovery No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Security Center Update - 2506715180.job => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe <==== ATTENTION
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-01-23 17:38 - 2006-10-06 08:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2009-01-23 17:38 - 2006-10-06 08:24 - 00016384 _____ () C:\Program Files\Dell Fax Solutions\DlCtrStr.dll
2009-01-23 17:38 - 2006-10-06 08:04 - 00032768 _____ () C:\Program Files\Dell Fax Solutions\ipcmt.dll
2014-10-04 21:24 - 2014-10-04 21:24 - 02400768 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-04 21:24 - 2014-10-04 21:24 - 01821184 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2009-01-23 17:37 - 2006-09-06 05:27 - 00069632 _____ () C:\Program Files\Dell AIO 810\DLCGcfg.dll
2009-01-23 17:37 - 2005-08-08 14:59 - 00180224 _____ () C:\Program Files\Dell AIO 810\DLCGtsfw.dll
2009-01-23 17:37 - 2005-07-11 10:36 - 00118784 _____ () C:\Program Files\Dell AIO 810\DLCGdrec.dll
2009-09-04 23:31 - 2009-09-04 23:31 - 02076672 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
2009-06-19 22:54 - 2009-06-19 22:54 - 07745536 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
2001-08-12 13:35 - 2001-08-12 13:35 - 00872507 _____ () C:\Program Files\National Instruments\Shared\Mesa\mesa.dll
2014-10-18 23:38 - 2014-10-18 23:38 - 00889344 _____ () C:\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL
2014-10-15 15:46 - 2014-10-09 22:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\pdf.dll
2014-10-15 15:45 - 2014-10-09 22:03 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:067CB305
AlternateDataStreams: C:\ProgramData\TEMP:14AD1C14
AlternateDataStreams: C:\ProgramData\TEMP:1C159B9A
AlternateDataStreams: C:\ProgramData\TEMP:1F39C7E1
AlternateDataStreams: C:\ProgramData\TEMP:23BEBB72
AlternateDataStreams: C:\ProgramData\TEMP:243034F9
AlternateDataStreams: C:\ProgramData\TEMP:2F34C507
AlternateDataStreams: C:\ProgramData\TEMP:31207356
AlternateDataStreams: C:\ProgramData\TEMP:32211F93
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:469C6C73
AlternateDataStreams: C:\ProgramData\TEMP:4F137685
AlternateDataStreams: C:\ProgramData\TEMP:51F1C6B8
AlternateDataStreams: C:\ProgramData\TEMP:52C5F022
AlternateDataStreams: C:\ProgramData\TEMP:65521523
AlternateDataStreams: C:\ProgramData\TEMP:67B858FB
AlternateDataStreams: C:\ProgramData\TEMP:721C42E8
AlternateDataStreams: C:\ProgramData\TEMP:73E9F15B
AlternateDataStreams: C:\ProgramData\TEMP:7B7430D1
AlternateDataStreams: C:\ProgramData\TEMP:8F6B2F25
AlternateDataStreams: C:\ProgramData\TEMP:9C31E38F
AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
AlternateDataStreams: C:\ProgramData\TEMP:B203B914
AlternateDataStreams: C:\ProgramData\TEMP:B35A4CE2
AlternateDataStreams: C:\ProgramData\TEMP:B378D1AA
AlternateDataStreams: C:\ProgramData\TEMP:B640D9FB
AlternateDataStreams: C:\ProgramData\TEMP:B838CD98
AlternateDataStreams: C:\ProgramData\TEMP:BAEFC0C1
AlternateDataStreams: C:\ProgramData\TEMP:C5DF04A9
AlternateDataStreams: C:\ProgramData\TEMP:C602FACB
AlternateDataStreams: C:\ProgramData\TEMP:CBB4BFCD
AlternateDataStreams: C:\ProgramData\TEMP:D65EB0D5
AlternateDataStreams: C:\ProgramData\TEMP:D9CED075
AlternateDataStreams: C:\ProgramData\TEMP:DC1F5FA4
AlternateDataStreams: C:\ProgramData\TEMP:DCB1165A
AlternateDataStreams: C:\ProgramData\TEMP:DF236465
AlternateDataStreams: C:\ProgramData\TEMP:E5E3EB25
AlternateDataStreams: C:\ProgramData\TEMP:EDC2110D
AlternateDataStreams: C:\ProgramData\TEMP:EE239CE4
AlternateDataStreams: C:\ProgramData\TEMP:EF258AD5
AlternateDataStreams: C:\ProgramData\TEMP:F337EA60
AlternateDataStreams: C:\ProgramData\TEMP:F55812F7
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Ovhics => regsvr32.exe
MSCONFIG\startupreg: YZRPack => C:\Windows\System32\regsvr32.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-783483399-2225142381-1106649532-500 - Administrator - Disabled)
Guest (S-1-5-21-783483399-2225142381-1106649532-501 - Limited - Disabled)
Hayley (S-1-5-21-783483399-2225142381-1106649532-1000 - Administrator - Enabled) => C:\Users\Hayley
 
==================== Faulty Device Manager Devices =============
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell AIO 810 #2
Description: Dell AIO 810
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2014 06:18:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application ibihumg.exe, version 5.32.37243.759, time stamp 0x5433ee04, faulting module Flash32_15_0_0_167.ocx, version 15.0.0.167, time stamp 0x541384c0, exception code 0xc0000005, fault offset 0x001c12bf,
process id 0x1a98, application start time 0xibihumg.exe0.
 
Error: (10/19/2014 01:22:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WxEx.exe, version 1.0.0.0, time stamp 0x4b4e4b09, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01f90000,
process id 0x16c8, application start time 0xWxEx.exe0.
 
Error: (10/19/2014 01:22:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WxEx.exe, version 1.0.0.0, time stamp 0x4b4e4b09, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01fc0000,
process id 0x13d4, application start time 0xWxEx.exe0.
 
Error: (10/19/2014 01:22:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application WxEx.exe, version 1.0.0.0, time stamp 0x4b4e4b09, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x01f90a86,
process id 0xcf8, application start time 0xWxEx.exe0.
 
Error: (10/18/2014 11:48:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/18/2014 11:40:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 38.0.2125.104 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c90
Start Time: 01cfeb4e3c96bd3a
Termination Time: 47
 
Error: (10/18/2014 09:22:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/18/2014 03:54:23 AM) (Source: VSS) (EventID: 12289) (User: )
Description: Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy16,0xc0000000,0x00000003,...).  hr = 0x80070005.
 
 
Operation:
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (10/17/2014 02:53:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application UpdateFlashPlayer_22139ac0.exe, version 6.24.48703.15603, time stamp 0x4b6f2f0a, faulting module MQUTIL.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception code 0xc0000135, fault offset 0x00009f5d,
process id 0x16b4, application start time 0xUpdateFlashPlayer_22139ac0.exe0.
 
Error: (10/17/2014 01:51:55 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (10/19/2014 10:17:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 19 October 2014 - 12:05 PM

Hi Brian,
 
 
Step 1 
 
Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 19 October 2014 - 08:18 PM

I had to run this program in safe mode i do not know if that will matter or not but here is the log from combofix 
 
ComboFix 14-10-15.01 - Hayley 10/19/2014  20:55:27.2.1 - x86 NETWORK
Running from: c:\users\Hayley\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\FilmFanaticEI
c:\program files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll
c:\program files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll
c:\program files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll
c:\program files\iWin Games\iWinGamesHookIE.dll
c:\program files\kikin
c:\program files\kikin\default_settings.xml
c:\program files\kikin\ie_kikin.dll
c:\program files\kikin\KikinBroker.exe
c:\program files\kikin\KikinCrashReporter.exe
c:\program files\kikin\uninst.exe
c:\program files\RadioRage_4jEI
c:\program files\Retrogamer_2zEI
c:\programdata\SPL40FA.tmp
c:\users\Hayley\20070813082717640_Samsung_USB_Driver_Installer.exe
c:\users\Hayley\AppData\Roaming\Adobe\AcorIEHelper.dll
c:\users\Hayley\AppData\Roaming\kikin
c:\users\Hayley\AppData\Roaming\kikin\cr_kkes.xml
c:\users\Hayley\AppData\Roaming\kikin\ff_kkes.xml
c:\users\Hayley\AppData\Roaming\kikin\ie_configuration.xml
c:\users\Hayley\AppData\Roaming\kikin\ie_kkes.xml
c:\users\Hayley\AppData\Roaming\kikin\ie_settings.xml
c:\users\Hayley\AppData\Roaming\Microsoft\Windows\Recent\cb.tmp
c:\users\Hayley\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Hayley\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
c:\users\Hayley\AppData\Roaming\Microsoft\Windows\Recent\gid.tmp
c:\users\Hayley\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
c:\users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\compact.lnk
c:\users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe
c:\users\Hayley\Desktop\Adware-Removal-Tool-v3.9.1.exe
c:\windows\security\Database\tmp.edb
c:\windows\system32\roboot.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-20 to 2014-10-20  )))))))))))))))))))))))))))))))
.
.
2014-10-20 01:09 . 2014-10-20 01:10 -------- d-----w- c:\users\Hayley\AppData\Local\temp
2014-10-20 01:09 . 2014-10-20 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-19 14:21 . 2014-10-19 18:01 -------- dc----w- C:\FRST
2014-10-19 06:28 . 2014-10-20 01:08 -------- d-----w- c:\users\Hayley\AppData\Roaming\Yvkuhiy
2014-10-19 05:45 . 2014-10-19 05:46 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1943518-2C86-472C-9FEA-F73DD9DA6D3F}\offreg.dll
2014-10-19 03:37 . 2014-10-19 03:37 131072 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp3B0E.exe
2014-10-19 03:05 . 2014-10-19 03:05 264344 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmpDFE3.exe
2014-10-19 02:07 . 2014-10-19 02:07 679936 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp359E.exe
2014-10-17 06:00 . 2014-09-15 06:08 8806800 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1943518-2C86-472C-9FEA-F73DD9DA6D3F}\mpengine.dll
2014-10-17 03:27 . 2014-10-17 03:27 102400 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmpF20D.exe
2014-10-17 02:07 . 2014-10-17 02:07 692224 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp8AB0.exe
2014-10-11 22:42 . 2014-10-11 22:42 -------- dc----w- C:\inetpub
2014-10-11 08:32 . 2014-10-11 08:32 -------- d-----w- c:\users\Hayley\AppData\Roaming\Avira
2014-10-11 07:42 . 2014-09-24 16:44 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-10-11 07:42 . 2014-09-24 16:44 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-11 07:42 . 2014-09-24 16:44 98160 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-11 07:31 . 2014-10-11 07:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\AviraSpeedup
2014-10-11 07:25 . 2014-10-11 07:39 -------- d-----w- c:\program files\Avira
2014-10-11 07:25 . 2014-10-11 07:39 -------- d-----w- c:\programdata\Avira
2014-10-11 07:24 . 2014-10-11 07:24 -------- d-----w- c:\programdata\Package Cache
2014-10-11 07:19 . 2014-10-19 15:21 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-10-11 07:14 . 2014-10-15 18:27 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-11 07:13 . 2014-05-12 11:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-11 07:13 . 2014-05-12 11:25 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-11 07:13 . 2014-05-12 11:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-11 07:13 . 2014-10-11 07:13 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-11 05:22 . 2014-09-09 01:24 8806800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26F8809E-104C-46FA-8E3A-05E295C2BF24}\mpengine.dll
2014-10-11 02:07 . 2014-10-11 02:08 269480 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp8323.exe
2014-10-11 01:03 . 2014-10-15 03:55 290304 ----a-w- c:\windows\system32\subinacl.exe
2014-10-11 01:03 . 2014-10-11 01:03 -------- d-----w- c:\program files\Adware-Removal-Tool
2014-10-11 01:03 . 2014-10-11 01:03 -------- d-----w- c:\program files\Common Files\Microsoft
2014-10-10 18:42 . 2014-10-10 18:42 319456 ----a-w- c:\windows\DIFxAPI.dll
2014-10-10 18:17 . 2014-10-10 19:23 -------- d-----w- c:\users\Hayley\AppData\Roaming\vlc
2014-10-10 18:01 . 2014-10-10 19:04 -------- d-----w- c:\users\Hayley\AppData\Roaming\Systweak
2014-10-09 01:58 . 2014-10-09 01:58 244632 ----a-w- c:\programdata\Microsoft\Secure\Icons\temp\tmp7FAB.exe
2014-10-09 01:37 . 2014-10-11 00:09 73728 ----a-w- c:\windows\system32\tasks.dll
2014-10-06 18:54 . 2014-10-11 23:39 -------- d-----w- c:\program files\Bench
2014-10-05 02:08 . 2014-10-05 02:08 -------- d-----w- c:\program files\VideoLAN
2014-10-05 02:00 . 2014-10-19 03:39 -------- d-----w- c:\users\Hayley\AppData\Local\Ovhics
2014-10-05 01:58 . 2014-10-19 03:38 -------- d-----w- c:\users\Hayley\AppData\Local\YzkfPack
2014-10-05 01:24 . 2014-10-05 01:24 1821184 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-05 00:03 . 2014-10-11 00:13 19384 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-05 00:00 . 2014-10-05 06:06 -------- d-----w- c:\program files\globalUpdate
2014-10-05 00:00 . 2014-10-05 00:00 -------- d-----w- c:\users\Hayley\AppData\Local\globalUpdate
2014-10-01 09:39 . 2014-09-17 07:42 908840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DA5BE9A0-13D1-4FB2-B076-8B2436970DDB}\gapaengine.dll
2014-09-24 05:33 . 2014-09-09 06:24 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-26 05:09 . 2012-04-19 17:36 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-26 05:09 . 2011-05-19 22:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-15 13:06 . 2009-11-13 17:26 231568 ------w- c:\windows\system32\MpSigStub.exe
2014-08-31 06:22 . 2010-06-24 15:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:03 . 2014-08-28 01:59 297984 ----a-w- c:\windows\system32\gdi32.dll
2014-08-22 23:26 . 2014-08-28 01:59 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 14:42 . 2014-09-12 07:19 1810432 ----a-w- c:\windows\system32\jscript9.dll
2014-08-15 14:37 . 2014-09-12 07:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-08-15 14:36 . 2014-09-12 07:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-15 14:35 . 2014-09-12 07:19 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-08-15 14:35 . 2014-09-12 07:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-15 14:34 . 2014-09-12 07:19 11776 ----a-w- c:\windows\system32\mshta.exe
2014-08-15 14:34 . 2014-09-12 07:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-07-25 06:35 . 2014-07-25 06:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1SecureIconsProvider]
@="{FC9D8189-520A-4417-AED7-9EAC810C6FBA}"
[HKEY_CLASSES_ROOT\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}]
2014-10-05 01:24 2400768 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-01 6692632]
"YZRPack"="c:\users\Hayley\AppData\Local\YzkfPack\mc_config_mp2v.dll" [2014-10-19 908288]
"Ovhics"="c:\users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL" [2014-10-19 889344]
"YzkfPack"="c:\users\Hayley\AppData\Local\YzkfPack\tmp3B0E.exe" [2014-10-19 131072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"dlcgmon.exe"="c:\program files\Dell AIO 810\dlcgmon.exe" [2007-01-12 431600]
"FaxCenterServer"="c:\program files\Dell Fax Solutions\fm3032.exe" [2006-12-08 312200]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-24 4452352]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-09-23 165168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-09-24 703736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ovhics]
2006-11-02 09:45 14336 ----a-w- c:\windows\System32\regsvr32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YZRPack]
2006-11-02 09:45 14336 ----a-w- c:\windows\System32\regsvr32.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-783483399-2225142381-1106649532-1000]
"EnableNotificationsRef"=dword:00000003
.
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-15 19:01 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2011-04-01 10:59 114176 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 05:09]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-29 16:16]
.
2014-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-29 16:16]
.
2014-10-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-10-19 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = <-loopback>
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
Toolbar-Locked - (no file)
HKCU-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKCU-Run-Voseideneto - c:\users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe
HKLM-Run-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
HKLM-Run-QOELOADER - c:\program files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
HKLM-Run-Voseideneto - c:\users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA} - c:\program files\kikin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-10-19 21:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
.
scanning hidden files ...  
.
.
c:\users\Hayley\AppData\Local\Temp\catchme.dll 53248 bytes executable
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,06,1d,37,32,70,82,40,9b,fa,22,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,06,1d,37,32,70,82,40,9b,fa,22,\
.
[HKEY_USERS\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-10-19  21:13:58
ComboFix-quarantined-files.txt  2014-10-20 01:13
.
Pre-Run: 82,577,821,696 bytes free
Post-Run: 86,786,330,624 bytes free
.
- - End Of File - - 0538A755C7DF92B8D8D9E978E79F1C87
5C616939100B85E558DA92B899A0FC36

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 20 October 2014 - 04:23 AM

Hi,

please start in normal mode and rerun FRST.

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 20 October 2014 - 10:48 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014
Ran by Hayley (administrator) on FAMILY-PC on 20-10-2014 11:33:09
Running from C:\Users\Hayley\Desktop
Loaded Profile: Hayley (Available profiles: Hayley)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
( ) C:\Windows\System32\dlcgcoms.exe
(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\updrgui.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DLCGCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [dlcgmon.exe] => C:\Program Files\Dell AIO 810\dlcgmon.exe [431600 2007-01-12] (Dell)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell Fax Solutions\fm3032.exe [312200 2006-12-08] ()
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [443728 2009-11-10] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-09-24] (Realtek Semiconductor)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-01] (SUPERAntiSpyware)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YZRPack] => C:\Windows\System32\regsvr32.exe C:\Users\Hayley\AppData\Local\YzkfPack\mc_config_mp2v.dll
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [Ovhics] => regsvr32.exe C:\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL <===== ATTENTION
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YzkfPack] => C:\Users\Hayley\AppData\Local\YzkfPack\tmp3B0E.exe [131072 2014-10-18] ()
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WOWDEB.lnk
ShortcutTarget: WOWDEB.lnk -> C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\WOWDEB.EXE (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll No File
FF Plugin: @ei.iWon_5k.com/Plugin -> C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-05]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR StartupUrls: Default -> "https://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (caodggjhipefhiblmgbchfkehoofabbh) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\caodggjhipefhiblmgbchfkehoofabbh [2014-10-08]
CHR Extension: (Tarot Reading (FREE)) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegplnibkbhflhkcbohabjbmmokildob [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Block site) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-10-10]
CHR Extension: (Date of Birth) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekogipagkbmdlcenkmokkgcdkkfpemce [2014-08-31]
CHR Extension: (Google Sheets) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Free Download Manager Controller\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-08] ( )
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [179368 2013-10-23] (iWin Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S4 Free Download Manager Controller; C:\ProgramData\Free Download Manager Controller\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe [X]
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20392 2008-12-09] (EldoS Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-19] (LeapFrog)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Hayley\AppData\Local\Temp\catchme.sys [X]
S1 cbouncsq; \??\C:\Windows\system32\drivers\cbouncsq.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 mwluhhvr; \??\C:\Windows\system32\drivers\mwluhhvr.sys [X]
S1 ngyeijnu; \??\C:\Windows\system32\drivers\ngyeijnu.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S1 otujrtpi; \??\C:\Windows\system32\drivers\otujrtpi.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 11:32 - 2014-10-20 11:32 - 00000000 ____D () C:\Users\Hayley\Desktop\FRST-OlderVersion
2014-10-19 21:13 - 2014-10-19 21:13 - 00017144 ____C () C:\ComboFix.txt
2014-10-19 14:08 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-19 14:08 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-19 14:08 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-19 14:05 - 2014-10-19 21:14 - 00000000 ___DC () C:\Qoobox
2014-10-19 14:03 - 2014-10-19 21:12 - 00000000 ____D () C:\Windows\erdnt
2014-10-19 13:19 - 2014-10-19 13:21 - 05583559 ____R (Swearware) C:\Users\Hayley\Desktop\ComboFix.exe
2014-10-19 12:03 - 2014-10-19 14:01 - 00033263 _____ () C:\Users\Hayley\Desktop\Addition.txt
2014-10-19 10:27 - 2014-10-20 11:39 - 00016002 _____ () C:\Users\Hayley\Desktop\FRST.txt
2014-10-19 10:21 - 2014-10-20 11:33 - 00000000 ___DC () C:\FRST
2014-10-19 10:15 - 2014-10-20 11:32 - 01102848 ____C (Farbar) C:\Users\Hayley\Desktop\FRST.exe
2014-10-19 02:28 - 2014-10-19 21:08 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Yvkuhiy
2014-10-16 23:38 - 2014-10-16 23:41 - 00002312 _____ () C:\Users\Hayley\Desktop\Rkill.txt
2014-10-16 23:37 - 2014-10-16 23:38 - 00003173 _____ () C:\Users\Hayley\Desktop\attach.txt
2014-10-15 11:16 - 2014-10-15 11:16 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Hayley\Desktop\rkill.exe
2014-10-13 19:07 - 2014-10-13 19:07 - 00015273 _____ () C:\Users\Hayley\Downloads\hijackthis9Oct2014.log
2014-10-13 17:41 - 2014-10-13 17:44 - 00012429 _____ () C:\Users\Hayley\Desktop\dds.txt
2014-10-13 17:35 - 2014-10-13 17:35 - 00688992 ____R (Swearware) C:\Users\Hayley\Desktop\dds.com
2014-10-11 18:43 - 2014-10-11 18:44 - 00029547 _____ () C:\Windows\iis7.log
2014-10-11 18:42 - 2014-10-11 18:42 - 00000000 ___DC () C:\inetpub
2014-10-11 04:32 - 2014-10-11 04:32 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Avira
2014-10-11 03:42 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-11 03:26 - 2014-10-11 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-11 03:26 - 2014-10-11 03:26 - 00001000 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-11 03:25 - 2014-10-11 03:39 - 00000000 ____D () C:\ProgramData\Avira
2014-10-11 03:25 - 2014-10-11 03:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-11 03:24 - 2014-10-11 03:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-11 03:20 - 2014-10-19 11:20 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job
2014-10-11 03:20 - 2014-10-19 04:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job
2014-10-11 03:19 - 2014-10-20 11:28 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-11 03:19 - 2014-10-11 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-11 03:19 - 2014-10-11 03:19 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-11 03:14 - 2014-10-15 14:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 03:13 - 2014-10-11 03:13 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-11 03:13 - 2014-10-11 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 03:13 - 2014-10-11 03:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-11 03:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 03:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 03:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 03:12 - 2014-10-11 03:12 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hayley\Downloads\avira_en_av___ws.exe
2014-10-11 03:10 - 2014-10-11 03:10 - 19809824 _____ (SUPERAntiSpyware) C:\Users\Hayley\Downloads\SUPERAntiSpyware.exe
2014-10-11 03:08 - 2014-10-11 03:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hayley\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-10 21:03 - 2014-10-14 23:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-10-10 21:03 - 2014-10-10 21:03 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-10-10 14:42 - 2014-10-10 14:42 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-10-10 14:17 - 2014-10-10 15:23 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\vlc
2014-10-10 14:01 - 2014-10-10 15:04 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Systweak
2014-10-08 21:37 - 2014-10-10 20:09 - 00073728 _____ () C:\Windows\system32\tasks.dll
2014-10-06 14:54 - 2014-10-11 19:39 - 00000000 ____D () C:\Program Files\Bench
2014-10-04 22:09 - 2014-10-04 22:09 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-04 22:09 - 2014-10-04 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-04 22:08 - 2014-10-04 22:08 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-04 22:00 - 2014-10-18 23:39 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Ovhics
2014-10-04 21:58 - 2014-10-18 23:38 - 00000000 ____D () C:\Users\Hayley\AppData\Local\YzkfPack
2014-10-04 21:36 - 2014-10-04 21:36 - 00000000 ____D () C:\Users\Hayley\Documents\The Giver 2014
2014-10-04 20:03 - 2014-10-10 20:13 - 00019384 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-10-04 20:00 - 2014-10-05 02:06 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-04 20:00 - 2014-10-04 20:00 - 00000000 ____D () C:\Users\Hayley\AppData\Local\globalUpdate
2014-09-24 01:33 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 11:39 - 2008-11-29 12:37 - 01474295 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 11:28 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 11:28 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 11:27 - 2014-05-29 12:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 11:26 - 2008-01-20 22:47 - 00890924 _____ () C:\Windows\PFRO.log
2014-10-20 11:26 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-19 21:14 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-10-19 21:14 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-10-19 21:10 - 2006-11-02 06:23 - 00000215 ____C () C:\Windows\system.ini
2014-10-19 21:08 - 2011-07-13 22:26 - 00000000 ____D () C:\Program Files\iWin Games
2014-10-19 21:08 - 2009-01-23 18:09 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-10-19 21:08 - 2009-01-23 16:34 - 00000000 ____D () C:\Users\Hayley
2014-10-19 20:30 - 2011-11-08 18:41 - 00001356 _____ () C:\Users\Hayley\AppData\Local\d3d9caps.dat
2014-10-19 19:17 - 2014-05-29 12:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 18:19 - 2012-04-19 13:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-18 23:46 - 2006-11-02 09:01 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-17 15:59 - 2012-03-09 02:52 - 00000000 ____D () C:\Users\Hayley\Desktop\brians
2014-10-15 17:48 - 2009-01-23 18:30 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Yahoo
2014-10-15 17:48 - 2009-01-23 18:25 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-15 00:57 - 2011-04-01 06:59 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-11 20:09 - 2009-01-23 17:36 - 00000000 ____D () C:\Program Files\Dl_cats
2014-10-11 20:06 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-11 19:44 - 2006-11-02 07:18 - 00000000 __RSD () C:\Windows\Media
2014-10-11 19:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-11 18:43 - 2006-11-02 06:33 - 00784060 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 18:42 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\0409
2014-10-11 18:42 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-10-11 11:38 - 2011-01-26 12:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-11 11:38 - 2011-01-26 12:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 09:55 - 2014-07-30 13:14 - 00000000 ___DC () C:\SUPERDelete
2014-10-11 03:27 - 2009-02-24 09:14 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Mozilla
2014-10-10 16:30 - 2008-11-29 12:35 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-10 15:15 - 2008-11-29 17:49 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-10 15:13 - 2012-11-30 23:11 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MumboJumbo
2014-10-10 15:13 - 2012-11-30 23:11 - 00000000 ____D () C:\Program Files\MumboJumbo
2014-10-10 15:10 - 2008-11-29 17:47 - 00000000 ____D () C:\Program Files\Java
2014-10-10 15:10 - 2008-11-29 17:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-10 15:07 - 2006-11-02 08:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-10 15:06 - 2008-11-29 17:49 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-10-10 14:44 - 2009-12-25 18:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-08 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-08 21:26 - 2006-11-02 06:22 - 45350912 _____ () C:\Windows\system32\config\software_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 43253760 _____ () C:\Windows\system32\config\components_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 36700160 _____ () C:\Windows\system32\config\system_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00401408 _____ () C:\Windows\system32\config\default_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00086016 _____ () C:\Windows\system32\config\sam_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-10-08 21:25 - 2011-10-20 18:27 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
2014-10-08 21:25 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-08 21:25 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-08 21:24 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-04 22:20 - 2011-11-07 19:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-04 21:50 - 2011-12-23 03:33 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\uTorrent
2014-10-04 20:01 - 2014-06-09 09:11 - 00002031 _____ () C:\Users\Hayley\Desktop\Google Chrome.lnk
2014-10-04 18:23 - 2014-05-28 20:54 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-09-26 01:09 - 2012-04-19 13:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-26 01:09 - 2011-05-19 18:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-20 11:49 - 2014-08-12 06:35 - 00000000 ____D () C:\Program Files\Wizards of the Coast
 
Some content of TEMP:
====================
C:\Users\Hayley\AppData\Local\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-20 11:38
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014
Ran by Hayley at 2014-10-20 11:41:03
Running from C:\Users\Hayley\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.8.0.0 - ) <==== ATTENTION
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
BearShare (HKLM\...\BearShare) (Version: 10.0.0.131832 - Musiclab, LLC)
BearShare (Version: 10.0.0.131832 - Musiclab, LLC) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO 810 (HKLM\...\Dell AIO 810) (Version:  - Dell, Inc.)
Dell PC Fax (HKLM\...\Dell Fax Solutions) (Version:  - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog)
LeapFrog Connect (Version: 2.3.11.8936 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Weather Exchange (HKLM\...\{7DADDB60-CFD0-4AB0-94B6-74FD319F5DE7}) (Version: 1.0.40 - Ambient, LLC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WiseConvert Toolbar (HKLM\...\WiseConvert Toolbar) (Version: 6.9.0.16 - WiseConvert)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
 
==================== Restore Points  =========================
 
Could not list Restore Points. Check "winmgmt" service or repair WMI.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-10-19 21:10 - 2014-10-19 21:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {010A6FF2-4C4A-4420-85B5-5BDC72E44C4B} - \GPUP No Task File <==== ATTENTION
Task: {0C9916F1-3FAD-4697-95D0-1FB303457B84} - \TrustedInstaller Update No Task File <==== ATTENTION
Task: {157F9786-6A0C-412E-934A-EA55FF76C439} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {210F4EAA-8B60-4937-9DA8-2C72598FA454} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35650630-A27F-4542-A5F6-A8D001001F69} - System32\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {56444E3E-B139-46D5-9074-2CB19D2E37F4} - System32\Tasks\Security Center Update - 2506715180 => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe <==== ATTENTION
Task: {58080484-536B-4BB1-A466-C8280EA65404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {584C2DE6-8056-4149-8221-9F0951D4B976} - \Security Center Update - 3938323479 No Task File <==== ATTENTION
Task: {5FC2A971-EB25-4F1B-8ECE-2FB706EC6E45} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {762517F7-8569-4E90-8CD2-167FA89FD8F4} - \RegClean Pro No Task File <==== ATTENTION
Task: {817F1E21-0FD1-4CCE-ACC1-C29C3274BD6F} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8FED3212-A1BA-430C-A682-693ED2F07B8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {9023B842-7AAC-4FEA-AE63-64F5B0AD63A0} - \TrustedInstaller Update 2 No Task File <==== ATTENTION
Task: {961B0E5F-A7F9-4995-BE81-8C891D587BC8} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark Z2400 Series\ezprint.exe
Task: {9A31C52A-D88A-4875-B14B-C135B25DBCD4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9E09A186-7BF7-44D0-BD99-1DC8114ADABB} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {9FBD780C-CB7E-4ED9-BF87-E7C4AE08FED4} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2013-10-23] (iWin Inc.)
Task: {A7354E97-E23D-4A89-890F-21B6EC7BD532} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {D0887F83-6BAF-47EF-A734-B4AFE40DFD0C} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {E411BF8A-CB30-4D13-9D1A-9F60FD93410D} - \ASP No Task File <==== ATTENTION
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {FA71EF24-2E7F-4EF6-ADFE-2A7ADB21B5C5} - \The Bluetooth service discovery No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-01-23 17:38 - 2006-10-06 08:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2009-01-23 17:38 - 2006-10-06 08:24 - 00016384 _____ () C:\Program Files\Dell Fax Solutions\DlCtrStr.dll
2009-01-23 17:38 - 2006-10-06 08:04 - 00032768 _____ () C:\Program Files\Dell Fax Solutions\ipcmt.dll
2014-10-04 21:24 - 2014-10-04 21:24 - 02400768 _____ () C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-04 21:24 - 2014-10-04 21:24 - 01821184 _____ () C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2009-09-04 23:31 - 2009-09-04 23:31 - 02076672 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
2009-06-19 22:54 - 2009-06-19 22:54 - 07745536 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
2014-10-18 23:38 - 2014-10-18 23:38 - 00889344 _____ () C:\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:067CB305
AlternateDataStreams: C:\ProgramData\TEMP:14AD1C14
AlternateDataStreams: C:\ProgramData\TEMP:1C159B9A
AlternateDataStreams: C:\ProgramData\TEMP:1F39C7E1
AlternateDataStreams: C:\ProgramData\TEMP:23BEBB72
AlternateDataStreams: C:\ProgramData\TEMP:243034F9
AlternateDataStreams: C:\ProgramData\TEMP:2F34C507
AlternateDataStreams: C:\ProgramData\TEMP:31207356
AlternateDataStreams: C:\ProgramData\TEMP:32211F93
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:469C6C73
AlternateDataStreams: C:\ProgramData\TEMP:4F137685
AlternateDataStreams: C:\ProgramData\TEMP:51F1C6B8
AlternateDataStreams: C:\ProgramData\TEMP:52C5F022
AlternateDataStreams: C:\ProgramData\TEMP:65521523
AlternateDataStreams: C:\ProgramData\TEMP:67B858FB
AlternateDataStreams: C:\ProgramData\TEMP:721C42E8
AlternateDataStreams: C:\ProgramData\TEMP:73E9F15B
AlternateDataStreams: C:\ProgramData\TEMP:7B7430D1
AlternateDataStreams: C:\ProgramData\TEMP:8F6B2F25
AlternateDataStreams: C:\ProgramData\TEMP:9C31E38F
AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
AlternateDataStreams: C:\ProgramData\TEMP:B203B914
AlternateDataStreams: C:\ProgramData\TEMP:B35A4CE2
AlternateDataStreams: C:\ProgramData\TEMP:B378D1AA
AlternateDataStreams: C:\ProgramData\TEMP:B640D9FB
AlternateDataStreams: C:\ProgramData\TEMP:B838CD98
AlternateDataStreams: C:\ProgramData\TEMP:BAEFC0C1
AlternateDataStreams: C:\ProgramData\TEMP:C5DF04A9
AlternateDataStreams: C:\ProgramData\TEMP:C602FACB
AlternateDataStreams: C:\ProgramData\TEMP:CBB4BFCD
AlternateDataStreams: C:\ProgramData\TEMP:D65EB0D5
AlternateDataStreams: C:\ProgramData\TEMP:D9CED075
AlternateDataStreams: C:\ProgramData\TEMP:DC1F5FA4
AlternateDataStreams: C:\ProgramData\TEMP:DCB1165A
AlternateDataStreams: C:\ProgramData\TEMP:DF236465
AlternateDataStreams: C:\ProgramData\TEMP:E5E3EB25
AlternateDataStreams: C:\ProgramData\TEMP:EDC2110D
AlternateDataStreams: C:\ProgramData\TEMP:EE239CE4
AlternateDataStreams: C:\ProgramData\TEMP:EF258AD5
AlternateDataStreams: C:\ProgramData\TEMP:F337EA60
AlternateDataStreams: C:\ProgramData\TEMP:F55812F7
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Ovhics => regsvr32.exe
MSCONFIG\startupreg: YZRPack => C:\Windows\System32\regsvr32.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-783483399-2225142381-1106649532-500 - Administrator - Disabled)
Guest (S-1-5-21-783483399-2225142381-1106649532-501 - Limited - Disabled)
Hayley (S-1-5-21-783483399-2225142381-1106649532-1000 - Administrator - Enabled) => C:\Users\Hayley
 
==================== Faulty Device Manager Devices =============
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell AIO 810 #2
Description: Dell AIO 810
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/20/2014 11:28:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 11:25:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (10/19/2014 09:14:06 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:13:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:08:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:50:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 08:50:10 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
 
System errors:
=============
Error: (10/20/2014 11:28:45 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (10/20/2014 11:28:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/20/2014 11:28:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (10/20/2014 11:28:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Microsoft Antimalware Service%%1053
 
Error: (10/20/2014 11:28:45 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft Antimalware Service
 
Error: (10/20/2014 11:28:41 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (10/19/2014 09:10:48 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (10/19/2014 09:04:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (10/19/2014 08:54:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
 
Error: (10/19/2014 08:51:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
 
Microsoft Office Sessions:
=========================
Error: (10/20/2014 11:28:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 11:25:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (10/19/2014 09:14:06 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:13:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:08:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:50:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 08:50:10 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-20 11:40:33.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:32.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:32.164
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:31.368
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:29.855
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:29.044
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:28.295
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:27.422
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-19 20:56:51.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-19 20:56:50.630
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Processor LE-1250
Percentage of memory in use: 49%
Total physical RAM: 1981.76 MB
Available physical RAM: 999.92 MB
Total Pagefile: 4208.03 MB
Available Pagefile: 3034.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1894.12 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:73.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 20 October 2014 - 11:50 AM

Hi,
please run a fix with FRST:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Startup: C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WOWDEB.lnk
    ShortcutTarget: WOWDEB.lnk -> C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\WOWDEB.EXE (No File)
    ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
    HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YZRPack] => C:\Windows\System32\regsvr32.exe C:\Users\Hayley\AppData\Local\YzkfPack\mc_config_mp2v.dll
    HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [Ovhics] => regsvr32.exe C:\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL <===== ATTENTION
    HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YzkfPack] => C:\Users\Hayley\AppData\Local\YzkfPack\tmp3B0E.exe [131072 2014-10-18] ()
    HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    C:\Users\Hayley\AppData\Local\YzkfPack
    C:\Users\Hayley\AppData\Local\Ovhics\
    C:\ProgramData\Microsoft\Secure
    BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
    FF Plugin HKCU: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
    FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll No File
    S4 Free Download Manager Controller; C:\ProgramData\Free Download Manager Controller\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe [X]
    S1 otujrtpi; \??\C:\Windows\system32\drivers\otujrtpi.sys [X]
    S1 mwluhhvr; \??\C:\Windows\system32\drivers\mwluhhvr.sys [X]
    S1 ngyeijnu; \??\C:\Windows\system32\drivers\ngyeijnu.sys [X]
    S1 cbouncsq; \??\C:\Windows\system32\drivers\cbouncsq.sys [X]
    2014-10-04 20:03 - 2014-10-10 20:13 - 00019384 _____ () C:\Windows\system32\Drivers\SPPD.sys
    2014-10-19 02:28 - 2014-10-19 21:08 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Yvkuhiy
    2014-10-04 20:00 - 2014-10-05 02:06 - 00000000 ____D () C:\Program Files\globalUpdate
    2014-10-04 20:00 - 2014-10-04 20:00 - 00000000 ____D () C:\Users\Hayley\AppData\Local\globalUpdate
    2014-10-10 14:01 - 2014-10-10 15:04 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Systweak
    CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File
    FF Plugin: @ei.iWon_5k.com/Plugin -> C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
    Task: {010A6FF2-4C4A-4420-85B5-5BDC72E44C4B} - \GPUP No Task File <==== ATTENTION
    Task: {0C9916F1-3FAD-4697-95D0-1FB303457B84} - \TrustedInstaller Update No Task File <==== ATTENTION
    Task: {56444E3E-B139-46D5-9074-2CB19D2E37F4} - System32\Tasks\Security Center Update - 2506715180 => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe <==== ATTENTION
    Task: {584C2DE6-8056-4149-8221-9F0951D4B976} - \Security Center Update - 3938323479 No Task File <==== ATTENTION
    Task: {762517F7-8569-4E90-8CD2-167FA89FD8F4} - \RegClean Pro No Task File <==== ATTENTION
    Task: {817F1E21-0FD1-4CCE-ACC1-C29C3274BD6F} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: {9023B842-7AAC-4FEA-AE63-64F5B0AD63A0} - \TrustedInstaller Update 2 No Task File <==== ATTENTION
    Task: {9E09A186-7BF7-44D0-BD99-1DC8114ADABB} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
    Task: {D0887F83-6BAF-47EF-A734-B4AFE40DFD0C} - \WSE_Astromenda No Task File <==== ATTENTION
    Task: {E411BF8A-CB30-4D13-9D1A-9F60FD93410D} - \ASP No Task File <==== ATTENTION
    Task: {FA71EF24-2E7F-4EF6-ADFE-2A7ADB21B5C5} - \The Bluetooth service discovery No Task File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\TEMP:067CB305
    AlternateDataStreams: C:\ProgramData\TEMP:14AD1C14
    AlternateDataStreams: C:\ProgramData\TEMP:1C159B9A
    AlternateDataStreams: C:\ProgramData\TEMP:1F39C7E1
    AlternateDataStreams: C:\ProgramData\TEMP:23BEBB72
    AlternateDataStreams: C:\ProgramData\TEMP:243034F9
    AlternateDataStreams: C:\ProgramData\TEMP:2F34C507
    AlternateDataStreams: C:\ProgramData\TEMP:31207356
    AlternateDataStreams: C:\ProgramData\TEMP:32211F93
    AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
    AlternateDataStreams: C:\ProgramData\TEMP:469C6C73
    AlternateDataStreams: C:\ProgramData\TEMP:4F137685
    AlternateDataStreams: C:\ProgramData\TEMP:51F1C6B8
    AlternateDataStreams: C:\ProgramData\TEMP:52C5F022
    AlternateDataStreams: C:\ProgramData\TEMP:65521523
    AlternateDataStreams: C:\ProgramData\TEMP:67B858FB
    AlternateDataStreams: C:\ProgramData\TEMP:721C42E8
    AlternateDataStreams: C:\ProgramData\TEMP:73E9F15B
    AlternateDataStreams: C:\ProgramData\TEMP:7B7430D1
    AlternateDataStreams: C:\ProgramData\TEMP:8F6B2F25
    AlternateDataStreams: C:\ProgramData\TEMP:9C31E38F
    AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
    AlternateDataStreams: C:\ProgramData\TEMP:B203B914
    AlternateDataStreams: C:\ProgramData\TEMP:B35A4CE2
    AlternateDataStreams: C:\ProgramData\TEMP:B378D1AA
    AlternateDataStreams: C:\ProgramData\TEMP:B640D9FB
    AlternateDataStreams: C:\ProgramData\TEMP:B838CD98
    AlternateDataStreams: C:\ProgramData\TEMP:BAEFC0C1
    AlternateDataStreams: C:\ProgramData\TEMP:C5DF04A9
    AlternateDataStreams: C:\ProgramData\TEMP:C602FACB
    AlternateDataStreams: C:\ProgramData\TEMP:CBB4BFCD
    AlternateDataStreams: C:\ProgramData\TEMP:D65EB0D5
    AlternateDataStreams: C:\ProgramData\TEMP:D9CED075
    AlternateDataStreams: C:\ProgramData\TEMP:DC1F5FA4
    AlternateDataStreams: C:\ProgramData\TEMP:DCB1165A
    AlternateDataStreams: C:\ProgramData\TEMP:DF236465
    AlternateDataStreams: C:\ProgramData\TEMP:E5E3EB25
    AlternateDataStreams: C:\ProgramData\TEMP:EDC2110D
    AlternateDataStreams: C:\ProgramData\TEMP:EE239CE4
    AlternateDataStreams: C:\ProgramData\TEMP:EF258AD5
    AlternateDataStreams: C:\ProgramData\TEMP:F337EA60
    AlternateDataStreams: C:\ProgramData\TEMP:F55812F7
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


After the Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 20 October 2014 - 12:59 PM

Here is the fixlog and othe two logs you asked for

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-10-2014
Ran by Hayley at 2014-10-20 13:08:24 Run:1
Running from C:\Users\Hayley\Desktop
Loaded Profile: Hayley (Available profiles: Hayley)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
Startup: C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WOWDEB.lnk
ShortcutTarget: WOWDEB.lnk -> C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\WOWDEB.EXE (No File)
ShellIconOverlayIdentifiers: [1SecureIconsProvider] -> {FC9D8189-520A-4417-AED7-9EAC810C6FBA} => C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll ()
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YZRPack] => C:\Windows\System32\regsvr32.exe C:\Users\Hayley\AppData\Local\YzkfPack\mc_config_mp2v.dll
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [Ovhics] => regsvr32.exe C:\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL <===== ATTENTION
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [YzkfPack] => C:\Users\Hayley\AppData\Local\YzkfPack\tmp3B0E.exe [131072 2014-10-18] ()
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
C:\Users\Hayley\AppData\Local\YzkfPack
C:\Users\Hayley\AppData\Local\Ovhics\
C:\ProgramData\Microsoft\Secure
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
FF Plugin HKCU: BearSharePlugin -> C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll No File
FF Plugin: @ei.FilmFanatic.com/Plugin -> C:\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISB.dll No File
S4 Free Download Manager Controller; C:\ProgramData\Free Download Manager Controller\2.6.1125.80\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.exe [X]
S1 otujrtpi; \??\C:\Windows\system32\drivers\otujrtpi.sys [X]
S1 mwluhhvr; \??\C:\Windows\system32\drivers\mwluhhvr.sys [X]
S1 ngyeijnu; \??\C:\Windows\system32\drivers\ngyeijnu.sys [X]
S1 cbouncsq; \??\C:\Windows\system32\drivers\cbouncsq.sys [X]
2014-10-04 20:03 - 2014-10-10 20:13 - 00019384 _____ () C:\Windows\system32\Drivers\SPPD.sys
2014-10-19 02:28 - 2014-10-19 21:08 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Yvkuhiy
2014-10-04 20:00 - 2014-10-05 02:06 - 00000000 ____D () C:\Program Files\globalUpdate
2014-10-04 20:00 - 2014-10-04 20:00 - 00000000 ____D () C:\Users\Hayley\AppData\Local\globalUpdate
2014-10-10 14:01 - 2014-10-10 15:04 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Systweak
CustomCLSID: HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}\localserver32 -> "C:\Program Files\kikin\KikinBroker.exe" No File
FF Plugin: @ei.iWon_5k.com/Plugin -> C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll (iWon)
Task: {010A6FF2-4C4A-4420-85B5-5BDC72E44C4B} - \GPUP No Task File <==== ATTENTION
Task: {0C9916F1-3FAD-4697-95D0-1FB303457B84} - \TrustedInstaller Update No Task File <==== ATTENTION
Task: {56444E3E-B139-46D5-9074-2CB19D2E37F4} - System32\Tasks\Security Center Update - 2506715180 => C:\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe <==== ATTENTION
Task: {584C2DE6-8056-4149-8221-9F0951D4B976} - \Security Center Update - 3938323479 No Task File <==== ATTENTION
Task: {762517F7-8569-4E90-8CD2-167FA89FD8F4} - \RegClean Pro No Task File <==== ATTENTION
Task: {817F1E21-0FD1-4CCE-ACC1-C29C3274BD6F} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {9023B842-7AAC-4FEA-AE63-64F5B0AD63A0} - \TrustedInstaller Update 2 No Task File <==== ATTENTION
Task: {9E09A186-7BF7-44D0-BD99-1DC8114ADABB} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {D0887F83-6BAF-47EF-A734-B4AFE40DFD0C} - \WSE_Astromenda No Task File <==== ATTENTION
Task: {E411BF8A-CB30-4D13-9D1A-9F60FD93410D} - \ASP No Task File <==== ATTENTION
Task: {FA71EF24-2E7F-4EF6-ADFE-2A7ADB21B5C5} - \The Bluetooth service discovery No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:067CB305
AlternateDataStreams: C:\ProgramData\TEMP:14AD1C14
AlternateDataStreams: C:\ProgramData\TEMP:1C159B9A
AlternateDataStreams: C:\ProgramData\TEMP:1F39C7E1
AlternateDataStreams: C:\ProgramData\TEMP:23BEBB72
AlternateDataStreams: C:\ProgramData\TEMP:243034F9
AlternateDataStreams: C:\ProgramData\TEMP:2F34C507
AlternateDataStreams: C:\ProgramData\TEMP:31207356
AlternateDataStreams: C:\ProgramData\TEMP:32211F93
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140
AlternateDataStreams: C:\ProgramData\TEMP:469C6C73
AlternateDataStreams: C:\ProgramData\TEMP:4F137685
AlternateDataStreams: C:\ProgramData\TEMP:51F1C6B8
AlternateDataStreams: C:\ProgramData\TEMP:52C5F022
AlternateDataStreams: C:\ProgramData\TEMP:65521523
AlternateDataStreams: C:\ProgramData\TEMP:67B858FB
AlternateDataStreams: C:\ProgramData\TEMP:721C42E8
AlternateDataStreams: C:\ProgramData\TEMP:73E9F15B
AlternateDataStreams: C:\ProgramData\TEMP:7B7430D1
AlternateDataStreams: C:\ProgramData\TEMP:8F6B2F25
AlternateDataStreams: C:\ProgramData\TEMP:9C31E38F
AlternateDataStreams: C:\ProgramData\TEMP:B139DDF3
AlternateDataStreams: C:\ProgramData\TEMP:B203B914
AlternateDataStreams: C:\ProgramData\TEMP:B35A4CE2
AlternateDataStreams: C:\ProgramData\TEMP:B378D1AA
AlternateDataStreams: C:\ProgramData\TEMP:B640D9FB
AlternateDataStreams: C:\ProgramData\TEMP:B838CD98
AlternateDataStreams: C:\ProgramData\TEMP:BAEFC0C1
AlternateDataStreams: C:\ProgramData\TEMP:C5DF04A9
AlternateDataStreams: C:\ProgramData\TEMP:C602FACB
AlternateDataStreams: C:\ProgramData\TEMP:CBB4BFCD
AlternateDataStreams: C:\ProgramData\TEMP:D65EB0D5
AlternateDataStreams: C:\ProgramData\TEMP:D9CED075
AlternateDataStreams: C:\ProgramData\TEMP:DC1F5FA4
AlternateDataStreams: C:\ProgramData\TEMP:DCB1165A
AlternateDataStreams: C:\ProgramData\TEMP:DF236465
AlternateDataStreams: C:\ProgramData\TEMP:E5E3EB25
AlternateDataStreams: C:\ProgramData\TEMP:EDC2110D
AlternateDataStreams: C:\ProgramData\TEMP:EE239CE4
AlternateDataStreams: C:\ProgramData\TEMP:EF258AD5
AlternateDataStreams: C:\ProgramData\TEMP:F337EA60
AlternateDataStreams: C:\ProgramData\TEMP:F55812F7
EmptyTemp:
 
*****************
 
Processes closed successfully.
C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WOWDEB.lnk => Moved successfully.
C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\IEUpdate\WOWDEB.EXE not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider" => Key deleted successfully.
"HKCR\CLSID\{FC9D8189-520A-4417-AED7-9EAC810C6FBA}" => Key deleted successfully.
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YZRPack => value deleted successfully.
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Ovhics => value deleted successfully.
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\Software\Microsoft\Windows\CurrentVersion\Run\\YzkfPack => value deleted successfully.
"HKU\S-1-5-21-783483399-2225142381-1106649532-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-783483399-2225142381-1106649532-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
C:\Users\Hayley\AppData\Local\YzkfPack => Moved successfully.
C:\Users\Hayley\AppData\Local\Ovhics => Moved successfully.
 
"C:\ProgramData\Microsoft\Secure" directory move:
 
C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll" => Scheduled to move on reboot.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp17C7.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp17E5.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp1B4.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp1C2A.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2271.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp289B.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp2BFF.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp33BD.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp359E.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp359E.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp3B0E.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp3B0E.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5748.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5764.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp5A96.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp6174.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp64FD.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp70B5.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp736.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7791.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7A82.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7AAB.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7FAB.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp7FAB.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8323.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8323.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp870D.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp87C6.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8AB0.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp8AB0.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp97EB.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9B28.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmp9F9B.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpA23C.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpAD4E.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpC8E.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDE23.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDF0F.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDFE3.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpDFE3.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpE3B9.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpE572.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpE834.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEBD4.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEDE8.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpEE78.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF20D.exe => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF20D.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\tmpF29.tmp => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{2DDE08E0-C5F5-13F5-6823-76C9761B494F} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{3687B76B-C221-7817-5973-FBAE303FDBD7} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{86932CE9-2414-899D-333F-DD4603E017FC} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{8DBABBFB-648F-BE41-1ABD-480AFDC46DA0} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{A14ECE4B-1675-EC1B-F09B-E41541F421EE} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{AD4D64D7-27DF-1023-BAC9-001C4F516308} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\temp\{EA6BA672-556F-B30C-6D81-DA9BA440AD5A} => Moved successfully.
C:\ProgramData\Microsoft\Secure\Icons\CachedIcons\zepplauncher.mif => Moved successfully.
Could not move "C:\ProgramData\Microsoft\Secure" directory. => Scheduled to move on reboot.
 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
"HKCU\Software\MozillaPlugins\BearSharePlugin" => Key deleted successfully.
C:\Program Files\BearShare Applications\BearShare\npBearSharePlugin.dll not found.
"HKLM\Software\MozillaPlugins\@ei.FilmFanatic.com/Plugin" => Key deleted successfully.
Free Download Manager Controller => Service deleted successfully.
otujrtpi => Service deleted successfully.
mwluhhvr => Service deleted successfully.
ngyeijnu => Service deleted successfully.
cbouncsq => Service deleted successfully.
C:\Windows\system32\Drivers\SPPD.sys => Moved successfully.
C:\Users\Hayley\AppData\Roaming\Yvkuhiy => Moved successfully.
C:\Program Files\globalUpdate => Moved successfully.
C:\Users\Hayley\AppData\Local\globalUpdate => Moved successfully.
C:\Users\Hayley\AppData\Roaming\Systweak => Moved successfully.
"HKU\S-1-5-21-783483399-2225142381-1106649532-1000_Classes\CLSID\{79E8FD71-F54B-42d4-A4F5-E7565DB58441}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@ei.iWon_5k.com/Plugin" => Key deleted successfully.
C:\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{010A6FF2-4C4A-4420-85B5-5BDC72E44C4B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{010A6FF2-4C4A-4420-85B5-5BDC72E44C4B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C9916F1-3FAD-4697-95D0-1FB303457B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C9916F1-3FAD-4697-95D0-1FB303457B84}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TrustedInstaller Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56444E3E-B139-46D5-9074-2CB19D2E37F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56444E3E-B139-46D5-9074-2CB19D2E37F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\Security Center Update - 2506715180 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2506715180" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{584C2DE6-8056-4149-8221-9F0951D4B976}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{584C2DE6-8056-4149-8221-9F0951D4B976}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 3938323479" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{762517F7-8569-4E90-8CD2-167FA89FD8F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{762517F7-8569-4E90-8CD2-167FA89FD8F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{817F1E21-0FD1-4CCE-ACC1-C29C3274BD6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{817F1E21-0FD1-4CCE-ACC1-C29C3274BD6F}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{9023B842-7AAC-4FEA-AE63-64F5B0AD63A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9023B842-7AAC-4FEA-AE63-64F5B0AD63A0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TrustedInstaller Update 2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E09A186-7BF7-44D0-BD99-1DC8114ADABB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E09A186-7BF7-44D0-BD99-1DC8114ADABB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0887F83-6BAF-47EF-A734-B4AFE40DFD0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0887F83-6BAF-47EF-A734-B4AFE40DFD0C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Astromenda" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E411BF8A-CB30-4D13-9D1A-9F60FD93410D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E411BF8A-CB30-4D13-9D1A-9F60FD93410D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{FA71EF24-2E7F-4EF6-ADFE-2A7ADB21B5C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA71EF24-2E7F-4EF6-ADFE-2A7ADB21B5C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\The Bluetooth service discovery" => Key deleted successfully.
C:\ProgramData\TEMP => ":067CB305" ADS removed successfully.
C:\ProgramData\TEMP => ":14AD1C14" ADS removed successfully.
C:\ProgramData\TEMP => ":1C159B9A" ADS removed successfully.
C:\ProgramData\TEMP => ":1F39C7E1" ADS removed successfully.
C:\ProgramData\TEMP => ":23BEBB72" ADS removed successfully.
C:\ProgramData\TEMP => ":243034F9" ADS removed successfully.
C:\ProgramData\TEMP => ":2F34C507" ADS removed successfully.
C:\ProgramData\TEMP => ":31207356" ADS removed successfully.
C:\ProgramData\TEMP => ":32211F93" ADS removed successfully.
C:\ProgramData\TEMP => ":43C9D140" ADS removed successfully.
C:\ProgramData\TEMP => ":469C6C73" ADS removed successfully.
C:\ProgramData\TEMP => ":4F137685" ADS removed successfully.
C:\ProgramData\TEMP => ":51F1C6B8" ADS removed successfully.
C:\ProgramData\TEMP => ":52C5F022" ADS removed successfully.
C:\ProgramData\TEMP => ":65521523" ADS removed successfully.
C:\ProgramData\TEMP => ":67B858FB" ADS removed successfully.
C:\ProgramData\TEMP => ":721C42E8" ADS removed successfully.
C:\ProgramData\TEMP => ":73E9F15B" ADS removed successfully.
C:\ProgramData\TEMP => ":7B7430D1" ADS removed successfully.
C:\ProgramData\TEMP => ":8F6B2F25" ADS removed successfully.
C:\ProgramData\TEMP => ":9C31E38F" ADS removed successfully.
C:\ProgramData\TEMP => ":B139DDF3" ADS removed successfully.
C:\ProgramData\TEMP => ":B203B914" ADS removed successfully.
C:\ProgramData\TEMP => ":B35A4CE2" ADS removed successfully.
C:\ProgramData\TEMP => ":B378D1AA" ADS removed successfully.
C:\ProgramData\TEMP => ":B640D9FB" ADS removed successfully.
C:\ProgramData\TEMP => ":B838CD98" ADS removed successfully.
C:\ProgramData\TEMP => ":BAEFC0C1" ADS removed successfully.
C:\ProgramData\TEMP => ":C5DF04A9" ADS removed successfully.
C:\ProgramData\TEMP => ":C602FACB" ADS removed successfully.
C:\ProgramData\TEMP => ":CBB4BFCD" ADS removed successfully.
C:\ProgramData\TEMP => ":D65EB0D5" ADS removed successfully.
C:\ProgramData\TEMP => ":D9CED075" ADS removed successfully.
C:\ProgramData\TEMP => ":DC1F5FA4" ADS removed successfully.
C:\ProgramData\TEMP => ":DCB1165A" ADS removed successfully.
C:\ProgramData\TEMP => ":DF236465" ADS removed successfully.
C:\ProgramData\TEMP => ":E5E3EB25" ADS removed successfully.
C:\ProgramData\TEMP => ":EDC2110D" ADS removed successfully.
C:\ProgramData\TEMP => ":EE239CE4" ADS removed successfully.
C:\ProgramData\TEMP => ":EF258AD5" ADS removed successfully.
C:\ProgramData\TEMP => ":F337EA60" ADS removed successfully.
C:\ProgramData\TEMP => ":F55812F7" ADS removed successfully.
EmptyTemp: => Removed 7.7 GB temporary data.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-20 13:43:50)<=
 
C:\ProgramData\Microsoft\Secure\Icons\SecureIconsProvider.dll => Is moved successfully.
C:\ProgramData\Microsoft\Secure => Is moved successfully.
 
==== End of Fixlog ====
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-10-2014
Ran by Hayley (administrator) on FAMILY-PC on 20-10-2014 13:46:09
Running from C:\Users\Hayley\Desktop
Loaded Profile: Hayley (Available profiles: Hayley)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
( ) C:\Windows\System32\dlcgcoms.exe
(iWin Inc.) C:\Program Files\iWin Games\iWinTrusted.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Dell) C:\Program Files\Dell AIO 810\DLCGmon.exe
(LeapFrog Enterprises, Inc.) C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Avanquest Software ) C:\Program Files\Digital Line Detect\DLG.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [DLCGCATS] => rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16                                                                                                                         (the data entry has 59 more characters).
HKLM\...\Run: [dlcgmon.exe] => C:\Program Files\Dell AIO 810\dlcgmon.exe [431600 2007-01-12] (Dell)
HKLM\...\Run: [FaxCenterServer] => C:\Program Files\Dell Fax Solutions\fm3032.exe [312200 2006-12-08] ()
HKLM\...\Run: [Monitor] => C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe [443728 2009-11-10] (LeapFrog Enterprises, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4452352 2007-09-24] (Realtek Semiconductor)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [165168 2014-09-23] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-09-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-783483399-2225142381-1106649532-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6692632 2014-10-01] (SUPERAntiSpyware)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll No File
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-04-05]
 
Chrome: 
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR StartupUrls: Default -> "https://www.yahoo.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-10]
CHR Extension: (Google Docs) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-27]
CHR Extension: (Google Drive) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-27]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-27]
CHR Extension: (caodggjhipefhiblmgbchfkehoofabbh) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\caodggjhipefhiblmgbchfkehoofabbh [2014-10-08]
CHR Extension: (Tarot Reading (FREE)) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\cegplnibkbhflhkcbohabjbmmokildob [2014-08-31]
CHR Extension: (Google Search) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-27]
CHR Extension: (Block site) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2014-10-10]
CHR Extension: (Date of Birth) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekogipagkbmdlcenkmokkgcdkkfpemce [2014-08-31]
CHR Extension: (Google Sheets) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-10]
CHR Extension: (Avira Browser Safety) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-10-11]
CHR Extension: (Google Wallet) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-27]
CHR Extension: (Gmail) - C:\Users\Hayley\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-27]
CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Free Download Manager Controller\2.3.759.138\{16cdff19-861d-48e3-a751-d99a27784753}\fdmctrl.crx []
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [142648 2014-07-22] (SUPERAntiSpyware.com)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-09-24] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160560 2014-09-23] (Avira Operations GmbH & Co. KG)
R2 dlcg_device; C:\Windows\system32\dlcgcoms.exe [537480 2006-12-08] ( )
R2 iWinTrusted; C:\Program Files\iWin Games\iWinTrusted.exe [179368 2013-10-23] (iWin Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 amacpi; C:\Windows\System32\DRIVERS\null.sys [4608 2008-01-20] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-09-24] (Avira Operations GmbH & Co. KG)
R1 ElRawDisk; C:\Windows\system32\drivers\elrawdsk.sys [20392 2008-12-09] (EldoS Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [19456 2007-06-19] (LeapFrog)
S3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2008-07-26] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [13848 2008-07-26] (Logitech Inc.)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2570520 2008-07-26] (Logitech Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2014-09-24] (Avira GmbH)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [521216 2008-01-20] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Hayley\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 13:46 - 2014-10-20 13:46 - 00014122 _____ () C:\Users\Hayley\Desktop\FRST.txt
2014-10-20 11:32 - 2014-10-20 11:32 - 00000000 ____D () C:\Users\Hayley\Desktop\FRST-OlderVersion
2014-10-19 21:13 - 2014-10-19 21:13 - 00017144 ____C () C:\ComboFix.txt
2014-10-19 14:08 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-19 14:08 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-19 14:08 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-19 14:08 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-19 14:05 - 2014-10-19 21:14 - 00000000 ___DC () C:\Qoobox
2014-10-19 14:03 - 2014-10-19 21:12 - 00000000 ____D () C:\Windows\erdnt
2014-10-19 13:19 - 2014-10-19 13:21 - 05583559 ____R (Swearware) C:\Users\Hayley\Desktop\ComboFix.exe
2014-10-19 12:03 - 2014-10-20 11:42 - 00030384 _____ () C:\Users\Hayley\Desktop\Addition.txt
2014-10-19 10:21 - 2014-10-20 13:46 - 00000000 ___DC () C:\FRST
2014-10-19 10:15 - 2014-10-20 11:32 - 01102848 ____C (Farbar) C:\Users\Hayley\Desktop\FRST.exe
2014-10-15 11:16 - 2014-10-15 11:16 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Hayley\Desktop\rkill.exe
2014-10-13 19:07 - 2014-10-13 19:07 - 00015273 _____ () C:\Users\Hayley\Downloads\hijackthis9Oct2014.log
2014-10-13 17:35 - 2014-10-13 17:35 - 00688992 ____R (Swearware) C:\Users\Hayley\Desktop\dds.com
2014-10-11 18:43 - 2014-10-11 18:44 - 00029547 _____ () C:\Windows\iis7.log
2014-10-11 18:42 - 2014-10-11 18:42 - 00000000 ___DC () C:\inetpub
2014-10-11 04:32 - 2014-10-11 04:32 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Avira
2014-10-11 03:42 - 2014-09-24 12:44 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00098160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00037352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-10-11 03:42 - 2014-09-24 12:44 - 00028520 _____ (Avira GmbH) C:\Windows\system32\Drivers\ssmdrv.sys
2014-10-11 03:26 - 2014-10-11 03:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-11 03:26 - 2014-10-11 03:26 - 00001000 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-10-11 03:25 - 2014-10-11 03:39 - 00000000 ____D () C:\ProgramData\Avira
2014-10-11 03:25 - 2014-10-11 03:39 - 00000000 ____D () C:\Program Files\Avira
2014-10-11 03:24 - 2014-10-11 03:24 - 00000000 ____D () C:\ProgramData\Package Cache
2014-10-11 03:20 - 2014-10-19 11:20 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job
2014-10-11 03:20 - 2014-10-19 04:00 - 00000512 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job
2014-10-11 03:19 - 2014-10-20 13:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-11 03:19 - 2014-10-11 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-11 03:19 - 2014-10-11 03:19 - 00001802 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-10-11 03:14 - 2014-10-15 14:27 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-11 03:13 - 2014-10-11 03:13 - 00000901 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-11 03:13 - 2014-10-11 03:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-11 03:13 - 2014-10-11 03:13 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-11 03:13 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-11 03:13 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-11 03:13 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-11 03:12 - 2014-10-11 03:12 - 04714656 _____ (Avira Operations GmbH & Co. KG) C:\Users\Hayley\Downloads\avira_en_av___ws.exe
2014-10-11 03:10 - 2014-10-11 03:10 - 19809824 _____ (SUPERAntiSpyware) C:\Users\Hayley\Downloads\SUPERAntiSpyware.exe
2014-10-11 03:08 - 2014-10-11 03:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hayley\Downloads\mbam-setup-2.0.2.1012.exe
2014-10-10 21:03 - 2014-10-14 23:55 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2014-10-10 21:03 - 2014-10-10 21:03 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-10-10 14:42 - 2014-10-10 14:42 - 00319456 _____ (Microsoft Corporation) C:\Windows\DIFxAPI.dll
2014-10-10 14:17 - 2014-10-10 15:23 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\vlc
2014-10-08 21:37 - 2014-10-10 20:09 - 00073728 _____ () C:\Windows\system32\tasks.dll
2014-10-06 14:54 - 2014-10-11 19:39 - 00000000 ____D () C:\Program Files\Bench
2014-10-04 22:09 - 2014-10-04 22:09 - 00000861 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-10-04 22:09 - 2014-10-04 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-10-04 22:08 - 2014-10-04 22:08 - 00000000 ____D () C:\Program Files\VideoLAN
2014-10-04 21:36 - 2014-10-04 21:36 - 00000000 ____D () C:\Users\Hayley\Documents\The Giver 2014
2014-09-24 01:33 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-20 13:49 - 2008-11-29 12:37 - 01620897 _____ () C:\Windows\WindowsUpdate.log
2014-10-20 13:42 - 2014-05-29 12:16 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-20 13:42 - 2008-01-20 22:47 - 01085996 _____ () C:\Windows\PFRO.log
2014-10-20 13:42 - 2006-11-02 09:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-20 13:42 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-20 13:42 - 2006-11-02 08:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-20 13:41 - 2006-11-02 09:01 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-20 13:19 - 2012-04-19 13:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-20 13:16 - 2014-05-29 12:16 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-19 21:14 - 2006-11-02 07:18 - 00000000 __RHD () C:\Users\Default
2014-10-19 21:14 - 2006-11-02 07:18 - 00000000 ___RD () C:\Users\Public
2014-10-19 21:10 - 2006-11-02 06:23 - 00000215 ____C () C:\Windows\system.ini
2014-10-19 21:08 - 2011-07-13 22:26 - 00000000 ____D () C:\Program Files\iWin Games
2014-10-19 21:08 - 2009-01-23 18:09 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Adobe
2014-10-19 21:08 - 2009-01-23 16:34 - 00000000 ____D () C:\Users\Hayley
2014-10-19 20:30 - 2011-11-08 18:41 - 00001356 _____ () C:\Users\Hayley\AppData\Local\d3d9caps.dat
2014-10-17 15:59 - 2012-03-09 02:52 - 00000000 ____D () C:\Users\Hayley\Desktop\brians
2014-10-15 17:48 - 2009-01-23 18:30 - 00000000 ____D () C:\Users\Hayley\AppData\Local\Yahoo
2014-10-15 17:48 - 2009-01-23 18:25 - 00000000 ____D () C:\Program Files\Yahoo!
2014-10-15 00:57 - 2011-04-01 06:59 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-11 20:09 - 2009-01-23 17:36 - 00000000 ____D () C:\Program Files\Dl_cats
2014-10-11 20:06 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache
2014-10-11 19:44 - 2006-11-02 07:18 - 00000000 __RSD () C:\Windows\Media
2014-10-11 19:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-11 18:43 - 2006-11-02 06:33 - 00784060 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-11 18:42 - 2006-11-02 08:42 - 00000000 ____D () C:\Windows\system32\0409
2014-10-11 18:42 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-10-11 11:38 - 2011-01-26 12:09 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-10-11 11:38 - 2011-01-26 12:08 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-11 09:55 - 2014-07-30 13:14 - 00000000 ___DC () C:\SUPERDelete
2014-10-11 03:27 - 2009-02-24 09:14 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Mozilla
2014-10-10 16:30 - 2008-11-29 12:35 - 00000000 ____D () C:\Windows\system32\RTCOM
2014-10-10 15:15 - 2008-11-29 17:49 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-10 15:13 - 2012-11-30 23:11 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MumboJumbo
2014-10-10 15:13 - 2012-11-30 23:11 - 00000000 ____D () C:\Program Files\MumboJumbo
2014-10-10 15:10 - 2008-11-29 17:47 - 00000000 ____D () C:\Program Files\Java
2014-10-10 15:10 - 2008-11-29 17:47 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-10 15:07 - 2006-11-02 08:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-10 15:06 - 2008-11-29 17:49 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2014-10-10 14:44 - 2009-12-25 18:48 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-08 21:27 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-10-08 21:26 - 2006-11-02 06:22 - 45350912 _____ () C:\Windows\system32\config\software_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 43253760 _____ () C:\Windows\system32\config\components_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 36700160 _____ () C:\Windows\system32\config\system_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00401408 _____ () C:\Windows\system32\config\default_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00086016 _____ () C:\Windows\system32\config\sam_previous
2014-10-08 21:26 - 2006-11-02 06:22 - 00024576 _____ () C:\Windows\system32\config\security_previous
2014-10-08 21:25 - 2011-10-20 18:27 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserPlus
2014-10-08 21:25 - 2006-11-02 07:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-08 21:25 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\system32\spool
2014-10-08 21:24 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\registration
2014-10-04 22:20 - 2011-11-07 19:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-04 21:50 - 2011-12-23 03:33 - 00000000 ____D () C:\Users\Hayley\AppData\Roaming\uTorrent
2014-10-04 20:01 - 2014-06-09 09:11 - 00002031 _____ () C:\Users\Hayley\Desktop\Google Chrome.lnk
2014-10-04 18:23 - 2014-05-28 20:54 - 00000000 ____D () C:\Users\Public\Documents\Verizon_Android
2014-09-26 01:09 - 2012-04-19 13:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-26 01:09 - 2011-05-19 18:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-20 11:49 - 2014-08-12 06:35 - 00000000 ____D () C:\Program Files\Wizards of the Coast
 
Some content of TEMP:
====================
C:\Users\Hayley\AppData\Local\temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-20 13:51
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-10-2014
Ran by Hayley at 2014-10-20 13:53:21
Running from C:\Users\Hayley\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)
Acrobat.com (Version: 2.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Ask Toolbar (HKLM\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.8.0.0 - ) <==== ATTENTION
Avira (HKLM\...\{9bd9b85e-7792-483b-a318-cc51ff0877ed}) (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.22.50000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.306 - Avira)
BearShare (HKLM\...\BearShare) (Version: 10.0.0.131832 - Musiclab, LLC)
BearShare (Version: 10.0.0.131832 - Musiclab, LLC) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell AIO 810 (HKLM\...\Dell AIO 810) (Version:  - Dell, Inc.)
Dell PC Fax (HKLM\...\Dell Fax Solutions) (Version:  - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LeapFrog Connect (HKLM\...\UPCShell) (Version: 2.3.11.8936 - LeapFrog)
LeapFrog Connect (Version: 2.3.11.8936 - LeapFrog) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{294EAADF-E50F-4DD8-AD8D-19587EA10512}) (Version: 1.0.24.0 - Dell)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.53 - BVRP Software, Inc)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIANetworkDiagnostic (HKLM\...\InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}) (Version: 1.00.0000 - NVIDIA Corporation)
NVIDIANetworkDiagnostic (Version: 1.00.0000 - NVIDIA Corporation) Hidden
QuickTime (HKLM\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version:  - )
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Weather Exchange (HKLM\...\{7DADDB60-CFD0-4AB0-94B6-74FD319F5DE7}) (Version: 1.0.40 - Ambient, LLC)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WiseConvert Toolbar (HKLM\...\WiseConvert Toolbar) (Version: 6.9.0.16 - WiseConvert)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
14-10-2014 07:00:14 Windows Update
16-10-2014 07:00:14 Windows Update
17-10-2014 07:00:17 Windows Update
18-10-2014 07:00:20 Windows Update
19-10-2014 07:01:29 Windows Update
20-10-2014 15:32:22 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-10-19 21:10 - 2014-10-19 21:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {157F9786-6A0C-412E-934A-EA55FF76C439} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {210F4EAA-8B60-4937-9DA8-2C72598FA454} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {35650630-A27F-4542-A5F6-A8D001001F69} - System32\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {58080484-536B-4BB1-A466-C8280EA65404} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-29] (Google Inc.)
Task: {5FC2A971-EB25-4F1B-8ECE-2FB706EC6E45} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {8FED3212-A1BA-430C-A682-693ED2F07B8B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-26] (Adobe Systems Incorporated)
Task: {961B0E5F-A7F9-4995-BE81-8C891D587BC8} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark Z2400 Series\ezprint.exe
Task: {9A31C52A-D88A-4875-B14B-C135B25DBCD4} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {9FBD780C-CB7E-4ED9-BF87-E7C4AE08FED4} - System32\Tasks\RunAsStdUser Task => C:\Program Files\iWin Games\iWinGames.exe [2013-10-23] (iWin Inc.)
Task: {A7354E97-E23D-4A89-890F-21B6EC7BD532} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 2ab4ed7d-7fc5-4bc4-a11e-758d325bacd0.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task a3e1df86-95ec-4028-a150-4ccbb3a8fb58.job => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-01-23 17:38 - 2006-10-06 08:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2009-01-23 17:38 - 2006-10-06 08:24 - 00016384 _____ () C:\Program Files\Dell Fax Solutions\DlCtrStr.dll
2009-01-23 17:38 - 2006-10-06 08:04 - 00032768 _____ () C:\Program Files\Dell Fax Solutions\ipcmt.dll
2009-01-23 17:37 - 2006-09-06 05:27 - 00069632 _____ () C:\Program Files\Dell AIO 810\DLCGcfg.dll
2009-01-23 17:37 - 2005-08-08 14:59 - 00180224 _____ () C:\Program Files\Dell AIO 810\DLCGtsfw.dll
2009-01-23 17:37 - 2005-07-11 10:36 - 00118784 _____ () C:\Program Files\Dell AIO 810\DLCGdrec.dll
2009-09-04 23:31 - 2009-09-04 23:31 - 02076672 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
2009-06-19 22:54 - 2009-06-19 22:54 - 07745536 _____ () C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: LeapFrog Connect Device Service => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupreg: Ovhics => regsvr32.exe
MSCONFIG\startupreg: YZRPack => C:\Windows\System32\regsvr32.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-783483399-2225142381-1106649532-500 - Administrator - Disabled)
Guest (S-1-5-21-783483399-2225142381-1106649532-501 - Limited - Disabled)
Hayley (S-1-5-21-783483399-2225142381-1106649532-1000 - Administrator - Enabled) => C:\Users\Hayley
 
==================== Faulty Device Manager Devices =============
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 6TO4 Adapter
Description: Microsoft 6to4 Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Dell AIO 810 #2
Description: Dell AIO 810
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Dell
Service: usbscan
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/20/2014 01:44:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 01:41:17 PM) (Source: Windows Search Service) (EventID: 3050) (User: )
Description: Unvisited items cannot be deleted from the history after a full update.
 
Context:  Application, SystemIndex Catalog
 
 
Details:
The gatherer is shutting down.   (0x80040d23)
 
Error: (10/20/2014 11:28:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 11:25:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (10/19/2014 09:14:06 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:13:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:08:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:50:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 08:50:10 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
 
System errors:
=============
Error: (10/20/2014 01:44:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Null
 
Error: (10/20/2014 01:44:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: SupportSoft Sprocket Service (dellsupportcenter)%%2
 
Error: (10/20/2014 01:44:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
 
Error: (10/20/2014 01:44:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Microsoft Antimalware Service%%1053
 
Error: (10/20/2014 01:44:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft Antimalware Service
 
Error: (10/20/2014 01:09:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (10/20/2014 01:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Avira Service Host1100001Restart the service
 
Error: (10/20/2014 01:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Print Spooler1600001Restart the service
 
Error: (10/20/2014 01:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service
 
Error: (10/20/2014 01:08:43 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Media Player Network Sharing Service1300001Restart the service
 
 
Microsoft Office Sessions:
=========================
Error: (10/20/2014 01:44:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 01:41:17 PM) (Source: Windows Search Service) (EventID: 3050) (User: )
Description: Context:  Application, SystemIndex Catalog
 
 
Details:
The gatherer is shutting down.   (0x80040d23)
 
Error: (10/20/2014 11:28:42 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/20/2014 11:25:55 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
A system shutdown is in progress.
 
Error: (10/19/2014 09:14:06 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:13:14 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 09:08:21 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:50:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 08:50:10 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (10/19/2014 08:45:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 5) (User: )
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-20 13:53:05.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:53:04.956
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:53:04.238
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:53:03.474
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:53:02.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:53:01.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:53:00.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 13:52:59.870
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:33.786
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-20 11:40:32.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Sempron™ Processor LE-1250
Percentage of memory in use: 51%
Total physical RAM: 1981.76 MB
Available physical RAM: 960.06 MB
Total Pagefile: 4210.01 MB
Available Pagefile: 2980.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.94 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:79.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:4.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 50000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 20 October 2014 - 01:17 PM

OK,

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 20 October 2014 - 01:24 PM

14:20:38.0901 0x0e44  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
14:20:42.0411 0x0e44  ============================================================
14:20:42.0411 0x0e44  Current date / time: 2014/10/20 14:20:42.0411
14:20:42.0411 0x0e44  SystemInfo:
14:20:42.0411 0x0e44  
14:20:42.0411 0x0e44  OS Version: 6.0.6002 ServicePack: 2.0
14:20:42.0411 0x0e44  Product type: Workstation
14:20:42.0411 0x0e44  ComputerName: FAMILY-PC
14:20:42.0411 0x0e44  UserName: Hayley
14:20:42.0411 0x0e44  Windows directory: C:\Windows
14:20:42.0411 0x0e44  System windows directory: C:\Windows
14:20:42.0411 0x0e44  Processor architecture: Intel x86
14:20:42.0411 0x0e44  Number of processors: 1
14:20:42.0411 0x0e44  Page size: 0x1000
14:20:42.0411 0x0e44  Boot type: Normal boot
14:20:42.0411 0x0e44  ============================================================
14:20:42.0988 0x0e44  KLMD registered as C:\Windows\system32\drivers\92815536.sys
14:20:43.0363 0x0e44  System UUID: {DCDE1AA3-2A0D-242F-0EF4-38C3B393E899}
14:20:44.0782 0x0e44  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 ( 149.01 Gb ), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:20:44.0782 0x0e44  ============================================================
14:20:44.0782 0x0e44  \Device\Harddisk0\DR0:
14:20:44.0782 0x0e44  MBR partitions:
14:20:44.0782 0x0e44  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
14:20:44.0782 0x0e44  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
14:20:44.0798 0x0e44  ============================================================
14:20:44.0829 0x0e44  C: <-> \Device\Harddisk0\DR0\Partition2
14:20:44.0860 0x0e44  D: <-> \Device\Harddisk0\DR0\Partition1
14:20:44.0860 0x0e44  ============================================================
14:20:44.0860 0x0e44  Initialize success
14:20:44.0860 0x0e44  ============================================================
14:21:26.0669 0x0f90  ============================================================
14:21:26.0669 0x0f90  Scan started
14:21:26.0669 0x0f90  Mode: Manual; SigCheck; TDLFS; 
14:21:26.0669 0x0f90  ============================================================
14:21:26.0669 0x0f90  KSN ping started
14:21:31.0661 0x0f90  KSN ping finished: true
14:21:32.0207 0x0f90  ================ Scan system memory ========================
14:21:32.0207 0x0f90  Scan was interrupted by user!
14:21:32.0253 0x0f90  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
14:21:32.0253 0x0f90  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe (  ), 0x60000 ( disabled : updated )
14:21:32.0269 0x0f90  Win FW state via NFP2: enabled
14:21:37.0136 0x0f90  ============================================================
14:21:37.0136 0x0f90  Scan finished
14:21:37.0136 0x0f90  ============================================================
14:21:37.0136 0x0920  Detected object count: 0
14:21:37.0136 0x0920  Actual detected object count: 0
14:22:49.0453 0x0ca0  ============================================================
14:22:49.0453 0x0ca0  Scan started
14:22:49.0453 0x0ca0  Mode: Manual; SigCheck; TDLFS; 
14:22:49.0453 0x0ca0  ============================================================
14:22:49.0453 0x0ca0  KSN ping started
14:22:54.0258 0x0ca0  KSN ping finished: true
14:22:55.0132 0x0ca0  ================ Scan system memory ========================
14:22:55.0132 0x0ca0  Scan was interrupted by user!
14:22:55.0147 0x0ca0  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
14:22:55.0147 0x0ca0  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe (  ), 0x60000 ( disabled : updated )
14:22:55.0147 0x0ca0  Win FW state via NFP2: enabled
14:22:59.0999 0x0ca0  ============================================================
14:22:59.0999 0x0ca0  Scan finished
14:22:59.0999 0x0ca0  ============================================================
14:23:00.0030 0x0a8c  Detected object count: 0
14:23:00.0030 0x0a8c  Actual detected object count: 0

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 20 October 2014 - 01:27 PM

Please rerun TDSS-Killer. The Log must be longer...
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 20 October 2014 - 02:43 PM

Sorry about that

 

15:39:00.0031 0x0e20  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
15:39:03.0479 0x0e20  ============================================================
15:39:03.0479 0x0e20  Current date / time: 2014/10/20 15:39:03.0479
15:39:03.0479 0x0e20  SystemInfo:
15:39:03.0479 0x0e20  
15:39:03.0479 0x0e20  OS Version: 6.0.6002 ServicePack: 2.0
15:39:03.0479 0x0e20  Product type: Workstation
15:39:03.0479 0x0e20  ComputerName: FAMILY-PC
15:39:03.0479 0x0e20  UserName: Hayley
15:39:03.0479 0x0e20  Windows directory: C:\Windows
15:39:03.0479 0x0e20  System windows directory: C:\Windows
15:39:03.0479 0x0e20  Processor architecture: Intel x86
15:39:03.0479 0x0e20  Number of processors: 1
15:39:03.0479 0x0e20  Page size: 0x1000
15:39:03.0479 0x0e20  Boot type: Normal boot
15:39:03.0479 0x0e20  ============================================================
15:39:03.0697 0x0e20  KLMD registered as C:\Windows\system32\drivers\90365663.sys
15:39:03.0900 0x0e20  System UUID: {DCDE1AA3-2A0D-242F-0EF4-38C3B393E899}
15:39:04.0617 0x0e20  Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 ( 149.01 Gb ), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:39:04.0617 0x0e20  ============================================================
15:39:04.0617 0x0e20  \Device\Harddisk0\DR0:
15:39:04.0617 0x0e20  MBR partitions:
15:39:04.0617 0x0e20  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
15:39:04.0617 0x0e20  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x115E9800
15:39:04.0617 0x0e20  ============================================================
15:39:04.0649 0x0e20  C: <-> \Device\Harddisk0\DR0\Partition2
15:39:04.0695 0x0e20  D: <-> \Device\Harddisk0\DR0\Partition1
15:39:04.0695 0x0e20  ============================================================
15:39:04.0695 0x0e20  Initialize success
15:39:04.0695 0x0e20  ============================================================
15:39:12.0901 0x091c  ============================================================
15:39:12.0901 0x091c  Scan started
15:39:12.0901 0x091c  Mode: Manual; SigCheck; TDLFS; 
15:39:12.0901 0x091c  ============================================================
15:39:12.0901 0x091c  KSN ping started
15:39:17.0768 0x091c  KSN ping finished: true
15:39:18.0174 0x091c  ================ Scan system memory ========================
15:39:18.0174 0x091c  System memory - ok
15:39:18.0174 0x091c  ================ Scan services =============================
15:39:18.0330 0x091c  [ 72D6D8E2D4F82C6E829125C7EC2A88F9, F357CFC3D04EB3F8E1A504D531D099698C6E2B29EB6CEDF75C08BF8917C46573 ] !SASCORE        C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
15:39:18.0455 0x091c  !SASCORE - ok
15:39:18.0626 0x091c  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
15:39:18.0657 0x091c  ACPI - ok
15:39:18.0751 0x091c  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:39:18.0767 0x091c  AdobeFlashPlayerUpdateSvc - ok
15:39:18.0813 0x091c  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
15:39:18.0876 0x091c  adp94xx - ok
15:39:18.0938 0x091c  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
15:39:18.0969 0x091c  adpahci - ok
15:39:18.0985 0x091c  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
15:39:19.0016 0x091c  adpu160m - ok
15:39:19.0032 0x091c  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
15:39:19.0063 0x091c  adpu320 - ok
15:39:19.0094 0x091c  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
15:39:19.0141 0x091c  AeLookupSvc - ok
15:39:19.0203 0x091c  [ 330A1E4DF07C2E29949ED8631CD8828E, 139127405B2D635B0252FF8D7308D671546F20B051C93C50A9013E7AB9D54835 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
15:39:19.0219 0x091c  AERTFilters - detected UnsignedFile.Multi.Generic ( 1 )
15:39:24.0367 0x091c  Detect skipped due to KSN trusted
15:39:24.0367 0x091c  AERTFilters - ok
15:39:24.0445 0x091c  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
15:39:24.0554 0x091c  AFD - ok
15:39:24.0617 0x091c  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
15:39:24.0648 0x091c  agp440 - ok
15:39:24.0695 0x091c  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
15:39:24.0726 0x091c  aic78xx - ok
15:39:24.0773 0x091c  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
15:39:24.0851 0x091c  ALG - ok
15:39:24.0882 0x091c  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
15:39:24.0913 0x091c  aliide - ok
15:39:25.0007 0x091c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] amacpi          C:\Windows\system32\DRIVERS\null.sys
15:39:25.0069 0x091c  amacpi - ok
15:39:25.0131 0x091c  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
15:39:25.0147 0x091c  amdagp - ok
15:39:25.0194 0x091c  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
15:39:25.0209 0x091c  amdide - ok
15:39:25.0272 0x091c  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
15:39:25.0303 0x091c  AmdK7 - ok
15:39:25.0319 0x091c  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
15:39:25.0365 0x091c  AmdK8 - ok
15:39:25.0475 0x091c  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
15:39:25.0521 0x091c  AntiVirSchedulerService - ok
15:39:25.0599 0x091c  [ FCFCD84A3F84375CF2EADA10650C3289, A5AC6E167C60451B2EC9561FA83C9DA5ADDF4152E1AD01A38C80D00B3118EE9A ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
15:39:25.0631 0x091c  AntiVirService - ok
15:39:25.0724 0x091c  [ DFAE18C675D71FD06D57DC69D2913975, 5ECEEB8F49811100551C46CF66D9FA4ED34242C6F87F5BCBEA3A17900CB37DC1 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
15:39:25.0771 0x091c  AppHostSvc - ok
15:39:25.0818 0x091c  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
15:39:25.0833 0x091c  Appinfo - ok
15:39:25.0896 0x091c  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
15:39:25.0911 0x091c  arc - ok
15:39:25.0974 0x091c  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
15:39:26.0005 0x091c  arcsas - ok
15:39:26.0177 0x091c  [ 9D768C43FEF254DD50B1DBF8AD5C4C0B, A50854EA5C08605133B8BB4DFDC6090357C5665314AA72E0BFA1E07D4E451F09 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
15:39:26.0208 0x091c  aspnet_state - ok
15:39:26.0255 0x091c  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:39:26.0317 0x091c  AsyncMac - ok
15:39:26.0348 0x091c  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
15:39:26.0364 0x091c  atapi - ok
15:39:26.0411 0x091c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:39:26.0442 0x091c  AudioEndpointBuilder - ok
15:39:26.0473 0x091c  [ 68E2A1A0407A66CF50DA0300852424AB, 5FFDAE4E477C90A855081B5120582810471F67D3E9C343779A7AFB8D684D16F8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:39:26.0504 0x091c  Audiosrv - ok
15:39:26.0535 0x091c  [ F581D2F3E30C1CA7206D660FB7689F98, 53647E017AE58788922F72285DD63E8CD2F9E922B31F7C6711E547BC6B360154 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
15:39:26.0551 0x091c  avgntflt - ok
15:39:26.0582 0x091c  [ A2EE407D6D3757A2FFD5095DD16AE1F2, BBFCC5DC116D6A3AF85591955541528DB0CB1FE81D353F717BE7CAD3F7F446F4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
15:39:26.0598 0x091c  avipbb - ok
15:39:26.0676 0x091c  [ 485B85B3FF68FB7454984CB92A0532D9, 287F6C6ADF3D96C8AC1BD1FFAD82563DA72A26CF0DECDEA7E987A020EBE06552 ] Avira.OE.ServiceHost C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
15:39:26.0691 0x091c  Avira.OE.ServiceHost - ok
15:39:26.0723 0x091c  [ D8C712305F73CD34D1B344810E522728, 49A474FF6CA44E8427D7A8290B47395125B0148AF384CF2B3B1FA495A4718CBA ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
15:39:26.0738 0x091c  avkmgr - ok
15:39:26.0785 0x091c  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:39:26.0816 0x091c  Beep - ok
15:39:26.0847 0x091c  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
15:39:26.0894 0x091c  BFE - ok
15:39:26.0972 0x091c  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
15:39:27.0097 0x091c  BITS - ok
15:39:27.0144 0x091c  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
15:39:27.0191 0x091c  blbdrive - ok
15:39:27.0253 0x091c  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:39:27.0284 0x091c  bowser - ok
15:39:27.0315 0x091c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
15:39:27.0347 0x091c  BrFiltLo - ok
15:39:27.0378 0x091c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
15:39:27.0409 0x091c  BrFiltUp - ok
15:39:27.0440 0x091c  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
15:39:27.0487 0x091c  Browser - ok
15:39:27.0503 0x091c  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
15:39:27.0581 0x091c  Brserid - ok
15:39:27.0596 0x091c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
15:39:27.0659 0x091c  BrSerWdm - ok
15:39:27.0690 0x091c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
15:39:27.0737 0x091c  BrUsbMdm - ok
15:39:27.0768 0x091c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
15:39:27.0815 0x091c  BrUsbSer - ok
15:39:27.0830 0x091c  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
15:39:27.0893 0x091c  BTHMODEM - ok
15:39:27.0986 0x091c  catchme - ok
15:39:28.0017 0x091c  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:39:28.0049 0x091c  cdfs - ok
15:39:28.0080 0x091c  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
15:39:28.0111 0x091c  cdrom - ok
15:39:28.0142 0x091c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
15:39:28.0158 0x091c  CertPropSvc - ok
15:39:28.0189 0x091c  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\drivers\circlass.sys
15:39:28.0220 0x091c  circlass - ok
15:39:28.0251 0x091c  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
15:39:28.0283 0x091c  CLFS - ok
15:39:28.0345 0x091c  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:39:28.0361 0x091c  clr_optimization_v2.0.50727_32 - ok
15:39:28.0439 0x091c  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:39:28.0470 0x091c  clr_optimization_v4.0.30319_32 - ok
15:39:28.0485 0x091c  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
15:39:28.0501 0x091c  cmdide - ok
15:39:28.0517 0x091c  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
15:39:28.0532 0x091c  Compbatt - ok
15:39:28.0548 0x091c  COMSysApp - ok
15:39:28.0563 0x091c  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
15:39:28.0579 0x091c  crcdisk - ok
15:39:28.0610 0x091c  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
15:39:28.0641 0x091c  Crusoe - ok
15:39:28.0704 0x091c  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:39:28.0735 0x091c  CryptSvc - ok
15:39:28.0813 0x091c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:39:28.0860 0x091c  DcomLaunch - ok
15:39:28.0907 0x091c  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:39:28.0938 0x091c  DfsC - ok
15:39:29.0047 0x091c  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
15:39:29.0343 0x091c  DFSR - ok
15:39:29.0406 0x091c  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
15:39:29.0453 0x091c  Dhcp - ok
15:39:29.0468 0x091c  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
15:39:29.0484 0x091c  disk - ok
15:39:29.0499 0x091c  dlcg_device - ok
15:39:29.0562 0x091c  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:39:29.0640 0x091c  Dnscache - ok
15:39:29.0671 0x091c  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
15:39:29.0718 0x091c  dot3svc - ok
15:39:29.0749 0x091c  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
15:39:29.0796 0x091c  DPS - ok
15:39:29.0858 0x091c  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
15:39:29.0889 0x091c  drmkaud - ok
15:39:29.0936 0x091c  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
15:39:29.0999 0x091c  DXGKrnl - ok
15:39:30.0077 0x091c  [ 908ED85B7806E8AF3AF5E9B74F7809D4, 9A763D247035578A946094D2C1CE8204E6EDFFD7237C7BF2058B5F4ECC0306E0 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
15:39:30.0123 0x091c  e1express - ok
15:39:30.0186 0x091c  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
15:39:30.0233 0x091c  E1G60 - ok
15:39:30.0279 0x091c  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
15:39:30.0311 0x091c  EapHost - ok
15:39:30.0342 0x091c  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
15:39:30.0373 0x091c  Ecache - ok
15:39:30.0435 0x091c  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
15:39:30.0467 0x091c  ehRecvr - ok
15:39:30.0482 0x091c  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
15:39:30.0513 0x091c  ehSched - ok
15:39:30.0529 0x091c  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
15:39:30.0560 0x091c  ehstart - ok
15:39:30.0576 0x091c  [ 9C64C2A950195F9BC3A09A499648B01C, C5C821F5808544A1807DC36527EF6F0248D6768EF9AC5EBABAE302D17DD960E4 ] ElRawDisk       C:\Windows\system32\drivers\elrawdsk.sys
15:39:30.0607 0x091c  ElRawDisk - ok
15:39:30.0638 0x091c  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
15:39:30.0685 0x091c  elxstor - ok
15:39:30.0810 0x091c  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
15:39:30.0903 0x091c  EMDMgmt - ok
15:39:30.0950 0x091c  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
15:39:30.0981 0x091c  ErrDev - ok
15:39:31.0013 0x091c  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
15:39:31.0075 0x091c  EventSystem - ok
15:39:31.0106 0x091c  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
15:39:31.0137 0x091c  exfat - ok
15:39:31.0169 0x091c  [ 1E9B9A70D332103C52995E957DC09EF8, 7E709D545D4025A2E9F3489CF2A231040904CB53E3E4EEAC15A22468FAB2A5B3 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
15:39:31.0200 0x091c  fastfat - ok
15:39:31.0231 0x091c  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
15:39:31.0278 0x091c  fdc - ok
15:39:31.0309 0x091c  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
15:39:31.0356 0x091c  fdPHost - ok
15:39:31.0387 0x091c  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
15:39:31.0449 0x091c  FDResPub - ok
15:39:31.0481 0x091c  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:39:31.0496 0x091c  FileInfo - ok
15:39:31.0512 0x091c  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
15:39:31.0559 0x091c  Filetrace - ok
15:39:31.0574 0x091c  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:39:31.0605 0x091c  flpydisk - ok
15:39:31.0637 0x091c  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:39:31.0668 0x091c  FltMgr - ok
15:39:31.0699 0x091c  [ 85E5AD3A9D56FD6F92DB5FC9CA62E2E4, 9F3BE2869C087AD9E5C361E208F2D6C09999A70E49863C73E4ED670D145B85EF ] FlyUsb          C:\Windows\system32\DRIVERS\FlyUsb.sys
15:39:31.0746 0x091c  FlyUsb - ok
15:39:31.0839 0x091c  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
15:39:31.0933 0x091c  FontCache - ok
15:39:32.0011 0x091c  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:39:32.0042 0x091c  FontCache3.0.0.0 - ok
15:39:32.0136 0x091c  [ D909075FA72C090F27AA926C32CB4612, F8610C20C4DD499D5B4ACEBD7107E52E25B6449AEED58D1A203F7D654B55C4DF ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
15:39:32.0151 0x091c  fssfltr - ok
15:39:32.0385 0x091c  [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe
15:39:32.0541 0x091c  fsssvc - ok
15:39:32.0588 0x091c  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:39:32.0619 0x091c  Fs_Rec - ok
15:39:32.0651 0x091c  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
15:39:32.0666 0x091c  gagp30kx - ok
15:39:32.0713 0x091c  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
15:39:32.0791 0x091c  gpsvc - ok
15:39:32.0900 0x091c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
15:39:32.0916 0x091c  gupdate - ok
15:39:32.0916 0x091c  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:39:32.0931 0x091c  gupdatem - ok
15:39:32.0994 0x091c  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:39:33.0072 0x091c  HDAudBus - ok
15:39:33.0103 0x091c  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
15:39:33.0150 0x091c  HidBth - ok
15:39:33.0181 0x091c  [ FF3160C3A2445128C5A6D9B076DA519E, DC1A70C80CD55F33B3AD5A21E86AF7C3086D8CC2DC6148C058E74A871E0BAD4A ] HidIr           C:\Windows\system32\drivers\hidir.sys
15:39:33.0228 0x091c  HidIr - ok
15:39:33.0259 0x091c  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
15:39:33.0290 0x091c  hidserv - ok
15:39:33.0321 0x091c  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:39:33.0353 0x091c  HidUsb - ok
15:39:33.0384 0x091c  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:39:33.0431 0x091c  hkmsvc - ok
15:39:33.0462 0x091c  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
15:39:33.0477 0x091c  HpCISSs - ok
15:39:33.0555 0x091c  [ 99F85640054BA65190B860D878A7C9AE, CE87323FFA4A74EA721A5E7CA6F233C54F21C2C1C6BF7DE84049CE7CEB0741AE ] HSF_DPV         C:\Windows\system32\DRIVERS\HSX_DPV.sys
15:39:33.0680 0x091c  HSF_DPV - ok
15:39:33.0758 0x091c  [ FE440536BD98AF772130DC3A6FE1915F, F890A4336E6BC11A5D0A7D49CFD0626FFC2131E81260AE3E2501BCD29434C131 ] HSXHWBS2        C:\Windows\system32\DRIVERS\HSXHWBS2.sys
15:39:33.0805 0x091c  HSXHWBS2 - ok
15:39:33.0852 0x091c  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:39:33.0945 0x091c  HTTP - ok
15:39:34.0008 0x091c  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
15:39:34.0039 0x091c  i2omp - ok
15:39:34.0086 0x091c  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:39:34.0164 0x091c  i8042prt - ok
15:39:34.0195 0x091c  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
15:39:34.0226 0x091c  iaStorV - ok
15:39:34.0320 0x091c  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:39:34.0413 0x091c  idsvc - ok
15:39:34.0507 0x091c  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
15:39:34.0523 0x091c  iirsp - ok
15:39:34.0585 0x091c  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:39:34.0679 0x091c  IKEEXT - ok
15:39:34.0803 0x091c  [ E26BD63077D804D0FC71D29A71151010, 2F4737DEF56ACE2DDBABC72D3DAF7F4E1608B321AABB42316138A945BFD8D796 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:39:34.0975 0x091c  IntcAzAudAddService - ok
15:39:35.0053 0x091c  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\drivers\intelide.sys
15:39:35.0069 0x091c  intelide - ok
15:39:35.0084 0x091c  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:39:35.0131 0x091c  intelppm - ok
15:39:35.0162 0x091c  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
15:39:35.0209 0x091c  IPBusEnum - ok
15:39:35.0225 0x091c  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:39:35.0256 0x091c  IpFilterDriver - ok
15:39:35.0303 0x091c  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:39:35.0334 0x091c  iphlpsvc - ok
15:39:35.0334 0x091c  IpInIp - ok
15:39:35.0365 0x091c  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
15:39:35.0412 0x091c  IPMIDRV - ok
15:39:35.0427 0x091c  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
15:39:35.0474 0x091c  IPNAT - ok
15:39:35.0490 0x091c  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:39:35.0537 0x091c  IRENUM - ok
15:39:35.0552 0x091c  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
15:39:35.0583 0x091c  isapnp - ok
15:39:35.0599 0x091c  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:39:35.0630 0x091c  iScsiPrt - ok
15:39:35.0646 0x091c  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
15:39:35.0661 0x091c  iteatapi - ok
15:39:35.0677 0x091c  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
15:39:35.0693 0x091c  iteraid - ok
15:39:35.0771 0x091c  [ 41F25FC9FACEA5EDAA2D73736360AFCA, E6606554CB89C025CD476E7BA497715EF235795CF934ECD4EC3B6330BBD34E31 ] iWinTrusted     C:\Program Files\iWin Games\iWinTrusted.exe
15:39:35.0786 0x091c  iWinTrusted - ok
15:39:35.0817 0x091c  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:39:35.0833 0x091c  kbdclass - ok
15:39:35.0849 0x091c  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:39:35.0880 0x091c  kbdhid - ok
15:39:35.0942 0x091c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
15:39:35.0958 0x091c  KeyIso - ok
15:39:36.0020 0x091c  [ 4A1445EFA932A3BAF5BDB02D7131EE20, 9DD262ED72DF268FE024063788F54124E320D0775D8DC0C5CAD099CD5F655DA2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:39:36.0083 0x091c  KSecDD - ok
15:39:36.0129 0x091c  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
15:39:36.0192 0x091c  KtmRm - ok
15:39:36.0254 0x091c  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
15:39:36.0285 0x091c  LanmanServer - ok
15:39:36.0317 0x091c  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:39:36.0363 0x091c  LanmanWorkstation - ok
15:39:36.0473 0x091c  [ 549B88970B3CFD211A354A016EDF766E, BDE86683FB2996A3FB5F0A77D914507F69F0BCE80809F59FA716E2779D2B2DBD ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
15:39:36.0582 0x091c  LeapFrog Connect Device Service - ok
15:39:36.0660 0x091c  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:39:36.0738 0x091c  lltdio - ok
15:39:36.0785 0x091c  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
15:39:36.0831 0x091c  lltdsvc - ok
15:39:36.0847 0x091c  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
15:39:36.0909 0x091c  lmhosts - ok
15:39:36.0941 0x091c  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
15:39:36.0956 0x091c  LSI_FC - ok
15:39:36.0972 0x091c  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
15:39:37.0003 0x091c  LSI_SAS - ok
15:39:37.0019 0x091c  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
15:39:37.0050 0x091c  LSI_SCSI - ok
15:39:37.0065 0x091c  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
15:39:37.0097 0x091c  luafv - ok
15:39:37.0190 0x091c  [ B895839B8743E400D7C7DAE156F74E7E, 52E13C6260F7E6718C782DF0B43D838FB4939B314695A7A9CB2012D8B224066B ] LVRS            C:\Windows\system32\DRIVERS\lvrs.sys
15:39:37.0253 0x091c  LVRS - ok
15:39:37.0315 0x091c  [ 23F8EF78BB9553E465A476F3CEE5CA18, 22E19B9F16EC555CCA091841711C8D1938F7EBCD8C6AC82E77375AE5EA96610C ] LVUSBSta        C:\Windows\system32\drivers\LVUSBSta.sys
15:39:37.0331 0x091c  LVUSBSta - ok
15:39:37.0362 0x091c  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
15:39:37.0393 0x091c  Mcx2Svc - ok
15:39:37.0409 0x091c  [ 0CEA2D0D3FA284B85ED5B68365114F76, E6FF0EC98FDC3F628438B613C356C237E68686E3B5B17A58A60C16F4B9A2B968 ] mdmxsdk         C:\Windows\system32\DRIVERS\mdmxsdk.sys
15:39:37.0424 0x091c  mdmxsdk - ok
15:39:37.0455 0x091c  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
15:39:37.0471 0x091c  megasas - ok
15:39:37.0502 0x091c  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
15:39:37.0565 0x091c  MegaSR - ok
15:39:37.0611 0x091c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
15:39:37.0643 0x091c  MMCSS - ok
15:39:37.0658 0x091c  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
15:39:37.0705 0x091c  Modem - ok
15:39:37.0736 0x091c  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
15:39:37.0783 0x091c  monitor - ok
15:39:37.0814 0x091c  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:39:37.0830 0x091c  mouclass - ok
15:39:37.0861 0x091c  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:39:37.0892 0x091c  mouhid - ok
15:39:37.0908 0x091c  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
15:39:37.0939 0x091c  MountMgr - ok
15:39:38.0001 0x091c  [ 6460D4A5C981567E74A7AC1349DE10F5, 9C16035B9A9BE3D7077851621E9BDED223B4C6A156562076957B49B9FCAB3A05 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
15:39:38.0048 0x091c  MpFilter - ok
15:39:38.0064 0x091c  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
15:39:38.0079 0x091c  mpio - ok
15:39:38.0111 0x091c  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:39:38.0157 0x091c  mpsdrv - ok
15:39:38.0204 0x091c  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:39:38.0345 0x091c  MpsSvc - ok
15:39:38.0376 0x091c  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
15:39:38.0407 0x091c  Mraid35x - ok
15:39:38.0454 0x091c  [ 82CEA0395524AACFEB58BA1448E8325C, 16E37990A291C848DE35F48EA7E09AE5B258AE589EB08A3FA2C60DC1278DE182 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:39:38.0485 0x091c  MRxDAV - ok
15:39:38.0532 0x091c  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:39:38.0563 0x091c  mrxsmb - ok
15:39:38.0610 0x091c  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:39:38.0641 0x091c  mrxsmb10 - ok
15:39:38.0657 0x091c  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:39:38.0688 0x091c  mrxsmb20 - ok
15:39:38.0719 0x091c  [ F70590424EEFBF5C27A40C67AFDB8383, 1F2AC1DA12F7E6F09D8F6622EF1366ABD4B86EBE51DD1915E803D56A568A3412 ] msahci          C:\Windows\system32\drivers\msahci.sys
15:39:38.0735 0x091c  msahci - ok
15:39:38.0750 0x091c  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
15:39:38.0766 0x091c  msdsm - ok
15:39:38.0797 0x091c  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
15:39:38.0828 0x091c  MSDTC - ok
15:39:38.0859 0x091c  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:39:38.0891 0x091c  Msfs - ok
15:39:38.0906 0x091c  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
15:39:38.0922 0x091c  msisadrv - ok
15:39:38.0953 0x091c  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
15:39:39.0000 0x091c  MSiSCSI - ok
15:39:39.0015 0x091c  msiserver - ok
15:39:39.0047 0x091c  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
15:39:39.0078 0x091c  MSKSSRV - ok
15:39:39.0109 0x091c  [ A4B109D057E15A438CE74E5B71187417, C91568C1AE2863218988D4D7A2B64041AB2C1EE2E9DF3720407FCE513ADA056F ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:39:39.0125 0x091c  MsMpSvc - ok
15:39:39.0140 0x091c  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:39:39.0171 0x091c  MSPCLOCK - ok
15:39:39.0203 0x091c  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
15:39:39.0234 0x091c  MSPQM - ok
15:39:39.0265 0x091c  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
15:39:39.0296 0x091c  MsRPC - ok
15:39:39.0312 0x091c  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:39:39.0327 0x091c  mssmbios - ok
15:39:39.0343 0x091c  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
15:39:39.0390 0x091c  MSTEE - ok
15:39:39.0405 0x091c  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
15:39:39.0421 0x091c  Mup - ok
15:39:39.0468 0x091c  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
15:39:39.0515 0x091c  napagent - ok
15:39:39.0561 0x091c  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
15:39:39.0577 0x091c  NativeWifiP - ok
15:39:39.0655 0x091c  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:39:39.0702 0x091c  NDIS - ok
15:39:39.0733 0x091c  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:39:39.0764 0x091c  NdisTapi - ok
15:39:39.0795 0x091c  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
15:39:39.0827 0x091c  Ndisuio - ok
15:39:39.0842 0x091c  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
15:39:39.0889 0x091c  NdisWan - ok
15:39:39.0905 0x091c  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
15:39:39.0951 0x091c  NDProxy - ok
15:39:39.0967 0x091c  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
15:39:39.0998 0x091c  NetBIOS - ok
15:39:40.0045 0x091c  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
15:39:40.0076 0x091c  netbt - ok
15:39:40.0107 0x091c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
15:39:40.0123 0x091c  Netlogon - ok
15:39:40.0154 0x091c  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
15:39:40.0201 0x091c  Netman - ok
15:39:40.0263 0x091c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:39:40.0279 0x091c  NetMsmqActivator - ok
15:39:40.0310 0x091c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:39:40.0326 0x091c  NetPipeActivator - ok
15:39:40.0357 0x091c  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
15:39:40.0404 0x091c  netprofm - ok
15:39:40.0435 0x091c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:39:40.0451 0x091c  NetTcpActivator - ok
15:39:40.0482 0x091c  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
15:39:40.0497 0x091c  NetTcpPortSharing - ok
15:39:40.0529 0x091c  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
15:39:40.0544 0x091c  nfrd960 - ok
15:39:40.0560 0x091c  [ 2997B15415F9BBE05B5A4C1C85E0C6A2, 5455536515FE740E18E090329FDCC40288724372AD18ACDB2CB4BB9D85CF681E ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:39:40.0607 0x091c  NlaSvc - ok
15:39:40.0638 0x091c  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:39:40.0669 0x091c  Npfs - ok
15:39:40.0700 0x091c  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
15:39:40.0794 0x091c  nsi - ok
15:39:40.0809 0x091c  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:39:40.0856 0x091c  nsiproxy - ok
15:39:40.0950 0x091c  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:39:41.0075 0x091c  Ntfs - ok
15:39:41.0137 0x091c  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
15:39:41.0199 0x091c  ntrigdigi - ok
15:39:41.0215 0x091c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
15:39:41.0246 0x091c  Null - ok
15:39:41.0324 0x091c  [ 19055A1C1076EF48E738D26EA7FB8017, F078B87C3A69DAC804D227904C96770B5F0CEAF7BEB4DC678DEF237DB1BF5E0B ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys
15:39:41.0463 0x091c  NVENETFD - ok
15:39:41.0869 0x091c  [ E572EBF0A86A76E7CFCAAB00648F0F83, 36E6488343B0D8FAC93329C2E3FCE6587FD47654A47B20AD039390112E932E10 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:39:43.0086 0x091c  nvlddmkm - ok
15:39:43.0148 0x091c  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
15:39:43.0179 0x091c  nvraid - ok
15:39:43.0211 0x091c  [ 049E81B6FB41C73619ED3FE4DF7D8638, A31AF5271A36356148BF60952C40584652A1F4B8A06B027E9C3E7E4BEFFC3A8B ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys
15:39:43.0242 0x091c  nvrd32 - ok
15:39:43.0257 0x091c  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
15:39:43.0273 0x091c  nvstor - ok
15:39:43.0304 0x091c  [ 7EBA6C9A0A295B1559EFB9062E701218, AB890B1CE155ABA6E633B9A4D422BFF42322D1CB067C237A926F36C8A5ADC8A2 ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys
15:39:43.0335 0x091c  nvstor32 - ok
15:39:43.0367 0x091c  [ F397A6FA4B83D243AD25A1DC401237A0, 5B2A8DC58F0CFE4DEA57479AC13F52ABA969E902E50A6DF1FCC3E09841203B41 ] nvsvc           C:\Windows\system32\nvvsvc.exe
15:39:43.0398 0x091c  nvsvc - ok
15:39:43.0429 0x091c  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
15:39:43.0460 0x091c  nv_agp - ok
15:39:43.0460 0x091c  NwlnkFlt - ok
15:39:43.0476 0x091c  NwlnkFwd - ok
15:39:43.0507 0x091c  [ BE32DA025A0BE1878F0EE8D6D9386CD5, B9D6CB4626FC67D108D713467C9ED8D0E2A071D98621B5531AD9D0C172FE7B89 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
15:39:43.0585 0x091c  ohci1394 - ok
15:39:43.0632 0x091c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
15:39:43.0741 0x091c  p2pimsvc - ok
15:39:43.0772 0x091c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:39:43.0850 0x091c  p2psvc - ok
15:39:43.0897 0x091c  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
15:39:43.0975 0x091c  Parport - ok
15:39:44.0006 0x091c  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
15:39:44.0022 0x091c  partmgr - ok
15:39:44.0037 0x091c  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
15:39:44.0100 0x091c  Parvdm - ok
15:39:44.0131 0x091c  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:39:44.0147 0x091c  PcaSvc - ok
15:39:44.0193 0x091c  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
15:39:44.0209 0x091c  pci - ok
15:39:44.0240 0x091c  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
15:39:44.0256 0x091c  pciide - ok
15:39:44.0271 0x091c  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
15:39:44.0318 0x091c  pcmcia - ok
15:39:44.0365 0x091c  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:39:44.0505 0x091c  PEAUTH - ok
15:39:44.0552 0x091c  [ A05F0D7419CF4680EEDD5736E6549E7B, D8B32DE00A317593D61016E4823370B073618F9760A785FF7DA0F26DD5E4FCAB ] pepifilter      C:\Windows\system32\DRIVERS\lv302af.sys
15:39:44.0568 0x091c  pepifilter - ok
15:39:44.0755 0x091c  [ 4BB5AC2DD485B8EEFCCB977EE66A68AD, 8C45E74697B2484A26DE693D179AF81F2F4DC4EC0985908A89EF6167F3096056 ] PID_PEPI        C:\Windows\system32\DRIVERS\LV302V32.SYS
15:39:45.0020 0x091c  PID_PEPI - ok
15:39:45.0176 0x091c  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
15:39:45.0363 0x091c  pla - ok
15:39:45.0426 0x091c  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:39:45.0488 0x091c  PlugPlay - ok
15:39:45.0582 0x091c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
15:39:45.0675 0x091c  PNRPAutoReg - ok
15:39:45.0722 0x091c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
15:39:45.0800 0x091c  PNRPsvc - ok
15:39:45.0863 0x091c  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
15:39:45.0956 0x091c  PolicyAgent - ok
15:39:46.0003 0x091c  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:39:46.0050 0x091c  PptpMiniport - ok
15:39:46.0065 0x091c  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
15:39:46.0112 0x091c  Processor - ok
15:39:46.0143 0x091c  [ 0508FAA222D28835310B7BFCA7A77346, 3AE2340C6E365F137CC00D9560069501DD2724756EA9EBF7A6CDFFC91B43709C ] ProfSvc         C:\Windows\system32\profsvc.dll
15:39:46.0175 0x091c  ProfSvc - ok
15:39:46.0190 0x091c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
15:39:46.0206 0x091c  ProtectedStorage - ok
15:39:46.0237 0x091c  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
15:39:46.0268 0x091c  PSched - ok
15:39:46.0331 0x091c  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
15:39:46.0440 0x091c  ql2300 - ok
15:39:46.0502 0x091c  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
15:39:46.0518 0x091c  ql40xx - ok
15:39:46.0611 0x091c  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
15:39:46.0643 0x091c  QWAVE - ok
15:39:46.0658 0x091c  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:39:46.0689 0x091c  QWAVEdrv - ok
15:39:46.0783 0x091c  [ E642B131FB74CAF4BB8A014F31113142, 18A81B27FB2DA556AC51DBA8956203A6E821D75B2B09F11049250E732318F573 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
15:39:47.0111 0x091c  R300 - ok
15:39:47.0173 0x091c  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:39:47.0204 0x091c  RasAcd - ok
15:39:47.0251 0x091c  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
15:39:47.0298 0x091c  RasAuto - ok
15:39:47.0329 0x091c  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
15:39:47.0360 0x091c  Rasl2tp - ok
15:39:47.0407 0x091c  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
15:39:47.0438 0x091c  RasMan - ok
15:39:47.0469 0x091c  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:39:47.0501 0x091c  RasPppoe - ok
15:39:47.0532 0x091c  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
15:39:47.0579 0x091c  RasSstp - ok
15:39:47.0641 0x091c  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
15:39:47.0688 0x091c  rdbss - ok
15:39:47.0719 0x091c  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:39:47.0766 0x091c  RDPCDD - ok
15:39:47.0797 0x091c  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
15:39:47.0844 0x091c  rdpdr - ok
15:39:47.0859 0x091c  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:39:47.0906 0x091c  RDPENCDD - ok
15:39:47.0969 0x091c  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
15:39:48.0015 0x091c  RDPWD - ok
15:39:48.0047 0x091c  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:39:48.0093 0x091c  RemoteAccess - ok
15:39:48.0125 0x091c  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:39:48.0156 0x091c  RemoteRegistry - ok
15:39:48.0187 0x091c  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
15:39:48.0218 0x091c  RpcLocator - ok
15:39:48.0249 0x091c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
15:39:48.0312 0x091c  RpcSs - ok
15:39:48.0343 0x091c  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:39:48.0405 0x091c  rspndr - ok
15:39:48.0405 0x091c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
15:39:48.0421 0x091c  SamSs - ok
15:39:48.0530 0x091c  [ 39763504067962108505BFF25F024345, 73C9710B61EDC7FBEDE1D7A767AA3D3A169E7AD012494D05CB5EE7E5C5752BB9 ] SASDIFSV        C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
15:39:48.0546 0x091c  SASDIFSV - ok
15:39:48.0608 0x091c  [ 77B9FC20084B48408AD3E87570EB4A85, B5BC5FEC1356DECB66A7A671DB67112BDAC8F942BF1C4B986B1805B41EF362B1 ] SASKUTIL        C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
15:39:48.0624 0x091c  SASKUTIL - ok
15:39:48.0655 0x091c  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
15:39:48.0671 0x091c  sbp2port - ok
15:39:48.0702 0x091c  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:39:48.0733 0x091c  SCardSvr - ok
15:39:48.0795 0x091c  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
15:39:48.0858 0x091c  Schedule - ok
15:39:48.0889 0x091c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
15:39:48.0905 0x091c  SCPolicySvc - ok
15:39:48.0936 0x091c  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:39:48.0967 0x091c  SDRSVC - ok
15:39:48.0998 0x091c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:39:49.0045 0x091c  secdrv - ok
15:39:49.0076 0x091c  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
15:39:49.0107 0x091c  seclogon - ok
15:39:49.0123 0x091c  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
15:39:49.0170 0x091c  SENS - ok
15:39:49.0185 0x091c  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
15:39:49.0248 0x091c  Serenum - ok
15:39:49.0279 0x091c  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
15:39:49.0326 0x091c  Serial - ok
15:39:49.0341 0x091c  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
15:39:49.0373 0x091c  sermouse - ok
15:39:49.0435 0x091c  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
15:39:49.0466 0x091c  SessionEnv - ok
15:39:49.0482 0x091c  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
15:39:49.0513 0x091c  sffdisk - ok
15:39:49.0544 0x091c  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
15:39:49.0575 0x091c  sffp_mmc - ok
15:39:49.0638 0x091c  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
15:39:49.0669 0x091c  sffp_sd - ok
15:39:49.0731 0x091c  [ 46ED8E91793B2E6F848015445A0AC188, 34A97304F23EA153422848F6F1CAF8ADF0944EA781E12F027B6DEAF751A04B5D ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
15:39:49.0794 0x091c  sfloppy - ok
15:39:49.0825 0x091c  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:39:49.0872 0x091c  SharedAccess - ok
15:39:49.0950 0x091c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:39:49.0965 0x091c  ShellHWDetection - ok
15:39:49.0997 0x091c  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
15:39:50.0012 0x091c  sisagp - ok
15:39:50.0028 0x091c  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
15:39:50.0043 0x091c  SiSRaid2 - ok
15:39:50.0075 0x091c  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
15:39:50.0090 0x091c  SiSRaid4 - ok
15:39:50.0246 0x091c  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
15:39:50.0714 0x091c  slsvc - ok
15:39:50.0777 0x091c  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
15:39:50.0870 0x091c  SLUINotify - ok
15:39:50.0901 0x091c  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
15:39:50.0948 0x091c  Smb - ok
15:39:50.0995 0x091c  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:39:51.0011 0x091c  SNMPTRAP - ok
15:39:51.0042 0x091c  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
15:39:51.0057 0x091c  spldr - ok
15:39:51.0089 0x091c  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
15:39:51.0120 0x091c  Spooler - ok
15:39:51.0151 0x091c  sprtsvc_dellsupportcenter - ok
15:39:51.0213 0x091c  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
15:39:51.0276 0x091c  srv - ok
15:39:51.0338 0x091c  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:39:51.0369 0x091c  srv2 - ok
15:39:51.0416 0x091c  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:39:51.0447 0x091c  srvnet - ok
15:39:51.0525 0x091c  [ 64E44ACD8C238FCBBB78F0BA4BDC4B05, 59D015DD86EA35AC8F667C063AE76FAFA9497F04225D256DF5A37EB1461F15D4 ] ssadbus         C:\Windows\system32\DRIVERS\ssadbus.sys
15:39:51.0557 0x091c  ssadbus - ok
15:39:51.0619 0x091c  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
15:39:51.0666 0x091c  SSDPSRV - ok
15:39:51.0713 0x091c  [ A36EE93698802CD899F98BFD553D8185, 224CFED921EA230FF8025D259E34968FD2C0FD34BB3A918FB4B9B8BA42BEA5D3 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
15:39:51.0728 0x091c  ssmdrv - ok
15:39:51.0775 0x091c  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
15:39:51.0806 0x091c  SstpSvc - ok
15:39:51.0853 0x091c  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
15:39:51.0947 0x091c  stisvc - ok
15:39:51.0993 0x091c  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:39:52.0009 0x091c  swenum - ok
15:39:52.0056 0x091c  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
15:39:52.0103 0x091c  swprv - ok
15:39:52.0118 0x091c  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
15:39:52.0134 0x091c  Symc8xx - ok
15:39:52.0165 0x091c  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
15:39:52.0181 0x091c  Sym_hi - ok
15:39:52.0196 0x091c  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
15:39:52.0212 0x091c  Sym_u3 - ok
15:39:52.0274 0x091c  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
15:39:52.0337 0x091c  SysMain - ok
15:39:52.0383 0x091c  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:39:52.0415 0x091c  TabletInputService - ok
15:39:52.0461 0x091c  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
15:39:52.0524 0x091c  TapiSrv - ok
15:39:52.0539 0x091c  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
15:39:52.0586 0x091c  TBS - ok
15:39:52.0695 0x091c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
15:39:52.0805 0x091c  Tcpip - ok
15:39:52.0898 0x091c  [ A4196D394207369E1431E8681B373312, BEF96BAB70FDF94F8CB2942BDEA9B4D934443E5305E3FD737809C3F7524B1E8E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
15:39:52.0976 0x091c  Tcpip6 - ok
15:39:53.0054 0x091c  [ 95389980F70FC4990A4395A0B8BBE1D6, FB5CBC85733A4EC4FB9F210A5D4E5989F6A3F2995D895F5B41163CDFC04DB82C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:39:53.0085 0x091c  tcpipreg - ok
15:39:53.0117 0x091c  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:39:53.0148 0x091c  TDPIPE - ok
15:39:53.0179 0x091c  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
15:39:53.0210 0x091c  TDTCP - ok
15:39:53.0241 0x091c  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
15:39:53.0273 0x091c  tdx - ok
15:39:53.0304 0x091c  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:39:53.0335 0x091c  TermDD - ok
15:39:53.0366 0x091c  [ BB95DA09BEF6E7A131BFF3BA5032090D, BAF6997F8D944F85F0553957677866C7F22E72AA434BA45FFFB6CC41041070DC ] TermService     C:\Windows\System32\termsrv.dll
15:39:53.0444 0x091c  TermService - ok
15:39:53.0507 0x091c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
15:39:53.0538 0x091c  Themes - ok
15:39:53.0569 0x091c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
15:39:53.0600 0x091c  THREADORDER - ok
15:39:53.0631 0x091c  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
15:39:53.0678 0x091c  TrkWks - ok
15:39:53.0741 0x091c  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:39:53.0756 0x091c  TrustedInstaller - ok
15:39:53.0819 0x091c  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:39:53.0834 0x091c  tssecsrv - ok
15:39:53.0865 0x091c  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
15:39:53.0897 0x091c  tunmp - ok
15:39:53.0928 0x091c  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:39:53.0943 0x091c  tunnel - ok
15:39:53.0975 0x091c  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
15:39:53.0990 0x091c  uagp35 - ok
15:39:54.0021 0x091c  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:39:54.0068 0x091c  udfs - ok
15:39:54.0115 0x091c  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
15:39:54.0146 0x091c  UI0Detect - ok
15:39:54.0162 0x091c  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
15:39:54.0177 0x091c  uliagpkx - ok
15:39:54.0209 0x091c  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
15:39:54.0240 0x091c  uliahci - ok
15:39:54.0271 0x091c  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
15:39:54.0287 0x091c  UlSata - ok
15:39:54.0302 0x091c  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
15:39:54.0318 0x091c  ulsata2 - ok
15:39:54.0349 0x091c  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
15:39:54.0380 0x091c  umbus - ok
15:39:54.0396 0x091c  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
15:39:54.0443 0x091c  upnphost - ok
15:39:54.0505 0x091c  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
15:39:54.0536 0x091c  usbaudio - ok
15:39:54.0599 0x091c  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
15:39:54.0630 0x091c  usbccgp - ok
15:39:54.0661 0x091c  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
15:39:54.0723 0x091c  usbcir - ok
15:39:54.0770 0x091c  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
15:39:54.0786 0x091c  usbehci - ok
15:39:54.0817 0x091c  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:39:54.0848 0x091c  usbhub - ok
15:39:54.0864 0x091c  [ D457EBD0C3A8B3A3A144355B5EE91CBC, 6AD52BDBB1607A48F0B02E663B97C3A00E3345B1B12C259608A5AE728C1C06B2 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
15:39:54.0879 0x091c  usbohci - ok
15:39:54.0911 0x091c  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:39:54.0942 0x091c  usbprint - ok
15:39:54.0973 0x091c  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
15:39:55.0020 0x091c  usbscan - ok
15:39:55.0051 0x091c  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:39:55.0082 0x091c  USBSTOR - ok
15:39:55.0098 0x091c  [ 814D653EFC4D48BE3B04A307ECEFF56F, D73D62F51AEFE2F8F2B938B20107C246F2AC2F62ED49112DBD092A5D2E4024B3 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
15:39:55.0129 0x091c  usbuhci - ok
15:39:55.0160 0x091c  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
15:39:55.0207 0x091c  UxSms - ok
15:39:55.0285 0x091c  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
15:39:55.0394 0x091c  vds - ok
15:39:55.0441 0x091c  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
15:39:55.0472 0x091c  vga - ok
15:39:55.0503 0x091c  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
15:39:55.0535 0x091c  VgaSave - ok
15:39:55.0550 0x091c  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
15:39:55.0581 0x091c  viaagp - ok
15:39:55.0597 0x091c  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
15:39:55.0628 0x091c  ViaC7 - ok
15:39:55.0659 0x091c  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
15:39:55.0675 0x091c  viaide - ok
15:39:55.0691 0x091c  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
15:39:55.0706 0x091c  volmgr - ok
15:39:55.0737 0x091c  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
15:39:55.0769 0x091c  volmgrx - ok
15:39:55.0800 0x091c  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
15:39:55.0831 0x091c  volsnap - ok
15:39:55.0847 0x091c  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
15:39:55.0878 0x091c  vsmraid - ok
15:39:55.0940 0x091c  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
15:39:56.0049 0x091c  VSS - ok
15:39:56.0112 0x091c  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
15:39:56.0143 0x091c  W32Time - ok
15:39:56.0221 0x091c  [ 163FEC5765D0421BE8A11CACDC9534DF, 29D0BC6BFBD98B8441E0CD9D116C8210F28CF3508D0FA9C614EA79D6B0E1A6DB ] W3SVC           C:\Windows\system32\inetsrv\iisw3adm.dll
15:39:56.0299 0x091c  W3SVC - ok
15:39:56.0346 0x091c  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
15:39:56.0408 0x091c  WacomPen - ok
15:39:56.0439 0x091c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
15:39:56.0471 0x091c  Wanarp - ok
15:39:56.0486 0x091c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:39:56.0517 0x091c  Wanarpv6 - ok
15:39:56.0549 0x091c  [ 163FEC5765D0421BE8A11CACDC9534DF, 29D0BC6BFBD98B8441E0CD9D116C8210F28CF3508D0FA9C614EA79D6B0E1A6DB ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
15:39:56.0611 0x091c  WAS - ok
15:39:56.0736 0x091c  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
15:39:56.0798 0x091c  wcncsvc - ok
15:39:56.0845 0x091c  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:39:56.0876 0x091c  WcsPlugInService - ok
15:39:56.0892 0x091c  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
15:39:56.0907 0x091c  Wd - ok
15:39:56.0985 0x091c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:39:57.0017 0x091c  Wdf01000 - ok
15:39:57.0048 0x091c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:39:57.0079 0x091c  WdiServiceHost - ok
15:39:57.0095 0x091c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
15:39:57.0126 0x091c  WdiSystemHost - ok
15:39:57.0173 0x091c  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
15:39:57.0188 0x091c  WebClient - ok
15:39:57.0235 0x091c  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:39:57.0266 0x091c  Wecsvc - ok
15:39:57.0297 0x091c  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
15:39:57.0329 0x091c  wercplsupport - ok
15:39:57.0360 0x091c  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:39:57.0391 0x091c  WerSvc - ok
15:39:57.0453 0x091c  [ 72CC6A8CA7891031D6380DB5025C773C, 33D5021C3A2FE8E9F6E2C22F4777E1D82A6B3998EB857B618A3C8838D3C8B03E ] winachsf        C:\Windows\system32\DRIVERS\HSX_CNXT.sys
15:39:57.0531 0x091c  winachsf - ok
15:39:57.0609 0x091c  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
15:39:57.0625 0x091c  WinDefend - ok
15:39:57.0656 0x091c  WinHttpAutoProxySvc - ok
15:39:57.0719 0x091c  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
15:39:57.0750 0x091c  Winmgmt - ok
15:39:57.0812 0x091c  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
15:39:57.0968 0x091c  WinRM - ok
15:39:58.0046 0x091c  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
15:39:58.0124 0x091c  Wlansvc - ok
15:39:58.0187 0x091c  [ 6067ACEF367E79914AF628FA1E9B5330, 491A705267B48C103E00B26BBD21FA8829DB03A88343CBC27264CEE5DE8C8DEF ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:39:58.0202 0x091c  wlcrasvc - ok
15:39:58.0358 0x091c  [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:39:58.0499 0x091c  wlidsvc - ok
15:39:58.0577 0x091c  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
15:39:58.0608 0x091c  WmiAcpi - ok
15:39:58.0655 0x091c  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:39:58.0686 0x091c  wmiApSrv - ok
15:39:58.0889 0x091c  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
15:39:59.0029 0x091c  WMPNetworkSvc - ok
15:39:59.0045 0x091c  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:39:59.0076 0x091c  WPCSvc - ok
15:39:59.0107 0x091c  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:39:59.0123 0x091c  WPDBusEnum - ok
15:39:59.0185 0x091c  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
15:39:59.0216 0x091c  WpdUsb - ok
15:39:59.0294 0x091c  [ F8D3544ACBCE9110362119F7C10D848E, 31C49201A931751A36286874AC0B929D886F490D7CE48CCC9283850A56AD9FD9 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:39:59.0372 0x091c  WPFFontCache_v0400 - ok
15:39:59.0450 0x091c  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
15:39:59.0481 0x091c  ws2ifsl - ok
15:39:59.0513 0x091c  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
15:39:59.0544 0x091c  wscsvc - ok
15:39:59.0559 0x091c  WSearch - ok
15:39:59.0731 0x091c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
15:39:59.0949 0x091c  wuauserv - ok
15:40:00.0090 0x091c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:40:00.0152 0x091c  WudfPf - ok
15:40:00.0230 0x091c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:00.0261 0x091c  WUDFRd - ok
15:40:00.0293 0x091c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
15:40:00.0324 0x091c  wudfsvc - ok
15:40:00.0371 0x091c  [ DAB33CFA9DD24251AAA389FF36B64D4B, 1C5D7C3D6C3552BDD52EB7E76031746D7DAAF64CA2432CC23329DA72BE7252D0 ] XAudio          C:\Windows\system32\DRIVERS\xaudio.sys
15:40:00.0386 0x091c  XAudio - ok
15:40:00.0417 0x091c  [ CD5F291A1161F15896D1A4D63DAFF5DF, 4F30DC454F255249431FCD14DE17858A79A088A4084F2CEDD0CF25382D427285 ] XAudioService   C:\Windows\system32\DRIVERS\xaudio.exe
15:40:00.0464 0x091c  XAudioService - ok
15:40:00.0589 0x091c  [ 9EEA6D029FEF5F3016D089B1A603837D, 0DB78D89A64B0C6C98E4E4454692EB7A51B0B3B1FA54CECB74D5B55AE7BEF4C9 ] xnacc           C:\Windows\system32\DRIVERS\xnacc.sys
15:40:00.0651 0x091c  xnacc - ok
15:40:00.0683 0x091c  [ A640C90B007762939507C28A021BE3B3, 465289C2620E6B53973E08C969D86EB8C5AE33D279B1055E48725758F9FCF9B9 ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
15:40:00.0714 0x091c  xusb21 - ok
15:40:00.0729 0x091c  ================ Scan global ===============================
15:40:00.0776 0x091c  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
15:40:00.0823 0x091c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
15:40:00.0870 0x091c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
15:40:00.0901 0x091c  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
15:40:00.0917 0x091c  [ Global ] - ok
15:40:00.0917 0x091c  ================ Scan MBR ==================================
15:40:00.0932 0x091c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
15:40:01.0463 0x091c  \Device\Harddisk0\DR0 - ok
15:40:01.0463 0x091c  ================ Scan VBR ==================================
15:40:01.0478 0x091c  [ D9430427AD21018E8DFEBA7F5D2E71CF ] \Device\Harddisk0\DR0\Partition1
15:40:01.0556 0x091c  \Device\Harddisk0\DR0\Partition1 - ok
15:40:01.0556 0x091c  [ 62B449B5423F500D4CB61DCA82F4029A ] \Device\Harddisk0\DR0\Partition2
15:40:01.0634 0x091c  \Device\Harddisk0\DR0\Partition2 - ok
15:40:01.0650 0x091c  ================ Scan generic autorun ======================
15:40:01.0650 0x091c  DLCGCATS - ok
15:40:01.0790 0x091c  [ 61A176DC21EDEF4BFB771E76BB4F0355, 251F6081025C35EBE78A7597BBE53F7DEAA0EE9A713B4F5044E1B69D0C0B7072 ] C:\Program Files\Dell AIO 810\dlcgmon.exe
15:40:01.0821 0x091c  dlcgmon.exe - ok
15:40:01.0899 0x091c  [ 6F0B77C8CF5E82FF1BED6549EA7A5A04, FACAAB5B530BBED165A84E6E69B0F1DDBE5733FE5485D1E83B0BE6A869FBEBE1 ] C:\Program Files\Dell Fax Solutions\fm3032.exe
15:40:01.0931 0x091c  FaxCenterServer - ok
15:40:02.0040 0x091c  [ D59A589B74DDBDCEA796383304A92D44, F908CB47F5206938DA3908932D037C3CF754AD87913F863B5EF4D375BBEBAB2E ] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
15:40:02.0071 0x091c  Monitor - ok
15:40:02.0180 0x091c  [ F4F7C86191A981C804326E2EF6F3604F, 1ECE05E643AFFB27A148A8B86615F6C167875EF29D6FF7E2FD15B8DCBE6B8A16 ] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
15:40:02.0211 0x091c  Adobe Reader Speed Launcher - ok
15:40:02.0321 0x091c  [ 48BE298F7FD1BEF4D8FBACB04D8D95C4, D375B3F6E850E4B0EC81BAA0E554C356BE2248AA77C6C56F5267CA05460FE4EB ] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
15:40:02.0414 0x091c  Adobe ARM - ok
15:40:03.0381 0x091c  [ 8C7DDBBF366869A61218AB7A6802C3E9, 4A42D5420D88B936A5064C0776D2846BED126BA69CEA2BCB2435AE1EA1D3005C ] C:\Windows\RtHDVCpl.exe
15:40:03.0881 0x091c  RtHDVCpl - ok
15:40:04.0052 0x091c  [ 7632A6EA63FEEBC2798D3852CE754972, 291409858E75B7E84397EED3270E737958255E7F733A3B2FE7BD282A2604B247 ] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
15:40:04.0083 0x091c  Avira Systray - ok
15:40:04.0161 0x091c  [ DAA21DC0AA2E688370D356757892816D, 97EBF3B8A4B8544B6C1379A391AA4079F38EB4D507931249BC1427D961F58F8C ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
15:40:04.0255 0x091c  avgnt - ok
15:40:04.0366 0x091c  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
15:40:04.0413 0x091c  ehTray.exe - ok
15:40:04.0553 0x091c  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\sidebar.exe
15:40:04.0756 0x091c  Sidebar - ok
15:40:04.0834 0x091c  [ 35937EAD711207544E219C2A19A78A7D, EE6E5EAE00F577D7C3FFB8C0D8EE484552A337CEAA27FCB107174A9879FE7362 ] C:\Program Files\Windows Media Player\WMPNSCFG.exe
15:40:04.0850 0x091c  WMPNSCFG - ok
15:40:06.0472 0x091c  [ EEE55F88D83E97DD51B8E3231AC1004F, 3EB7C2BB2F5EC23B80AC4814FDC79595CE24895E0E2648674E34DA89B9C688CC ] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
15:40:07.0237 0x091c  SUPERAntiSpyware - ok
15:40:07.0252 0x091c  Waiting for KSN requests completion. In queue: 76
15:40:08.0266 0x091c  Waiting for KSN requests completion. In queue: 76
15:40:09.0280 0x091c  Waiting for KSN requests completion. In queue: 76
15:40:10.0294 0x091c  Waiting for KSN requests completion. In queue: 76
15:40:11.0308 0x091c  Waiting for KSN requests completion. In queue: 76
15:40:12.0353 0x091c  AV detected via SS2: Avira Desktop, C:\Program Files\Avira\AntiVir Desktop\wsctool.exe ( 14.0.7.266 ), 0x41000 ( enabled : updated )
15:40:12.0353 0x091c  AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe (  ), 0x60000 ( disabled : updated )
15:40:12.0400 0x091c  Win FW state via NFP2: enabled
15:40:17.0267 0x091c  ============================================================
15:40:17.0267 0x091c  Scan finished
15:40:17.0267 0x091c  ============================================================
15:40:17.0299 0x07a0  Detected object count: 0
15:40:17.0299 0x07a0  Actual detected object count: 0

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:56 PM

Posted 20 October 2014 - 02:47 PM

Very good,

Let's do a final check up:


Step 1


Please download the eset.pngESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
Note: Do not forget to re-enable your antivirus application after running the above scan!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 BrySwy

BrySwy
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:56 AM

Posted 20 October 2014 - 04:08 PM

Is this what you needed?
 
 
C:\FRST\Quarantine\C\Program Files\iWon_5kEI\Installr\1.bin\NP5kEISB.dll.xBAD a variant of Win32/Toolbar.MyWebSearch.AH potentially unwanted application
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp359E.exe.xBAD Win32/Simda.B trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp3B0E.exe.xBAD a variant of Generik.IZKXSHU trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp7FAB.exe.xBAD a variant of Win32/Kryptik.CMYX trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp8323.exe.xBAD a variant of Win32/Kryptik.CNFI trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmp8AB0.exe.xBAD Win32/Simda.B trojan
C:\FRST\Quarantine\C\ProgramData\Microsoft\Secure\Icons\temp\tmpF20D.exe.xBAD Win32/Boaxxe.BQ trojan
C:\FRST\Quarantine\C\Users\Hayley\AppData\Local\Ovhics\EP0NM4R0.DLL a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Hayley\AppData\Local\Ovhics\res1.dll a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Hayley\AppData\Local\YzkfPack\EP0LIMM2.dll a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Hayley\AppData\Local\YzkfPack\mc_config_mp2v.dll a variant of Win32/Packed.Themida potentially unwanted application
C:\FRST\Quarantine\C\Users\Hayley\AppData\Local\YzkfPack\tmp3B0E.exe a variant of Generik.IZKXSHU trojan
C:\Program Files\Adware-Removal-Tool\ARTP3.exe MSIL/FakeTool.PS trojan
C:\Program Files\Adware-Removal-Tool\Quarantine\Google Chrome\Default\Cache\f_0038f0 Win32/Systweak.K potentially unwanted application
C:\Program Files\albrechto\nkopijddpkmggacdghppacglggodkcod.crx Win32/BrowseFox.B potentially unwanted application
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEIPlug.dll a variant of Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Program Files\iWon_5kEI\Installr\1.bin\5kEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\Program Files\WiseConvert\ldrtbWise.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Program Files\WiseConvert\tbWise.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Program Files\WiseConvert\WiseConvertToolbarHelper.exe Win32/Toolbar.Conduit.Q potentially unwanted application
C:\ProgramData\{E126B434-06DC-448E-8D40-9D498BE72122}\BRAND_FILES\78A167C3\FDBA687B\SetupDataMngr_BearShare.exe a variant of Win32/Toolbar.SearchSuite.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\FilmFanaticEI\Installr\1.bin\NPpaEISb.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\FilmFanaticEI\Installr\1.bin\paEIPlug.dll.vir Win32/Toolbar.MyWebSearch potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files\FilmFanaticEI\Installr\1.bin\paEZSETP.dll.vir Win32/Toolbar.MyWebSearch.Q potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Hayley\AppData\Roaming\Yvkuhiy\ibihumg.exe.vir Win32/Spy.Zbot.ABP trojan
C:\Qoobox\Quarantine\C\Windows\System32\roboot.exe.vir a variant of Win32/Systweak.A potentially unwanted application
C:\Users\All Users\{E126B434-06DC-448E-8D40-9D498BE72122}\BRAND_FILES\78A167C3\FDBA687B\SetupDataMngr_BearShare.exe a variant of Win32/Toolbar.SearchSuite.A potentially unwanted application
C:\Users\Hayley\AppData\LocalLow\RecipeHub_2jEI\Installr\Cache\09E403DA.exe a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application
C:\Users\Hayley\AppData\LocalLow\WiseConvert\ldrtbWise.dll a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\Users\Hayley\AppData\LocalLow\WiseConvert\tbWise.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Users\Hayley\AppData\Roaming\Browser Extensions\coupons_3.1.xpi JS/Adware.Spigot.A application
C:\Users\Hayley\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\COMPACT.EXE a variant of Win32/Agent.VPS trojan
C:\Windows\Installer\26911af.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

"My brain is only a receiver, in the Universe there is a core from which we retain knowledge, strength and inspiration. I have not penetrated into the secrets of this core, but I know that it exists." -NIKOLA TESLA





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users