Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Machine & Browsers, Text is Jagged, url's are hit/miss


  • This topic is locked This topic is locked
16 replies to this topic

#1 neonkiwi05

neonkiwi05

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 25 February 2015 - 10:09 PM

Recently my Vista machine started slowing down and my browser's fonts all changed. When I run Firefox and Chrome the default font is hard to read and somewhat jagged. Also, when I run IE certain websites (yahoo.com, onecallnow.com) comeback with an "Internet Explorer cannot display the webpage" error - however they connect fine in Chrome and Firefox.

 

I've run CCleaner, Adware, and Malwarebytes and removed a few infections but nothing has fixed the above issues.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-02-2015 01
Ran by Matt (administrator) on GRAYGHOST on 25-02-2015 21:44:23
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available profiles: Matt & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\KMPService.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Ralink Technology, Corp.) C:\Program Files\Tenda\Common\RaRegistry.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
(Python Software Foundation) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Windows\System32\MDM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: E - E:\SH-S223C(L).exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {2fbd4110-1425-11e3-91d2-0021705b7b88} - J:\PhotoViewer.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {5a923794-fd28-11de-b20f-0021705b7b88} - F:\PhotoViewer.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {60fa1b6c-f0e8-11de-8b97-0021705b7b88} - M:\PhotoViewer.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {68ce0ed7-7e97-11df-b51c-0021705b7b88} - L:\MI.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {ab018ed8-3985-11e4-b4d5-0021705b7b88} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {ab018ee0-3985-11e4-b4d5-0021705b7b88} - F:\MotorolaDeviceManagerSetup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk.disabled
ShortcutTarget: AutoStart IR.lnk.disabled -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> DefaultScope {105E40B8-1B91-4C75-9940-621A4868319C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> {105E40B8-1B91-4C75-9940-621A4868319C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> {C283A3D3-72B0-4046-9BAD-AA9C7EDDC8A1} URL = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\idv7e6l1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-624428171-3458498054-232214327-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [69632 2009-10-06] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-04-11] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [557568 2010-10-02] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PanService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2009-07-15] (Portrait Displays, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [22656 2014-01-11] (Dev47Apps)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-02] (GFI Software)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [28672 2010-09-01] (Hauppauge Computer Works, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1128512 2011-04-25] (Ralink Technology Corp.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.)
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 21:44 - 2015-02-25 21:44 - 00018075 _____ () C:\Users\Matt\Downloads\FRST.txt
2015-02-25 21:43 - 2015-02-25 21:44 - 00000000 ____D () C:\FRST
2015-02-25 21:43 - 2015-02-25 21:43 - 01127424 _____ (Farbar) C:\Users\Matt\Downloads\FRST.exe
2015-02-25 14:02 - 2015-02-25 14:02 - 00127704 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-25 14:00 - 2015-02-25 14:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-25 14:00 - 2015-02-25 14:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 14:00 - 2015-02-25 14:00 - 00000000 _____ () C:\Windows\setupact.log
2015-02-24 22:50 - 2015-02-25 21:08 - 00016639 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 22:46 - 2015-02-24 22:46 - 00437752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 20:56 - 2006-09-18 16:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-205638.backup
2015-02-24 05:23 - 2015-02-24 05:23 - 00001968 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 05:23 - 2015-02-24 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 05:22 - 2015-02-25 21:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 05:22 - 2015-02-25 05:27 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 23:15 - 2015-02-23 23:18 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2008
2015-02-23 23:15 - 2015-02-23 23:15 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2007
2015-02-23 23:14 - 2015-02-23 23:15 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2006
2015-02-23 23:01 - 2015-02-24 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-23 23:01 - 2015-02-23 23:07 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-02-23 23:01 - 2015-02-23 23:01 - 00001052 _____ () C:\Users\Matt\Desktop\Spybot - Search & Destroy.lnk
2015-02-23 23:01 - 2015-02-23 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-23 22:56 - 2015-02-23 22:56 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Lavasoft
2015-02-23 22:34 - 2015-02-24 22:48 - 00002217 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-23 22:34 - 2015-02-23 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-23 22:33 - 2015-02-23 22:33 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-23 22:31 - 2015-02-23 22:31 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-23 22:29 - 2015-02-22 11:52 - 16409960 _____ (Safer Networking Limited ) C:\Users\Matt\Desktop\spybotsd162.exe
2015-02-23 22:29 - 2015-02-22 11:49 - 01923888 _____ () C:\Users\Matt\Desktop\Adaware_Installer.exe
2015-02-22 21:16 - 2015-02-22 21:16 - 01170432 _____ (How, Inc) C:\Users\Matt\Downloads\FreeYouTubeDownloaderOC.exe
2015-02-22 21:15 - 2015-02-22 21:15 - 00103896 _____ (GreenTree Applications SRL) C:\Users\Matt\Downloads\YTDSetup(1).exe
2015-02-22 21:11 - 2015-02-22 21:12 - 00103896 _____ (GreenTree Applications SRL) C:\Users\Matt\Downloads\YTDSetup.exe
2015-02-22 20:10 - 2015-02-22 20:10 - 02998656 _____ (Enigma Software Group USA, LLC.) C:\Users\Matt\Downloads\SpyHunter-Installer.exe
2015-02-22 17:30 - 2015-02-22 17:30 - 00000000 ____D () C:\Users\Matt\Desktop\Videos 2013
2015-02-22 17:29 - 2015-02-22 17:30 - 00000000 ____D () C:\Users\Matt\Desktop\Videos 2014
2015-02-22 17:26 - 2015-02-23 23:14 - 00000000 ____D () C:\Users\Matt\Desktop\Craft Idea
2015-02-22 16:56 - 2015-02-22 17:45 - 00000000 ____D () C:\Users\Matt\Desktop\Misc Images
2015-02-22 09:40 - 2015-02-22 09:40 - 00322880 _____ () C:\Users\Matt\Downloads\wnetwatcher_setup.exe
2015-02-22 09:40 - 2015-02-22 09:40 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2015-02-22 09:40 - 2015-02-22 09:40 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-22 08:57 - 2015-02-22 08:57 - 00033196 _____ () C:\Users\Matt\Downloads\satisfy.zip
2015-02-22 08:54 - 2015-02-22 08:54 - 05894184 _____ () C:\Users\Matt\Downloads\Lato2OFL.zip
2015-02-20 18:21 - 2015-02-20 18:21 - 00000801 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-20 18:21 - 2015-02-20 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 18:21 - 2015-02-20 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 18:20 - 2015-02-20 18:20 - 05325208 _____ (Piriform Ltd) C:\Users\Matt\Downloads\ccsetup502.exe
2015-02-20 08:16 - 2015-02-20 08:16 - 00000855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-20 08:16 - 2015-02-20 08:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-19 22:38 - 2015-02-24 21:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 22:38 - 2015-02-19 22:38 - 00000896 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-19 22:38 - 2015-02-19 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 22:38 - 2015-02-19 22:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-19 22:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-19 22:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-15 21:46 - 2015-02-15 21:46 - 00007672 _____ () C:\Users\Matt\Downloads\Dragonball Evolution (2009) [720p] YIFY - YTS.torrent
2015-02-13 01:03 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 01:03 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 20:36 - 2015-01-08 19:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 20:36 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:35 - 2015-01-14 23:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 20:35 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 20:34 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:18 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:18 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 09:18 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:18 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:18 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:18 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:18 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:18 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 09:18 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2015-01-31 00:16 - 2015-01-31 00:16 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\MediaInfo
2015-01-31 00:13 - 2015-01-31 00:13 - 04760024 _____ (MediaArea.net) C:\Users\Matt\Downloads\MediaInfo_GUI_0.7.72_Windows.exe
2015-01-30 22:35 - 2015-01-30 22:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvsoft
2015-01-30 22:34 - 2015-01-30 22:34 - 00000000 ____D () C:\Program Files\Anvsoft
2015-01-30 22:32 - 2015-01-30 22:33 - 33703656 _____ (Any-Video-Converter.com ) C:\Users\Matt\Downloads\avc-free.exe
2015-01-27 22:16 - 2015-01-27 22:16 - 00289100 _____ () C:\Users\Matt\Downloads\wonders of the universe 720p_10924_i22294310_il345.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-25 21:05 - 2013-10-22 21:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-25 20:46 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-25 20:46 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-25 19:14 - 2013-10-20 21:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-25 14:00 - 2011-10-01 18:54 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-02-25 08:15 - 2014-03-31 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-24 22:46 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 21:25 - 2006-11-02 08:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-24 05:23 - 2010-06-19 18:18 - 00000000 ____D () C:\Users\Matt\AppData\Local\Google
2015-02-24 05:22 - 2011-08-10 19:48 - 00000000 ____D () C:\Program Files\Google
2015-02-24 05:22 - 2010-06-19 18:18 - 00000000 ____D () C:\Users\Matt\AppData\Local\Deployment
2015-02-23 23:19 - 2012-08-21 09:53 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2009
2015-02-23 22:53 - 2014-06-25 20:16 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc
2015-02-23 22:32 - 2006-11-02 05:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 22:31 - 2012-07-26 13:08 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2012
2015-02-23 22:29 - 2013-10-15 20:30 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-23 22:26 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-22 22:27 - 2009-04-21 21:15 - 00000000 ____D () C:\Users\Matt
2015-02-22 20:49 - 2009-04-11 12:03 - 00000000 ____D () C:\Program Files\Dell
2015-02-22 20:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-22 17:52 - 2014-02-24 22:55 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2014
2015-02-22 17:50 - 2012-07-26 13:10 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2011
2015-02-22 17:44 - 2014-02-24 22:56 - 00000000 ____D () C:\Users\Matt\Desktop\Pictures 2013
2015-02-22 17:37 - 2014-12-21 13:59 - 00000000 ____D () C:\Users\Matt\Desktop\Craigs List
2015-02-22 17:19 - 2014-05-28 21:52 - 00000000 ____D () C:\Users\Matt\Desktop\Internet Short Cuts
2015-02-21 19:29 - 2014-07-08 21:55 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\BitComet
2015-02-20 18:23 - 2012-07-18 20:22 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 09:34 - 2013-10-20 21:08 - 00000000 ___HD () C:\$AVG
2015-02-20 08:16 - 2013-08-20 21:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-19 23:06 - 2009-04-21 21:19 - 00000946 _____ () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-19 22:38 - 2010-05-31 10:52 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2015-02-19 22:38 - 2010-05-31 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-13 21:23 - 2011-06-17 22:32 - 00000000 ___RD () C:\Users\Matt\Desktop\00covers
2015-02-12 07:08 - 2011-10-01 18:54 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-02-11 20:44 - 2013-08-14 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:37 - 2006-11-02 05:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-08 23:23 - 2014-03-13 21:26 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Plex Home Theater
2015-02-07 10:46 - 2014-09-15 21:45 - 00000000 ____D () C:\Program Files\Motorola Mobility
2015-02-07 10:46 - 2009-04-11 11:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-07 10:18 - 2011-10-02 19:38 - 00000000 ____D () C:\Temp
2015-02-05 06:05 - 2013-01-05 22:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 06:05 - 2013-01-05 22:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 18:06 - 2009-08-16 15:32 - 00007620 _____ () C:\Users\Matt\AppData\Local\d3d9caps.dat
2015-01-31 00:14 - 2013-05-07 21:58 - 00001119 _____ () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo.lnk
2015-01-31 00:14 - 2013-05-07 21:58 - 00000000 ____D () C:\Program Files\MediaInfo
2015-01-30 22:35 - 2013-01-15 22:39 - 00000000 ____D () C:\Users\Matt\Documents\Any Video Converter
2015-01-30 22:35 - 2013-01-15 22:39 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\AnvSoft
2015-01-28 09:43 - 2015-01-25 13:51 - 00000000 ____D () C:\Users\Matt\AppData\Local\Avg2015
 
==================== Files in the root of some directories =======
 
2009-07-29 19:19 - 2009-11-30 22:27 - 8653312 _____ (Dell, Inc.                                                   ) C:\Users\Matt\AppData\Roaming\DataSafeDotNet.exe
2011-02-13 21:58 - 2013-11-02 16:37 - 0000142 _____ () C:\Users\Matt\AppData\Roaming\default.rss
2011-06-04 09:19 - 2011-06-04 09:19 - 0087608 _____ () C:\Users\Matt\AppData\Roaming\inst.exe
2011-06-04 09:19 - 2011-06-04 09:19 - 0007887 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.cat
2011-06-04 09:19 - 2011-06-04 09:19 - 0001144 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.inf
2011-06-04 09:19 - 2011-06-04 09:19 - 0000055 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.log
2011-06-04 09:19 - 2011-06-04 09:19 - 0047360 _____ (VSO Software) C:\Users\Matt\AppData\Roaming\pcouffin.sys
2014-02-17 21:28 - 2014-02-17 21:28 - 0086528 ____H () C:\Users\Matt\AppData\Roaming\rbap500.dll
2013-01-16 16:13 - 2013-01-16 16:15 - 0002185 _____ () C:\Users\Matt\AppData\Roaming\Requiem.log
2009-05-16 07:55 - 2009-07-24 20:43 - 0000188 _____ () C:\Users\Matt\AppData\Roaming\wklnhst.dat
2009-08-16 15:32 - 2015-02-04 18:06 - 0007620 _____ () C:\Users\Matt\AppData\Local\d3d9caps.dat
2009-08-06 20:53 - 2014-05-16 19:29 - 0212992 _____ () C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-02 22:30 - 2012-05-02 22:30 - 0000001 _____ () C:\Users\Matt\AppData\Local\llftool.4.25.agreement
2009-06-30 19:53 - 2011-10-20 20:11 - 0002532 _____ () C:\ProgramData\hpzinstall.log
2012-04-14 11:35 - 2014-04-13 23:24 - 0000899 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-04-09 22:26 - 2011-04-09 22:25 - 7500800 _____ () C:\ProgramData\Transposer.msi
 
Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-25 10:56
 

==================== End Of Log ============================ 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 02 March 2015 - 10:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/568325 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 03 March 2015 - 11:09 PM

Recently my Vista machine started slowing down and my browser's fonts all changed. When I run Firefox and Chrome the default font is hard to read and somewhat jagged. Also, when I run IE certain websites (yahoo.com, onecallnow.com) comeback with an "Internet Explorer cannot display the webpage" error - however they connect fine in Chrome and Firefox. I'm also getting blank webpages when I go to url, then I have to refresh to see pages. 
 
My start menu also has item disappear or get strange boxes around menu items. 
 
I've run CCleaner, Adware, and Malwarebytes and removed a few infections but nothing has fixed the above issues.
 
Also, I do have my original Windows CD/DVD
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-03-2015
Ran by Matt (administrator) on GRAYGHOST on 03-03-2015 22:56:58
Running from C:\Users\Matt\Downloads
Loaded Profiles: Matt (Available profiles: Matt & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
(Hauppauge Computer Works) C:\Program Files\WinTV\TVServer\CaptureGenPCI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\KMPService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Portrait Displays, Inc.) C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Ralink Technology, Corp.) C:\Program Files\Tenda\Common\RaRegistry.exe
(PandoraTV) C:\Program Files\PANDORA.TV\PanService\KMPProcess.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\MDM.EXE
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3710416 2015-02-19] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5496600 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: E - E:\SH-S223C(L).exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {2fbd4110-1425-11e3-91d2-0021705b7b88} - J:\PhotoViewer.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {5a923794-fd28-11de-b20f-0021705b7b88} - F:\PhotoViewer.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {60fa1b6c-f0e8-11de-8b97-0021705b7b88} - M:\PhotoViewer.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {68ce0ed7-7e97-11df-b51c-0021705b7b88} - L:\MI.exe
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {ab018ed8-3985-11e4-b4d5-0021705b7b88} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\MountPoints2: {ab018ee0-3985-11e4-b4d5-0021705b7b88} - F:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [220672 2008-01-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk.disabled
ShortcutTarget: AutoStart IR.lnk.disabled -> C:\Program Files\WinTV\Ir.exe (Hauppauge Computer Works)
Startup: C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> DefaultScope {105E40B8-1B91-4C75-9940-621A4868319C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> {105E40B8-1B91-4C75-9940-621A4868319C} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> {C283A3D3-72B0-4046-9BAD-AA9C7EDDC8A1} URL = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKU\S-1-5-21-624428171-3458498054-232214327-1000 -> &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\idv7e6l1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-624428171-3458498054-232214327-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-05-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome: 
=======
CHR Profile: C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-24]
CHR Extension: (Google Docs) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-24]
CHR Extension: (Google Drive) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-24]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-24]
CHR Extension: (YouTube) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-24]
CHR Extension: (Google Search) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-24]
CHR Extension: (Google Sheets) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-24]
CHR Extension: (Google Wallet) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR Extension: (Gmail) - C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-24]
CHR HKLM\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - No Path Or update_url value
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor9.0; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [169408 2010-09-30] (Adobe Systems Incorporated)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [73728 2008-07-18] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3411408 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [308720 2015-02-19] (AVG Technologies CZ, s.r.o.)
R2 DTSRVC; C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe [69632 2009-10-06] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2009-04-11] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HauppaugeTVServer; C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe [557568 2010-10-02] (Hauppauge Computer Works) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe [662544 2014-12-18] ()
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
R2 PanService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 PdiService; C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [109168 2009-07-15] (Portrait Displays, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 RalinkRegistryWriter; C:\Program Files\Tenda\Common\RaRegistry.exe [375872 2011-03-31] (Ralink Technology, Corp.)
S3 RaMediaServer; C:\Program Files\Tenda\Common\RaMediaServer.exe [621632 2011-03-04] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [217568 2015-02-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [154904 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [265184 2015-02-03] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [107488 2015-01-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [210400 2015-01-16] (AVG Technologies CZ, s.r.o.)
R3 DroidCam; C:\Windows\System32\drivers\droidcam.sys [22656 2014-01-11] (Dev47Apps)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-03-02] (GFI Software)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [28672 2010-09-01] (Hauppauge Computer Works, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-09-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-09-08] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [1128512 2011-04-25] (Ralink Technology Corp.)
S3 PalmUSBD; C:\Windows\System32\drivers\PalmUSBD.sys [16640 2007-12-04] (PalmSource, Inc.)
R3 PdiPorts; C:\Windows\System32\Drivers\PdiPorts.sys [15920 2006-11-16] (Portrait Displays, Inc.)
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [360376 2014-10-09] (BitDefender S.R.L.)
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-03 22:56 - 2015-03-03 23:01 - 00017964 _____ () C:\Users\Matt\Downloads\FRST.txt
2015-03-03 22:55 - 2015-03-03 22:55 - 00000000 ____D () C:\Users\Matt\Downloads\old scans
2015-03-03 22:55 - 2015-03-03 22:55 - 00000000 ____D () C:\Users\Matt\Downloads\FRST-OlderVersion
2015-02-28 00:01 - 2015-02-28 00:19 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\avidemux
2015-02-27 23:58 - 2015-02-27 23:58 - 00000000 ____D () C:\Users\Matt\AppData\Local\My_MP4Box_GUI
2015-02-27 23:48 - 2015-02-28 00:23 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-27 23:09 - 2015-02-27 23:56 - 00000049 _____ () C:\Users\Matt\AppData\Roaming\GPACgpac_pl.m3u
2015-02-27 23:09 - 2015-02-27 23:56 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\GPAC
2015-02-26 22:43 - 2015-02-26 23:51 - 00000000 ____D () C:\Users\Matt\Desktop\Items Moved Over
2015-02-25 21:43 - 2015-03-03 22:57 - 00000000 ____D () C:\FRST
2015-02-25 21:43 - 2015-03-03 22:55 - 01132032 _____ (Farbar) C:\Users\Matt\Downloads\FRST.exe
2015-02-25 14:02 - 2015-02-25 14:02 - 00127704 _____ () C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-25 14:00 - 2015-02-25 14:00 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-25 14:00 - 2015-02-25 14:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-25 14:00 - 2015-02-25 14:00 - 00000000 _____ () C:\Windows\setupact.log
2015-02-24 22:50 - 2015-03-03 20:34 - 00072108 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 22:46 - 2015-02-24 22:46 - 00437752 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-24 20:56 - 2006-09-18 16:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150224-205638.backup
2015-02-24 05:23 - 2015-02-24 05:23 - 00001968 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-24 05:23 - 2015-02-24 05:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-24 05:22 - 2015-03-03 22:27 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-24 05:22 - 2015-03-03 05:27 - 00000878 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-23 23:01 - 2015-02-24 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-23 23:01 - 2015-02-23 23:07 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2015-02-23 23:01 - 2015-02-23 23:01 - 00001052 _____ () C:\Users\Matt\Desktop\Spybot - Search & Destroy.lnk
2015-02-23 23:01 - 2015-02-23 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-02-23 22:56 - 2015-02-23 22:56 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Lavasoft
2015-02-23 22:34 - 2015-02-27 21:05 - 00002217 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2015-02-23 22:34 - 2015-02-23 22:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-02-23 22:33 - 2015-02-23 22:33 - 00000000 ____D () C:\Program Files\Lavasoft
2015-02-23 22:31 - 2015-02-23 22:31 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2015-02-22 09:40 - 2015-02-22 09:40 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft Wireless Network Watcher
2015-02-22 09:40 - 2015-02-22 09:40 - 00000000 ____D () C:\Program Files\NirSoft
2015-02-20 18:21 - 2015-02-20 18:21 - 00000801 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-20 18:21 - 2015-02-20 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-20 18:21 - 2015-02-20 18:21 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-20 08:16 - 2015-02-20 08:16 - 00000855 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-20 08:16 - 2015-02-20 08:16 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-19 22:38 - 2015-02-24 21:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-19 22:38 - 2015-02-19 22:38 - 00000896 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-19 22:38 - 2015-02-19 22:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-19 22:38 - 2015-02-19 22:38 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-19 22:38 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-19 22:38 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-19 21:28 - 2015-02-19 21:28 - 00217568 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2015-02-13 01:03 - 2015-01-22 22:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-13 01:03 - 2015-01-22 21:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-11 20:36 - 2015-01-08 19:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 20:36 - 2014-11-25 21:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 20:35 - 2015-01-14 23:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 20:35 - 2015-01-12 20:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 20:34 - 2014-12-07 20:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:18 - 2015-01-13 20:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:18 - 2015-01-13 20:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-11 09:18 - 2015-01-13 20:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:18 - 2015-01-13 20:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:18 - 2015-01-13 20:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:18 - 2015-01-13 20:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-11 09:18 - 2015-01-13 20:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:18 - 2015-01-13 20:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:18 - 2015-01-13 20:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-11 09:18 - 2015-01-13 20:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-11 09:18 - 2015-01-13 20:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-03 10:47 - 2015-02-03 10:47 - 00265184 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-03 22:42 - 2011-06-17 22:32 - 00000000 ___RD () C:\Users\Matt\Desktop\00covers
2015-03-03 22:05 - 2013-10-22 21:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 21:03 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 21:03 - 2006-11-02 07:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 19:14 - 2013-10-20 21:02 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-03 14:00 - 2011-10-01 18:54 - 00000506 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2015-03-02 21:49 - 2014-06-25 20:16 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\vlc
2015-03-01 17:10 - 2014-03-13 21:26 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Plex Home Theater
2015-02-27 21:03 - 2006-11-02 08:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-27 21:01 - 2006-11-02 08:01 - 00032578 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-27 00:04 - 2009-04-21 21:15 - 00000000 ____D () C:\Users\Matt
2015-02-25 08:15 - 2014-03-31 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-02-24 05:23 - 2010-06-19 18:18 - 00000000 ____D () C:\Users\Matt\AppData\Local\Google
2015-02-24 05:22 - 2011-08-10 19:48 - 00000000 ____D () C:\Program Files\Google
2015-02-24 05:22 - 2010-06-19 18:18 - 00000000 ____D () C:\Users\Matt\AppData\Local\Deployment
2015-02-23 22:32 - 2006-11-02 05:33 - 00759542 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-23 22:29 - 2013-10-15 20:30 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-02-23 22:26 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-22 20:49 - 2009-04-11 12:03 - 00000000 ____D () C:\Program Files\Dell
2015-02-22 20:47 - 2006-11-02 06:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-21 19:29 - 2014-07-08 21:55 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\BitComet
2015-02-20 18:23 - 2012-07-18 20:22 - 00000000 ____D () C:\Program Files\PDFCreator
2015-02-20 09:34 - 2013-10-20 21:08 - 00000000 ___HD () C:\$AVG
2015-02-20 08:16 - 2013-08-20 21:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-19 23:06 - 2009-04-21 21:19 - 00000946 _____ () C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-19 22:38 - 2010-05-31 10:52 - 00000000 ____D () C:\Users\Matt\AppData\Roaming\Malwarebytes
2015-02-19 22:38 - 2010-05-31 10:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-12 07:08 - 2011-10-01 18:54 - 00000564 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2015-02-11 20:44 - 2013-08-14 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-11 20:37 - 2006-11-02 05:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-07 10:46 - 2014-09-15 21:45 - 00000000 ____D () C:\Program Files\Motorola Mobility
2015-02-07 10:46 - 2009-04-11 11:42 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-07 10:18 - 2011-10-02 19:38 - 00000000 ____D () C:\Temp
2015-02-05 06:05 - 2013-01-05 22:09 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 06:05 - 2013-01-05 22:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-04 18:06 - 2009-08-16 15:32 - 00007620 _____ () C:\Users\Matt\AppData\Local\d3d9caps.dat
 
==================== Files in the root of some directories =======
 
2009-07-29 19:19 - 2009-11-30 22:27 - 8653312 _____ (Dell, Inc.                                                   ) C:\Users\Matt\AppData\Roaming\DataSafeDotNet.exe
2011-02-13 21:58 - 2013-11-02 16:37 - 0000142 _____ () C:\Users\Matt\AppData\Roaming\default.rss
2015-02-27 23:09 - 2015-02-27 23:56 - 0000049 _____ () C:\Users\Matt\AppData\Roaming\GPACgpac_pl.m3u
2011-06-04 09:19 - 2011-06-04 09:19 - 0087608 _____ () C:\Users\Matt\AppData\Roaming\inst.exe
2011-06-04 09:19 - 2011-06-04 09:19 - 0007887 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.cat
2011-06-04 09:19 - 2011-06-04 09:19 - 0001144 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.inf
2011-06-04 09:19 - 2011-06-04 09:19 - 0000055 _____ () C:\Users\Matt\AppData\Roaming\pcouffin.log
2011-06-04 09:19 - 2011-06-04 09:19 - 0047360 _____ (VSO Software) C:\Users\Matt\AppData\Roaming\pcouffin.sys
2014-02-17 21:28 - 2014-02-17 21:28 - 0086528 ____H () C:\Users\Matt\AppData\Roaming\rbap500.dll
2013-01-16 16:13 - 2013-01-16 16:15 - 0002185 _____ () C:\Users\Matt\AppData\Roaming\Requiem.log
2009-05-16 07:55 - 2009-07-24 20:43 - 0000188 _____ () C:\Users\Matt\AppData\Roaming\wklnhst.dat
2009-08-16 15:32 - 2015-02-04 18:06 - 0007620 _____ () C:\Users\Matt\AppData\Local\d3d9caps.dat
2009-08-06 20:53 - 2014-05-16 19:29 - 0212992 _____ () C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-05-02 22:30 - 2012-05-02 22:30 - 0000001 _____ () C:\Users\Matt\AppData\Local\llftool.4.25.agreement
2009-06-30 19:53 - 2011-10-20 20:11 - 0002532 _____ () C:\ProgramData\hpzinstall.log
2012-04-14 11:35 - 2014-04-13 23:24 - 0000899 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2011-04-09 22:26 - 2011-04-09 22:25 - 7500800 _____ () C:\ProgramData\Transposer.msi
 
Files to move or delete:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-03 21:42
 
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-02-2015 01
Ran by Matt at 2015-02-25 21:45:14
Running from C:\Users\Matt\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Ad-Aware Antivirus (HKLM\...\{69489131-0E91-491B-9E15-1987CDAD95C6}_AdAwareUpdater) (Version: 11.5.202.7299 - Lavasoft)
AdAwareInstaller (Version: 11.5.202.7299 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.5.202.7299 - Lavasoft) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (HKLM\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop.com Inspiration Browser (HKLM\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 (HKLM\...\PremElem90) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 9 Content (HKLM\...\Adobe Premiere Elements 9 Content) (Version: 9.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden
Amazon Kindle For PC (HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\Amazon Kindle For PC) (Version: - Amazon)
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\Amazon Amazon Music) (Version: 3.6.0.671 - Amazon Services LLC)
Amazon Music Importer (HKLM\...\com.amazon.music.uploader) (Version: 2.0.1 - Amazon Services LLC)
Amazon Music Importer (Version: 2.0.1 - Amazon Services LLC) Hidden
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Any Video Converter 5.7.7 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft MediaImpression for Kodak (HKLM\...\{9B260944-746E-4966-8918-0F9636930456}) (Version: 2.0.24.1127 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{F0703DD4-8A45-1767-AFA3-FE67F2D61F36}) (Version: 3.0.682.0 - ATI Technologies, Inc.)
Audacity 2.0.5 (HKLM\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5751 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5751 - AVG Technologies) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
calibre (HKLM\...\{FDE8FDFF-7B95-4235-BB3F-AE63397864C9}) (Version: 0.8.46 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco EAP-FAST Module (HKLM\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Convert Audio Free WMA to MP3 version 1.0 (HKLM\...\Convert Audio Free WMA to MP3_is1) (Version: 1.0 - )
CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
Crystal Reports Basic Runtime for Visual Studio 2008 (HKLM\...\{CE26F10F-C80F-4377-908B-1B7882AE2CE3}) (Version: 10.5.2.0 - Business Objects)
dcmsvc 1.0 (HKLM\...\dcmsvc_is1) (Version: - )
Debugging Tools for Windows (x86) (HKLM\...\{D09605BE-5587-4B0C-86C8-69B5092CB80F}) (Version: 6.12.2.633 - Microsoft Corporation)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
Dell Support Center (HKLM\...\Dell Support Center) (Version: 3.1.5830.17 - Dell Inc.)
Dell Support Center (Version: 3.1.5830.17 - PC-Doctor, Inc.) Hidden
DolbyFiles (Version: 0.1 - Nero AG) Hidden
Elements 9 Organizer (Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (Version: 1.0 - Adobe Systems Incorporated) Hidden
Epson Event Manager (HKLM\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
EPSON NX620 Series Printer Uninstall (HKLM\...\EPSON NX620 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4i - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Exact Audio Copy 1.0beta3 (HKLM\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Free RAR Extract Frog (HKLM\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Hard Disk Low Level Format Tool 4.25 (HKLM\...\Hard Disk Low Level Format Tool_is1) (Version: - HDDGURU)
Hauppauge MCE XP/Vista Software Encoder (2.0.28104) (HKLM\...\Hauppauge MCE2005 Software Encoder) (Version: 2.0.28104 - Hauppauge Computer Works, Inc.)
Hauppauge WinTV 7 (HKLM\...\Hauppauge WinTV 7) (Version: v7.0.28292 - Hauppauge Computer Works)
HP Button Manager (HKLM\...\{CA634931-0CC3-4067-ABCC-7182E1DC23B7}) (Version: 3.2 - Hewlett-Packard)
HP My Display (HKLM\...\{15733AD1-1CEF-459A-9245-0924FC63BDD5}) (Version: 1.40.002 - Portrait Displays, Inc.)
HP Product Detection (HKLM\...\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}) (Version: 9.7.2 - Hewlett-Packard Company)
HP Update (HKLM\...\{787D1A33-A97B-4245-87C0-7174609A540C}) (Version: 5.002.005.003 - Hewlett-Packard)
iCloud (HKLM\...\{925F1DB6-E86E-4378-9091-D1F68B0583C9}) (Version: 2.1.2.8 - Apple Inc.)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
InCD Help (Version: 6.4.0.0 - Nero AG) Hidden
Innova OBD PC-Link (HKLM\...\{55F7F5FE-EAEC-44F1-969F-D63CFDC0EBB8}) (Version: 2.2.7 - Innova Electronics)
iTunes (HKLM\...\{DF9C119C-7F26-45B9-93D4-7C372CBBBA11}) (Version: 11.1.0.126 - Apple Inc.)
Java™ 6 Update 11 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216011FF}) (Version: 6.0.110 - Sun Microsystems, Inc.)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
KMP Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version: - KMP) <==== ATTENTION
LAME v3.98.3 for Audacity (HKLM\...\LAME for Audacity_is1) (Version: - )
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
Logitech Unifying Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MediaInfo 0.7.72 (HKLM\...\MediaInfo) (Version: 0.7.72 - MediaArea.net)
MediaShare Desktop Applications (HKLM\...\{0711ADE3-52A6-4BA0-9403-0A633CD1F12B}) (Version: 1.4.2 - Axentra Corporation)
Memorex exPressit Label Design Studio (HKLM\...\MVApplication1) (Version: - )
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Disc 2 (HKLM\...\{00040409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Small Business (HKLM\...\{00030409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{a55ac379-46b0-461a-95b1-fef5c08443f2}) (Version: 11.0.61030.0 - Microsoft Corporation)
Moovida (Version: 2.5989.00007 - Aedge Performance BCN SL) Hidden
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
Mp3tag v2.53 (HKLM\...\Mp3tag) (Version: v2.53 - Florian Heidenreich)
MSVCSetup (Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM\...\{d13e0ee7-0d97-4e05-b8bf-5d7cba955120}) (Version: - Nero AG)
NirSoft Wireless Network Watcher (HKLM\...\NirSoft Wireless Network Watcher) (Version: - )
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.4.2 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pivot Software (Version: 9.03.004 - Portrait Displays, Inc.) Hidden
Plex Home Theater (HKLM\...\Plex Home Theater) (Version: 1.0.9 - Plex inc)
Plex Media Server (HKLM\...\{7425d872-d65d-42c9-8c6d-7a8a529a4b50}) (Version: 0.9.1107 - Plex, Inc.)
Plex Media Server (Version: 0.9.1107 - Plex, Inc.) Hidden
PowerDVD DX (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.2.5711 - CyberLink Corp.)
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
SDK (Version: 2.17.002 - Portrait Displays, Inc.) Hidden
Skins (Version: 2008.0409.2231.38463 - ATI) Hidden
SmartSound Quicktracks for Premiere Elements 9.0 (HKLM\...\InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}) (Version: 3.12.3090 - SmartSound Software Inc)
SmartSound Quicktracks for Premiere Elements 9.0 (Version: 3.12.3090 - SmartSound Software Inc) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
Stella 4.1.1 (HKLM\...\Stella_is1) (Version: - The Stella Team)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TagScanner 5.1.657 (HKLM\...\TagScanner_is1) (Version: - Sergey Serkov)
Tenda Wireless LAN Card (HKLM\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 1.5.12.0 - Tenda)
TurboTax 2011 (HKLM\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.0 (HKLM\...\VLC media player) (Version: 2.0.0 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-624428171-3458498054-232214327-1000\...\WinDirStat) (Version: - )
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{505DF7A3-88D5-4DD6-9AD5-C98C2ED0CEC4}) (Version: 5.000.817.1 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinX Video Converter 4.0 (HKLM\...\WinX HD Video Converter_is1) (Version: - Digiarty Software,Inc.)
XnView 1.98.2 (HKLM\...\XnView_is1) (Version: 1.98.2 - Gougelet Pierre-e)
XP Codec Pack (HKLM\...\XP Codec Pack) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10171.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{9766F98A-C716-4831-D076-953D8F7554BB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{C54F84CD-8315-F21A-B0A2-E88AEA4F4B88}\InprocServer32 -> No File Path

==================== Restore Points =========================

20-02-2015 00:00:03 Scheduled Checkpoint
20-02-2015 19:05:18 Scheduled Checkpoint
22-02-2015 00:00:00 Scheduled Checkpoint
22-02-2015 20:46:01 Removed Dell Dock
22-02-2015 20:48:49 Removed Dell Getting Started Guide.
22-02-2015 20:50:15 Removed Warner Bros. Digital Copy Manager
23-02-2015 22:29:31 AA11
24-02-2015 23:38:12 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:23 - 2015-02-24 20:56 - 00450653 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {4DCA361B-3968-475A-BDB3-4922D3B28252} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-08-24] (PC-Doctor, Inc.)
Task: {51DAB900-F226-4756-9CA7-DFBAB35170D4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {8F9D7DA9-9E89-475A-9F7E-50B6CB62765C} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2011-08-24] (PC-Doctor, Inc.)
Task: {A299426E-772E-4682-B15E-CAD16FA07167} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell Support Center\uaclauncher.exe [2011-08-24] (PC-Doctor, Inc.)
Task: {B56E5781-1A5D-4F79-90B3-4BC1BE8B9307} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {C8E4D8C4-7CA8-4B85-891B-3143EB56A689} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-24] (Google Inc.)
Task: {CBD1E115-70F1-40FE-BCD1-A9197CDE26E1} - System32\Tasks\AdobeAAMUpdater-1.0-GrayGhost-Matt => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29] (Adobe Systems Incorporated)
Task: {E5DB7502-7853-442B-821D-38BDFAB5BB8B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\Dell Support Center\uaclauncher.exeo-backgroundmon scripts\defaultscan.xml
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => C:\Program Files\Dell Support Center\uaclauncher.exe

==================== Loaded Modules (whitelisted) ==============

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-04-28 19:36 - 2009-10-06 11:37 - 00069632 _____ () C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
2014-12-18 14:45 - 2014-12-18 14:45 - 00662544 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareService.exe
2014-12-18 15:20 - 2014-12-18 15:20 - 00090456 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_thread-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00022360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_system-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00030040 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_chrono-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00048480 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_date_time-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00110432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_filesystem-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 10552144 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareServiceKernel.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02423600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\RCF.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00635224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_regex-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00580424 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareActivation.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00409432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareApplicationUpdater.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00640840 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareGamingMode.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00087360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareReset.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00104768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTime.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00760664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdater.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00691560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareDefinitionsUpdaterScheduler.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00865096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIgnoreList.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00207688 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareQuarantine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00796504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiMalwareEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00174936 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiRootkitEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerHistory.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 01018176 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScanner.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00030552 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_timer-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00768344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareScannerScheduler.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00857432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00190800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareIncompatibles.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00705352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiSpam.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00671056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAntiPhishing.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02364240 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareParentalControl.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02665296 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareWebProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00990032 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareEmailProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00046944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\boost_iostreams-vc100-mt-1_57.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00999256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNetworkProtection.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00766272 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePromo.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00298824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareFeedback.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 02123608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareThreatWorkAlliance.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00969536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwarePinCode.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00766784 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareNotice.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00759112 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareAvcEngine.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00923496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareRealTimeProtectionHistory.dll
2014-12-18 15:20 - 2014-12-18 15:20 - 00121664 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\SecurityCenter.dll
2013-11-13 21:00 - 2012-10-22 11:21 - 01277952 _____ () C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
2013-11-13 21:00 - 2012-07-09 17:57 - 02090496 _____ () C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
2013-11-13 21:00 - 2011-12-06 16:19 - 00133632 _____ () C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
2013-11-13 21:00 - 2012-03-23 10:07 - 00224768 _____ () C:\Program Files\PANDORA.TV\PanService\libupnp.dll
2009-04-11 15:22 - 2008-07-29 10:21 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2015-02-24 05:23 - 2015-02-17 17:44 - 09171272 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll
2015-02-24 05:23 - 2015-02-17 17:44 - 14965064 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00072840 _____ () C:\Program Files\Plex\Plex Media Server\zlib.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00196232 _____ () C:\Program Files\Plex\Plex Media Server\libidn.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00838792 _____ () C:\Program Files\Plex\Plex Media Server\libxml2.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00049800 _____ () C:\Program Files\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00086664 _____ () C:\Program Files\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 02092680 _____ () C:\Program Files\Plex\Plex Media Server\opencv_core249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 01883272 _____ () C:\Program Files\Plex\Plex Media Server\opencv_imgproc249.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00502920 _____ () C:\Program Files\Plex\Plex Media Server\tag.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00044680 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_socket.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00027784 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00018568 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00034952 _____ () C:\Program Files\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00836232 _____ () C:\Program Files\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00062600 _____ () C:\Program Files\Plex\Plex Media Server\libexslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00166024 _____ () C:\Program Files\Plex\Plex Media Server\libxslt.dll
2014-12-21 22:31 - 2014-12-21 22:31 - 00192136 _____ () C:\Program Files\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00016520 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\select.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00054920 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00017032 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00043656 _____ () C:\Program Files\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00081544 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00111240 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-12-21 22:31 - 2014-12-21 22:31 - 00689800 _____ () C:\Program Files\Plex\Plex Media Server\DLLs\unicodedata.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)



HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\exefile: <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-624428171-3458498054-232214327-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Matt\Pictures\Logo-Green-Lantern-HD-Wallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-624428171-3458498054-232214327-500 - Administrator - Disabled)
Guest (S-1-5-21-624428171-3458498054-232214327-501 - Limited - Enabled)
Matt (S-1-5-21-624428171-3458498054-232214327-1000 - Administrator - Enabled) => C:\Users\Matt
Mcx1 (S-1-5-21-624428171-3458498054-232214327-1001 - Administrator - Enabled) => C:\Users\Mcx1

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9720)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/performance) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9720)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/performance) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9220)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/smartdata) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9210)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/smartdata) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:8270)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/software) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:8260)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/software) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:6820)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/hardware) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:6780)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/hardware) failed

Error: (02/25/2015 02:00:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (02/25/2015 02:00:09 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (02/24/2015 10:48:34 PM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: 0xc00d2760

Error: (02/24/2015 10:48:32 PM) (Source: WMPNetworkSvc) (EventID: 14344) (User: )
Description: 0xc00d2760


Microsoft Office Sessions:
=========================
Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9720)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/performance) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9720)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/performance) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9220)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/smartdata) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:9210)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/smartdata) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:8270)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/software) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:8260)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/software) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:6820)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 446 getDirectoryContents(C:\ProgramData\PCDr\5830/hardware) failed

Error: (02/25/2015 02:02:08 PM) (Source: PC-Doctor) (EventID: 1) (User: )
Description: (4636) Asapi: (14:02:08:6780)(4636) libMatrix.profiler.ProfilerSnapshots - Error -- 348 getDirectoryContents(C:\ProgramData\PCDr\5830/hardware) failed

Error: (02/25/2015 02:00:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (02/25/2015 02:00:09 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


CodeIntegrity Errors:
===================================
Date: 2015-02-25 21:45:05.861
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:05.615
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:05.364
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:05.120
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:04.528
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:04.277
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:04.032
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:03.787
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:03.106
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-02-25 21:45:02.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\avgidsdriverx.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E7400 @ 2.80GHz
Percentage of memory in use: 67%
Total physical RAM: 3326.26 MB
Available physical RAM: 1096.75 MB
Total Pagefile: 6871.5 MB
Available Pagefile: 4355.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.54 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.7 GB) (Free:201.19 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:9.23 GB) NTFS
Drive e: (BlueMedia) (Fixed) (Total:931.51 GB) (Free:549.35 GB) NTFS
Drive k: (My Book) (Fixed) (Total:465.65 GB) (Free:150.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 90000000)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=450.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: F282C830)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 44FDFE06)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================

Edited by Oh My!, 04 March 2015 - 10:33 AM.
Posted Addition.txt


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 PM

Posted 04 March 2015 - 10:38 AM

Greetings neonkiwi05 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. The first thing we need to do is move FRST.exe from your Downloads folder to your desktop:

Running from C:\Users\Matt\Downloads


Please run the below for me.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Ad-Aware Antivirus
AVG AntiVirus Free Edition 2015


===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{9766F98A-C716-4831-D076-953D8F7554BB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{C54F84CD-8315-F21A-B0A2-E88AEA4F4B88}\InprocServer32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\exefile: <===== ATTENTION!
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 05 March 2015 - 12:02 PM

I removed Ad-Aware Antivirus and left AVG AntiVirus Free Edition 2015 on the machine. However, when I ran AdwCleaner the Scan worked but the Cleaner process locked-up. 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 PM

Posted 05 March 2015 - 12:09 PM

Attempt it again but before Cleaning open the Log and save it to your desktop. Please continue on with the other steps regardless of whether or not AdwCleaner runs successfully.

I will be away from my computer for about 3 hours or so.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 05 March 2015 - 09:44 PM

AdwCleaner log

 

# AdwCleaner v4.111 - Logfile created 05/03/2015 at 07:31:39
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (x86)
# Username : Matt - GRAYGHOST
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : PanService
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\PANDORA.TV
Folder Deleted : C:\Windows\Installer\{B9A7B5EE-9B7B-4A09-BCAE-8738B20F38EA}
Folder Deleted : C:\Users\Matt\AppData\Local\Moovida
Folder Deleted : C:\Users\Matt\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Matt\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Matt\AppData\Roaming\moovida-1
[x] Not Deleted : C:\Users\Matt\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Matt\AppData\Roaming\download Manager
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Moovida
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\AedgePerformanceBCN
[x] Not Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar
[x] Not Deleted : HKLM\SOFTWARE\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Hyperionics DB Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Moovida
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*;<local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16609
 
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
 
-\\ Google Chrome v40.0.2214.115
 
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3247 bytes] - [04/03/2015 23:16:29]
AdwCleaner[R1].txt - [3364 bytes] - [05/03/2015 07:10:10]
AdwCleaner[S0].txt - [341 bytes] - [04/03/2015 23:23:03]
AdwCleaner[S1].txt - [3372 bytes] - [05/03/2015 07:31:39]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3431  bytes] ##########
 

 

============================

Junkware log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows Vista ™ Home Premium x86
Ran by Matt on Thu 03/05/2015 at 19:58:25.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{C283A3D3-72B0-4046-9BAD-AA9C7EDDC8A1}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}
 
 
 
~~~ Files
 
Successfully deleted: [File] C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Matt\AppData\Roaming\pdfforge"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/05/2015 at 20:07:56.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

============================

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by Matt at 2015-03-05 21:30:19 Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available profiles: Matt & Mcx1)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
R3 PCDSRVC{E9D79540-57D5953E-06020101}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [X]
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{9766F98A-C716-4831-D076-953D8F7554BB}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{C54F84CD-8315-F21A-B0A2-E88AEA4F4B88}\InprocServer32 -> No File Path
AlternateDataStreams: C:\ProgramData\TEMP:5D432CE3
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\.exe: => <===== ATTENTION!
HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\exefile: <===== ATTENTION!
*****************
 
C:\Program Files\Dell\DellDock\DellDock.exe not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
HKCR\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found. 
PCDSRVC{E9D79540-57D5953E-06020101}_0 => Service deleted successfully.
C:\Users\Public\dcmsvcsetup.exe => Moved successfully.
C:\Users\Public\invokesi.exe => Moved successfully.
"HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{9766F98A-C716-4831-D076-953D8F7554BB}" => Key deleted successfully.
"HKU\S-1-5-21-624428171-3458498054-232214327-1000_Classes\CLSID\{C54F84CD-8315-F21A-B0A2-E88AEA4F4B88}" => Key deleted successfully.
C:\ProgramData\TEMP => ":5D432CE3" ADS removed successfully.
"HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\.exe" => Key deleted successfully.
"HKU\S-1-5-21-624428171-3458498054-232214327-1000\Software\Classes\exefile" => Key deleted successfully.
 
==== End of Fixlog 21:30:52 ====

 

============================

System Summary Information

 

Attached

 

============================

Update on computer performance

 

Machine is still slow to load programs, especially my browsers. Text is still jagged and urls still hit or miss -- most noticeably in IE (still can't access yahoo.com or onecallnow.com

 

 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 PM

Posted 05 March 2015 - 09:51 PM

Thanks for getting through all of that. Please do this.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log
  • Any change?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 06 March 2015 - 07:42 AM

ComboFix log

 

ComboFix 15-03-01.01 - Matt 03/05/2015  22:17:42.1.2 - x86
Running from: c:\users\Matt\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Matt\AppData\Roaming\inst.exe
c:\users\Matt\AppData\Roaming\rbap500.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\regobj.dll
K:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-06 to 2015-03-06  )))))))))))))))))))))))))))))))
.
.
2015-03-06 03:40 . 2015-03-06 03:40 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2015-03-06 03:40 . 2015-03-06 03:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-05 04:16 . 2015-03-06 02:29 -------- d-----w- C:\AdwCleaner
2015-02-28 05:01 . 2015-02-28 05:19 -------- d-----w- c:\users\Matt\AppData\Roaming\avidemux
2015-02-28 04:58 . 2015-02-28 04:58 -------- d-----w- c:\users\Matt\AppData\Local\My_MP4Box_GUI
2015-02-28 04:48 . 2015-02-28 05:23 -------- d-----w- c:\programdata\WinZip
2015-02-28 04:09 . 2015-02-28 04:56 -------- d-----w- c:\users\Matt\AppData\Roaming\GPAC
2015-02-26 02:43 . 2015-03-06 02:30 -------- d-----w- C:\FRST
2015-02-24 04:01 . 2015-02-25 03:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-02-24 04:01 . 2015-02-24 04:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2015-02-22 14:40 . 2015-02-22 14:40 -------- d-----w- c:\program files\NirSoft
2015-02-20 23:21 . 2015-02-20 23:21 -------- d-----w- c:\program files\CCleaner
2015-02-20 03:38 . 2015-02-25 02:31 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-20 03:38 . 2015-02-20 03:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-20 03:38 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-20 03:38 . 2014-11-21 11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-20 02:28 . 2015-02-20 02:28 217568 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-02-13 06:03 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 01:36 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 01:36 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 01:35 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 01:35 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-12 01:34 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 11:05 . 2013-01-06 03:09 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 11:05 . 2013-01-06 03:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 15:47 . 2015-02-03 15:47 265184 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-01-23 14:40 . 2015-01-23 14:40 107488 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-01-16 16:15 . 2015-01-16 16:15 210400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-12-19 00:25 . 2015-01-15 01:19 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-20 3710416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Amazon Music"="c:\users\Matt\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"ApplePhotoStreams"=c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" /MONITOR
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Epson Stylus NX620(Network)"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGAA.EXE /FU "c:\windows\TEMP\E_S4C1.tmp" /EF "HKCU"
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ArcSoft MediaImpression Monitor"=c:\program files\Kodak\MediaImpression\ArcMonitor.exe
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" /TRAYONLY
"DT HPW"=c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe"
"HipServ Agent"=c:\program files\Verbatim\MediaShare Desktop Applications\HipServAgent\HipServAgent.exe
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RtHDVCpl"=RtHDVCpl.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-24 10:22 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 11:05]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-24 10:22]
.
2015-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-24 10:22]
.
2015-02-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
2015-03-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\idv7e6l1.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-4F6D5E84-5826-4394-9F40-3A9A19165651_is1 - c:\program files\PANDORA.TV\PanService\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-05 22:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-624428171-3458498054-232214327-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2A78900-F792-BB43-37E5-40103388464E}*]
@Allowed: (Read) (RestrictedCode)
"pahkjeabhljplibiliadohhelkhgbfnp"=hex:62,61,68,65,00,f8
"cbhkjeabhljpnhbgokicbncijaefhbhangleid"=hex:62,61,68,65,00,f8
"bbhkjeabhljpnhbgokichieknmmnnicglgkk"=hex:62,61,68,65,00,f8
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A3\5&9fcac07&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A3\5&9fcac07&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2015-03-05  22:44:44
ComboFix-quarantined-files.txt  2015-03-06 03:44
.
Pre-Run: 267,726,188,544 bytes free
Post-Run: 267,642,744,832 bytes free
.
- - End Of File - - 7DADBA110F1CC8D2FCDBDC0ADE21226D
5C616939100B85E558DA92B899A0FC36
 
=================================
 
Change Report
 
Browsers are loading faster and machine seems more responsive, however I still can't access certain websites ( same as above ). Also, I'm now getting a message "You are about to view pages over a secure connection" [when loading Google.com or trying to load Yahoo.com]. I'm also getting some screen flashing while the message pop-ups are stationary on the screen - similar to as-if something is trying to run/is running in the background.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 PM

Posted 06 March 2015 - 12:30 PM

Thank you for the information and update. Please do this.

===================================================

Running Combofix Script

-------------------
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text below into the Notepad document
RegNull::
[HKEY_USERS\S-1-5-21-624428171-3458498054-232214327-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E2A78900-F792-BB43-37E5-40103388464E}*]
  • Save this on your desktop as CFScript.txt

CFScriptB-4.gif

  • Referring to the picture above, drag CFScript.txt into ComboFix.exe
  • When finished, it will create a log for you at C:\ComboFix.txt. Please copy/paste the information in your next reply.
===================================================

Run TDSSKiller by Kaspersky

--------------------
  • Please download Kaspersky's TDSSKiller and save it to your Desktop. <-Important!!!
  • Right-click on TDSSKiller.exe and select Run As Administrator.
  • When the program opens, click the Start Scan button.

tdss1.png

  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • Any objects found will show in the Scan results - Select action for found objects and offer three options.
  • If an infected file is detected, the default action will be Cure...do not change it.

tdss2.png

  • Click Continue > Reboot now to finish the cleaning process.<- Important!!

tdss4.png

  • If 'Suspicious' objects are detected, you will be given the option to Skip or Quarantine. Skip will be the default selection. Leave it as such for now.
  • A log file named TDSSKiller_version_date_time_log.txt will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply even if no threats are found.
-- If TDSSKiller does not run, try renaming it. To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to these instructions. In some cases it may be necessary to redownload TDSSKiller and randomly rename it before downloading and saving to the computer or to perform the scan in "safe mode".

===================================================

aswMBR

--------------------
  • Download aswMBR and save it to your desktop.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it. Please allow when you are asked to download AVAST antivirus engine defs.
  • Wait until the AV update is done, then click on the Scan button to start. The program will launch a scan.

aswMBR1.png

  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.

aswMBR2.png

  • Please post the contents of the log in your next reply.
NOTE: aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CF log
  • TDSSKiller report
  • aswMBR report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 10 March 2015 - 06:30 AM

Below are the log/reports you requested.

 

 

 

 

CF log

 

ComboFix 15-03-09.01 - Matt 03/09/2015  21:20:12.2.2 - x86
Running from: c:\users\Matt\Desktop\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFScript.txt
.
.
(((((((((((((((((((((((((   Files Created from 2015-02-10 to 2015-03-10  )))))))))))))))))))))))))))))))
.
.
2015-03-10 01:57 . 2015-03-10 01:57 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2015-03-10 01:57 . 2015-03-10 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-09 02:16 . 2015-03-09 02:16 -------- d-----w- c:\windows\system32\syncdb
2015-03-06 19:01 . 2015-03-06 19:01 -------- d-----w- c:\users\Matt\AppData\Roaming\PCDr
2015-03-06 19:00 . 2015-03-06 19:00 -------- d-----w- c:\programdata\PCDr
2015-03-05 04:16 . 2015-03-06 02:29 -------- d-----w- C:\AdwCleaner
2015-02-28 05:01 . 2015-02-28 05:19 -------- d-----w- c:\users\Matt\AppData\Roaming\avidemux
2015-02-28 04:58 . 2015-02-28 04:58 -------- d-----w- c:\users\Matt\AppData\Local\My_MP4Box_GUI
2015-02-28 04:48 . 2015-02-28 05:23 -------- d-----w- c:\programdata\WinZip
2015-02-28 04:09 . 2015-02-28 04:56 -------- d-----w- c:\users\Matt\AppData\Roaming\GPAC
2015-02-26 02:43 . 2015-03-06 02:30 -------- d-----w- C:\FRST
2015-02-24 04:01 . 2015-02-25 03:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2015-02-24 04:01 . 2015-02-24 04:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2015-02-22 14:40 . 2015-02-22 14:40 -------- d-----w- c:\program files\NirSoft
2015-02-20 23:21 . 2015-02-20 23:21 -------- d-----w- c:\program files\CCleaner
2015-02-20 03:38 . 2015-02-25 02:31 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-20 03:38 . 2015-02-20 03:38 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2015-02-20 03:38 . 2014-11-21 11:14 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-02-20 03:38 . 2014-11-21 11:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-20 02:28 . 2015-02-20 02:28 217568 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2015-02-13 06:03 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-12 01:36 . 2014-11-26 02:05 564224 ----a-w- c:\windows\system32\oleaut32.dll
2015-02-12 01:36 . 2015-01-09 00:20 2063360 ----a-w- c:\windows\system32\win32k.sys
2015-02-12 01:35 . 2015-01-13 01:39 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-12 01:35 . 2015-01-15 04:13 440760 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-02-12 01:34 . 2014-12-08 01:59 306176 ----a-w- c:\windows\system32\scesrv.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-05 11:05 . 2013-01-06 03:09 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-02-05 11:05 . 2013-01-06 03:09 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-03 15:47 . 2015-02-03 15:47 265184 ----a-w- c:\windows\system32\drivers\avglogx.sys
2015-01-23 14:40 . 2015-01-23 14:40 107488 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2015-01-16 16:15 . 2015-01-16 16:15 210400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-12-19 00:25 . 2015-01-15 01:19 115200 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" [2015-02-20 3710416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Amazon Music"="c:\users\Matt\AppData\Local\Amazon Music\Amazon Music Helper.exe"
"ApplePhotoStreams"=c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" /MONITOR
"ehTray.exe"=c:\windows\ehome\ehTray.exe
"Epson Stylus NX620(Network)"=c:\windows\system32\spool\DRIVERS\W32X86\3\E_FATIGAA.EXE /FU "c:\windows\TEMP\E_S4C1.tmp" /EF "HKCU"
"Plex Media Server"="c:\program files\Plex\Plex Media Server\Plex Media Server.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AdAwareTray"="c:\program files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.5.202.7299\AdAwareTray.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"ArcSoft MediaImpression Monitor"=c:\program files\Kodak\MediaImpression\ArcMonitor.exe
"AVG_UI"="c:\program files\AVG\AVG2015\avgui.exe" /TRAYONLY
"DT HPW"=c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe"
"HipServ Agent"=c:\program files\Verbatim\MediaShare Desktop Applications\HipServAgent\HipServAgent.exe
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"RtHDVCpl"=RtHDVCpl.exe
"Windows Defender"=%ProgramFiles%\Windows Defender\MSASCui.exe -hide
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 17:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-24 10:22 1084744 ----a-w- c:\program files\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-03-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-06 11:05]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-24 10:22]
.
2015-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2015-02-24 10:22]
.
2015-02-12 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
2015-03-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-08-24 17:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: intuit.com\accounts
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\idv7e6l1.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-03-09 21:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
 [0] 0x550202C9
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A3\5&9fcac07&0&UID268435458\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\DISPLAY\HWP26A3\5&9fcac07&0&UID268435458\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Completion time: 2015-03-09  22:00:42
ComboFix-quarantined-files.txt  2015-03-10 02:00
ComboFix2.txt  2015-03-06 03:44
.
Pre-Run: 278,226,067,456 bytes free
Post-Run: 277,120,630,784 bytes free
.
- - End Of File - - 27629E79665FE5AE7C136836ADA6B75C
5C616939100B85E558DA92B899A0FC36
 
 
===========================
TDSSKiller report
 
22:26:04.0069 0x1790  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
22:26:11.0384 0x1790  ============================================================
22:26:11.0384 0x1790  Current date / time: 2015/03/09 22:26:11.0384
22:26:11.0384 0x1790  SystemInfo:
22:26:11.0384 0x1790  
22:26:11.0384 0x1790  OS Version: 6.0.6002 ServicePack: 2.0
22:26:11.0384 0x1790  Product type: Workstation
22:26:11.0384 0x1790  ComputerName: GRAYGHOST
22:26:11.0384 0x1790  UserName: Matt
22:26:11.0384 0x1790  Windows directory: C:\Windows
22:26:11.0384 0x1790  System windows directory: C:\Windows
22:26:11.0384 0x1790  Processor architecture: Intel x86
22:26:11.0384 0x1790  Number of processors: 2
22:26:11.0384 0x1790  Page size: 0x1000
22:26:11.0384 0x1790  Boot type: Normal boot
22:26:11.0384 0x1790  ============================================================
22:26:13.0594 0x1790  KLMD registered as C:\Windows\system32\drivers\78881482.sys
22:26:13.0665 0x1790  System UUID: {E5818272-826A-5838-4429-603DDBE60799}
22:26:14.0040 0x1790  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:26:14.0048 0x1790  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:26:14.0050 0x1790  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:26:19.0387 0x1790  ============================================================
22:26:19.0387 0x1790  \Device\Harddisk0\DR0:
22:26:19.0404 0x1790  MBR partitions:
22:26:19.0404 0x1790  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F800, BlocksNum 0x1E00000
22:26:19.0404 0x1790  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E1F800, BlocksNum 0x38566000
22:26:19.0404 0x1790  \Device\Harddisk1\DR1:
22:26:19.0404 0x1790  MBR partitions:
22:26:19.0404 0x1790  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:26:19.0404 0x1790  \Device\Harddisk2\DR2:
22:26:19.0405 0x1790  MBR partitions:
22:26:19.0405 0x1790  \Device\Harddisk2\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02
22:26:19.0405 0x1790  ============================================================
22:26:19.0427 0x1790  C: <-> \Device\Harddisk0\DR0\Partition2
22:26:19.0459 0x1790  D: <-> \Device\Harddisk0\DR0\Partition1
22:26:19.0460 0x1790  K: <-> \Device\Harddisk2\DR2\Partition1
22:26:19.0484 0x1790  E: <-> \Device\Harddisk1\DR1\Partition1
22:26:19.0484 0x1790  ============================================================
22:26:19.0484 0x1790  Initialize success
22:26:19.0484 0x1790  ============================================================
22:27:23.0318 0x1f1c  ============================================================
22:27:23.0318 0x1f1c  Scan started
22:27:23.0318 0x1f1c  Mode: Manual; 
22:27:23.0318 0x1f1c  ============================================================
22:27:23.0318 0x1f1c  KSN ping started
22:27:25.0697 0x1f1c  KSN ping finished: true
22:27:26.0778 0x1f1c  ================ Scan system memory ========================
22:27:26.0778 0x1f1c  System memory - ok
22:27:26.0778 0x1f1c  ================ Scan services =============================
22:27:26.0858 0x1f1c  [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:27:26.0860 0x1f1c  ACDaemon - ok
22:27:27.0007 0x1f1c  [ 82B296AE1892FE3DBEE00C9CF92F8AC7, 54B22BA63E1DA616B546992141B0C3117BA057283B8F60CB9BECE203661FEBF3 ] ACPI            C:\Windows\system32\drivers\acpi.sys
22:27:27.0011 0x1f1c  ACPI - ok
22:27:27.0111 0x1f1c  [ 4C72FDD915D62EAEF149BD9C73AB9CF4, 8EA45A1B88DFD819F0ADA3AF36D464E1BF52574269592370E0CC8D0490680E1F ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
22:27:27.0113 0x1f1c  AdobeARMservice - ok
22:27:27.0193 0x1f1c  [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:27:27.0199 0x1f1c  AdobeFlashPlayerUpdateSvc - ok
22:27:27.0227 0x1f1c  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303, FBBDD38574A1F66A5AA12B82E34FDE60B870180C4B7100C15757539DC869ED4B ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
22:27:27.0235 0x1f1c  adp94xx - ok
22:27:27.0256 0x1f1c  [ 60505E0041F7751BDBB80F88BF45C2CE, 1DE16042B8ABD7B643189E836DE273832EE743FD66AFBB641E8049C4E0CD04D8 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
22:27:27.0262 0x1f1c  adpahci - ok
22:27:27.0278 0x1f1c  [ 8A42779B02AEC986EAB64ECFC98F8BD7, B89938EFF4E81FA44197D2D839EBD3340DDE01FBC79605049C088621784C1B91 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
22:27:27.0280 0x1f1c  adpu160m - ok
22:27:27.0298 0x1f1c  [ 241C9E37F8CE45EF51C3DE27515CA4E5, 1A03E93DD8C1F3640C96124A14A3D0F4E349B06CCA2118CE40B8AE201A4030A7 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
22:27:27.0301 0x1f1c  adpu320 - ok
22:27:27.0343 0x1f1c  [ 9D1FDA9E086BA64E3C93C9DE32461BCF, 200FD0BFC811EC8993AF9FC78F58823ECC717063F438B627FBCDD6BD7790CAA8 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
22:27:27.0345 0x1f1c  AeLookupSvc - ok
22:27:27.0363 0x1f1c  [ B6D7239E7AF6D1B64C790A28067DC6E5, 009E1AB8365D49843D98219CD947091CE0F98D6B5F65B098C2F2AE12DEF33631 ] AERTFilters     C:\Windows\system32\AERTSrv.exe
22:27:27.0366 0x1f1c  AERTFilters - ok
22:27:27.0403 0x1f1c  [ FE3EA6E9AFC1A78E6EDCA121E006AFB7, B596ABBAC058D93C505C9DBF8685049C88E4364195A4092DB580D2D44FA8C23C ] Afc             C:\Windows\system32\drivers\Afc.sys
22:27:27.0404 0x1f1c  Afc - ok
22:27:27.0439 0x1f1c  [ F5272A105F59A7B3B345D9D6D87DA7AD, 9E84776994D04240BF2537330DBB555EDE16DFCFC59DEDCBA05A44ED7F70BEFA ] AFD             C:\Windows\system32\drivers\afd.sys
22:27:27.0443 0x1f1c  AFD - ok
22:27:27.0454 0x1f1c  [ 13F9E33747E6B41A3FF305C37DB0D360, 066DD6060B1CF93F85BBAAA52848C801128CD294E8B7EACD912E0EF219DBFBC2 ] agp440          C:\Windows\system32\drivers\agp440.sys
22:27:27.0456 0x1f1c  agp440 - ok
22:27:27.0470 0x1f1c  [ AE1FDF7BF7BB6C6A70F67699D880592A, B831BF156FC49287A19FC149383D437B1034EA6F42CE9D761EB90ABD0F8D96B1 ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
22:27:27.0471 0x1f1c  aic78xx - ok
22:27:27.0484 0x1f1c  [ A1545B731579895D8CC44FC0481C1192, 6B0EE833BA39C142D625A03586CCD8F6C9C3136C603CE5DF5BAC1AA3423E3E7F ] ALG             C:\Windows\System32\alg.exe
22:27:27.0486 0x1f1c  ALG - ok
22:27:27.0493 0x1f1c  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91, 0EADB6AE21FEDAB55D41F41B638198B556CC2BE2EE57F6C8B40EB044A318319F ] aliide          C:\Windows\system32\drivers\aliide.sys
22:27:27.0494 0x1f1c  aliide - ok
22:27:27.0506 0x1f1c  [ C47344BC706E5F0B9DCE369516661578, 689C9CDAF6F38227F1C34359CAEB3C7798F318EDFD4B7FE532FBE3C8E4EE3DC8 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
22:27:27.0507 0x1f1c  amdagp - ok
22:27:27.0518 0x1f1c  [ 9B78A39A4C173FDBC1321E0DD659B34C, 2CA66EB68AD7A317D91C13B8CFD4E8CA985926A610D19595B613F5553B145C7B ] amdide          C:\Windows\system32\drivers\amdide.sys
22:27:27.0518 0x1f1c  amdide - ok
22:27:27.0534 0x1f1c  [ 18F29B49AD23ECEE3D2A826C725C8D48, 0FA08882301D218E367E63E1966B6406220EE94BAE7E7DAD6E55EB70BF6FED7F ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
22:27:27.0535 0x1f1c  AmdK7 - ok
22:27:27.0551 0x1f1c  [ 93AE7F7DD54AB986A6F1A1B37BE7442D, ECE0ABA2DECEED94AC678240A4B604F04022F0740F2295CBD07D25F5917E878A ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
22:27:27.0552 0x1f1c  AmdK8 - ok
22:27:27.0582 0x1f1c  [ 8F7D200717A58E9800D391F4C2101577, F07CF0F5636F46D8F3D5133284943E991E8739E5A644BCA5F18BB896B374620D ] Appinfo         C:\Windows\System32\appinfo.dll
22:27:27.0584 0x1f1c  Appinfo - ok
22:27:27.0630 0x1f1c  [ 5D2888182FB46632511ACEE92FDAD522, 2E53231ACAF9B2FB7993DBC1CD15C06D7B0CCE0D08DAFF7B0CC13A2040028A75 ] arc             C:\Windows\system32\drivers\arc.sys
22:27:27.0632 0x1f1c  arc - ok
22:27:27.0649 0x1f1c  [ 5E2A321BD7C8B3624E41FDEC3E244945, 9D47FF6C823868F2267FEFAB5851D3CD2BC3F619A2D6EFF803EA22DB0509C450 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
22:27:27.0651 0x1f1c  arcsas - ok
22:27:27.0744 0x1f1c  [ 537B2948976F5D9B5767B74A63EBB395, 1A14F8B582E74AD15B612EDA5B707AA3CB0B2A107ED14572B4232EAA7383B634 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
22:27:27.0746 0x1f1c  aspnet_state - ok
22:27:27.0762 0x1f1c  [ 53B202ABEE6455406254444303E87BE1, 4C91CA8DD345FEDD74A6AF2C07580717703F979B7DE2532B1D00B9F6896DDE70 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
22:27:27.0763 0x1f1c  AsyncMac - ok
22:27:27.0808 0x1f1c  [ 1F05B78AB91C9075565A9D8A4B880BC4, 737BE9F9376DAB0CCDFED93EA6D67F0C432367EA63CD772A453485BE769AF3BD ] atapi           C:\Windows\system32\drivers\atapi.sys
22:27:27.0808 0x1f1c  atapi - ok
22:27:27.0863 0x1f1c  [ 70E73698EC286FDD824DE9CF2B1CB095, 0076AFE63113B79F8105D490DEFF38888A9A21792824CCD3FCD8D9DE517A7173 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
22:27:27.0876 0x1f1c  Ati External Event Utility - ok
22:27:28.0029 0x1f1c  [ AE375717A1AC652C24939D5D67150F89, 23EC7D9F5E89D969364C486DA18B90B0D058A0E59A6143F7FFC19B2201E56CBF ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:28.0106 0x1f1c  atikmdag - ok
22:27:28.0157 0x1f1c  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:27:28.0164 0x1f1c  AudioEndpointBuilder - ok
22:27:28.0173 0x1f1c  [ 8E98A99187FF17FC1D48E6FAFFD870BE, 7C935191A0A2BA95CA9A9E450F7C8802E6184F73BC297E91908B59F34C22AB06 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
22:27:28.0179 0x1f1c  Audiosrv - ok
22:27:28.0224 0x1f1c  [ CB2C2B24BD7E64CFB2B24D401FF5BBC0, F48ABD9F5BF91BF5F25E6D5EE02647F7DD8E1C1A11FEEE2C1C1B3BD34E3D0F85 ] Avgdiskx        C:\Windows\system32\DRIVERS\avgdiskx.sys
22:27:28.0227 0x1f1c  Avgdiskx - ok
22:27:28.0368 0x1f1c  [ E077D9DBE0B2B05D4E83C33F0B6008B5, 8CFCF58A9355678C59FDEA508274666F52BC3D975DD0E76DE6A02B5B1723DC7E ] AVGIDSAgent     C:\Program Files\AVG\AVG2015\avgidsagent.exe
22:27:28.0421 0x1f1c  AVGIDSAgent - ok
22:27:28.0453 0x1f1c  [ D4899370855466D65A5565544BB3BC05, C382E995B01DD8BC83D4F3A46C68D117E2CA83FB21E1076762C21EF9C56BD54A ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
22:27:28.0457 0x1f1c  AVGIDSDriver - ok
22:27:28.0479 0x1f1c  [ D1663A0114691080C624D857A8343D5B, 8E7029A8FE7A62F4BED7687C54699D0709876D05D93CAA499B4BC69BF8C59091 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
22:27:28.0482 0x1f1c  AVGIDSHX - ok
22:27:28.0499 0x1f1c  [ 2429F7F025F63532B6B264D97E4ECA49, EDE2C88B3B4B2A3AC59A3AB0B2FEC1D2CC75AA8AFFF0F5011D07AB4F053390D9 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
22:27:28.0500 0x1f1c  AVGIDSShim - ok
22:27:28.0521 0x1f1c  [ 9AFD535116E986D49877B811F3665E8E, 6843415ED638BB26A17BE9AB7A49D36070A588088256D4D0D1B4789FBDA6730B ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
22:27:28.0525 0x1f1c  Avgldx86 - ok
22:27:28.0578 0x1f1c  [ B97A84EE582A0241E6E08AD07DFE2F74, C3362B9261B4DA099AFC544A2C7F2B3659AE0BDA5DC9DCBD5E383464F9F56A4D ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
22:27:28.0583 0x1f1c  Avglogx - ok
22:27:28.0621 0x1f1c  [ 6767ED65A45A1BB8A413C3C65441F1D8, 0DF45133B42D2ECD9C4D3921099258861CA10C3B92D31E0B7BEE2FF90A171D3D ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
22:27:28.0623 0x1f1c  Avgmfx86 - ok
22:27:28.0655 0x1f1c  [ F016B95273E0B1961F204F7FD2FFD811, 9F89323177B68DEDE6B1F09790E6A978376B4FCBDC029283B297A3C4D9B242FF ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
22:27:28.0656 0x1f1c  Avgrkx86 - ok
22:27:28.0672 0x1f1c  [ 6BF507CCF2F30A68C36E028A15450D87, 1AAA78520219E3936971C45774CE261A5C4B20CF6CFE60CE8140074612D78D69 ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
22:27:28.0677 0x1f1c  Avgtdix - ok
22:27:28.0699 0x1f1c  [ 8BF64DFDA90D32F485381F9AE41016E4, 36E92DDCCA0AE4A1A5476BC2E13B36C66B0794221FD621F13CB95C1E9F8513AD ] avgwd           C:\Program Files\AVG\AVG2015\avgwdsvc.exe
22:27:28.0705 0x1f1c  avgwd - ok
22:27:28.0728 0x1f1c  [ 67E506B75BD5326A3EC7B70BD014DFB6, 3B07243970CAB4E93A858BEA6E31F56AD0157C42D624F3FEB469E68EEEF65669 ] Beep            C:\Windows\system32\drivers\Beep.sys
22:27:28.0730 0x1f1c  Beep - ok
22:27:28.0777 0x1f1c  [ C789AF0F724FDA5852FB9A7D3A432381, 4B0F7A3A8F2D45E49630D24F2630B8014BCDB793B9C6E83FD2B2863A54F62BF5 ] BFE             C:\Windows\System32\bfe.dll
22:27:28.0786 0x1f1c  BFE - ok
22:27:28.0861 0x1f1c  [ 93952506C6D67330367F7E7934B6A02F, 1D9A6B10B9489C1A32F730E22CC399BFF0796E3FCB3BA52BE45ED487CAC59EBD ] BITS            C:\Windows\system32\qmgr.dll
22:27:28.0883 0x1f1c  BITS - ok
22:27:28.0893 0x1f1c  [ D4DF28447741FD3D953526E33A617397, E7239BA432090F8AC7DF453DB876507CD4419ECA964D289408A1B2B353618693 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
22:27:28.0894 0x1f1c  blbdrive - ok
22:27:28.0932 0x1f1c  [ 35F376253F687BDE63976CCB3F2108CA, C5EF6301D7BC067050038DB75D961681D1CBE418285AD60167C1334B0B54DFE9 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
22:27:28.0935 0x1f1c  bowser - ok
22:27:28.0947 0x1f1c  [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
22:27:28.0948 0x1f1c  BrFiltLo - ok
22:27:28.0962 0x1f1c  [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
22:27:28.0962 0x1f1c  BrFiltUp - ok
22:27:28.0992 0x1f1c  [ A3629A0C4226F9E9C72FAAEEBC3AD33C, FB4D2738B64AADA52B95A6CF7ED4CDBFE4DD4BEBCAF1AE9CE64317F97DB38DDF ] Browser         C:\Windows\System32\browser.dll
22:27:28.0996 0x1f1c  Browser - ok
22:27:29.0007 0x1f1c  [ B304E75CFF293029EDDF094246747113, CB6B219B186C3511A0DE3CDE7F7B8966A9E32D808A952CA8C5B42B3A3A17BFB0 ] Brserid         C:\Windows\system32\drivers\brserid.sys
22:27:29.0009 0x1f1c  Brserid - ok
22:27:29.0019 0x1f1c  [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
22:27:29.0021 0x1f1c  BrSerWdm - ok
22:27:29.0036 0x1f1c  [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
22:27:29.0037 0x1f1c  BrUsbMdm - ok
22:27:29.0053 0x1f1c  [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
22:27:29.0053 0x1f1c  BrUsbSer - ok
22:27:29.0068 0x1f1c  [ AD07C1EC6665B8B35741AB91200C6B68, DCE1305A30D6713222A01C1F1D03ED0ADABE23C742CE1E82BB142531B82A3FF7 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
22:27:29.0070 0x1f1c  BTHMODEM - ok
22:27:29.0139 0x1f1c  catchme - ok
22:27:29.0157 0x1f1c  [ 7ADD03E75BEB9E6DD102C3081D29840A, 0CA14A77CE990B5AA32C0725C22CA190ECBC73B75064DD959CABAD79B8846F1D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
22:27:29.0161 0x1f1c  cdfs - ok
22:27:29.0206 0x1f1c  [ 6B4BFFB9BECD728097024276430DB314, 4451EFEAD37B05C8A3CB610B6D72E73B55D3D1E1CC1B17405598C1EDAA93C2D5 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
22:27:29.0227 0x1f1c  cdrom - ok
22:27:29.0282 0x1f1c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] CertPropSvc     C:\Windows\System32\certprop.dll
22:27:29.0298 0x1f1c  CertPropSvc - ok
22:27:29.0315 0x1f1c  [ E5D4133F37219DBCFE102BC61072589D, 74C7F8C53D9C71CE3C8B33BC0331948571318402B0A8E1AC4552360504092A46 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
22:27:29.0317 0x1f1c  circlass - ok
22:27:29.0367 0x1f1c  [ D7659D3B5B92C31E84E53C1431F35132, 6BFE644AD9890A8CEEDCC4B97ADD564AD57202FBC5D21599469E0C4B31BB27C6 ] CLFS            C:\Windows\system32\CLFS.sys
22:27:29.0375 0x1f1c  CLFS - ok
22:27:29.0420 0x1f1c  [ 6B6943A0CA56B47D6FB2EE476890854F, 6DA779879487F4A187DF54B0362642643D7871AA8F7E30992D781F558C50F052 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:27:29.0425 0x1f1c  clr_optimization_v2.0.50727_32 - ok
22:27:29.0457 0x1f1c  [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:27:29.0462 0x1f1c  clr_optimization_v4.0.30319_32 - ok
22:27:29.0471 0x1f1c  [ 0CA25E686A4928484E9FDABD168AB629, C2CB2333CAB40CDF93219870E66700F957188C86A1B1A004BC4652953091E5C5 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
22:27:29.0473 0x1f1c  cmdide - ok
22:27:29.0487 0x1f1c  [ 6AFEF0B60FA25DE07C0968983EE4F60A, E4037EF9EDE57A1039AB814EBCE9A8B12C9A084E7FAC6296212ACF2394DD37B6 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
22:27:29.0489 0x1f1c  Compbatt - ok
22:27:29.0503 0x1f1c  COMSysApp - ok
22:27:29.0511 0x1f1c  [ 741E9DFF4F42D2D8477D0FC1DC0DF871, 06EA43D771E3455F943AB624CC00C2259FE5E561164908630755E933EF44A522 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
22:27:29.0513 0x1f1c  crcdisk - ok
22:27:29.0533 0x1f1c  [ 1F07BECDCA750766A96CDA811BA86410, F4E36F0003184BCB36D59B23AC903421AD8C0A1FD2D6315E06375235ABC9A0AD ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
22:27:29.0535 0x1f1c  Crusoe - ok
22:27:29.0595 0x1f1c  [ 684C130BBC6DB681BAD4920A4C944AA5, DDE434B206984808351C98500824A33E6740B4326C455066027F8D549D4C3B92 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
22:27:29.0600 0x1f1c  CryptSvc - ok
22:27:29.0659 0x1f1c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] DcomLaunch      C:\Windows\system32\rpcss.dll
22:27:29.0669 0x1f1c  DcomLaunch - ok
22:27:29.0716 0x1f1c  [ 622C41A07CA7E6DD91770F50D532CB6C, 2A9040949CB45F9970FDE930278F30D2F08E957290CB3D4DC4F2CA94F3D444D2 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
22:27:29.0719 0x1f1c  DfsC - ok
22:27:29.0786 0x1f1c  [ 2CC3DCFB533A1035B13DCAB6160AB38B, C88C91F662ADE248EEE3B568E70C2BC2D5075B7D9B7D3C63E83D011C5F7812B0 ] DFSR            C:\Windows\system32\DFSR.exe
22:27:29.0853 0x1f1c  DFSR - ok
22:27:29.0911 0x1f1c  [ 9028559C132146FB75EB7ACF384B086A, 35159D86706441ED94895B4629411B4445FCB4526AFD1F7036EE647931B7A94D ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
22:27:29.0916 0x1f1c  Dhcp - ok
22:27:29.0958 0x1f1c  [ 5D4AEFC3386920236A548271F8F1AF6A, 11B74D6800EC6F7AAEFB0B6A9F2E8376C7C3B8DB677F03AC3743CB004CA96B08 ] disk            C:\Windows\system32\drivers\disk.sys
22:27:29.0960 0x1f1c  disk - ok
22:27:30.0002 0x1f1c  [ 57D762F6F5974AF0DA2BE88A3349BAAA, D9E7DC8F9FB7837F88BBB95B52147AA80E688FB9762EEA99B8046D9C6AD48F3C ] Dnscache        C:\Windows\System32\dnsrslvr.dll
22:27:30.0006 0x1f1c  Dnscache - ok
22:27:30.0054 0x1f1c  [ 324FD74686B1EF5E7C19A8AF49E748F6, DC6EB4304555B60DD17E04D20DFE4E279718E4041A9310DE29E678834BB22C5B ] dot3svc         C:\Windows\System32\dot3svc.dll
22:27:30.0059 0x1f1c  dot3svc - ok
22:27:30.0088 0x1f1c  [ 4F59C172C094E1A1D46463A8DC061CBD, CE09A4ED1F8BA6242E152C384AFF5C3C95FBB8556DAE23765272F13BF158D8F9 ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
22:27:30.0091 0x1f1c  Dot4 - ok
22:27:30.0111 0x1f1c  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5, 69BB5B07D03FA9F28591012F2AA4A583D3F086644C136D63A56D1A827121CC19 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:27:30.0113 0x1f1c  Dot4Print - ok
22:27:30.0121 0x1f1c  [ C55004CA6B419B6695970DFE849B122F, 6E0C4A9E24DD09E9389E097AF63E7F5040A0658DDCEBBE963968B7118CFE9AB8 ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys
22:27:30.0123 0x1f1c  dot4usb - ok
22:27:30.0136 0x1f1c  [ A622E888F8AA2F6B49E9BC466F0E5DEF, 3DED7F22A29AD2F8C927DFA0FD87FDE5ED0BDCAC7260BD9F71D8EA34328C772A ] DPS             C:\Windows\system32\dps.dll
22:27:30.0141 0x1f1c  DPS - ok
22:27:30.0176 0x1f1c  [ 97FEF831AB90BEE128C9AF390E243F80, A7F4118603E2D5DDDB117EF7C058684EA5B37690EFAB2BEBA570EEF9C36281BE ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
22:27:30.0178 0x1f1c  drmkaud - ok
22:27:30.0221 0x1f1c  [ 91C3F37B5250007C784C88B8F3A72BE9, 8E877007BA154288692F5E74EFFCC59AECD863841E983A2E26289627E225EEF1 ] DroidCam        C:\Windows\system32\drivers\droidcam.sys
22:27:30.0222 0x1f1c  DroidCam - ok
22:27:30.0249 0x1f1c  [ 48E5BDCAB5BA2392CF83886D1782AFA1, 387519E8886520B1DB87F899A8CF0189715DC15F56CD4CB3DA72277DDEBEC918 ] DTSRVC          C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
22:27:30.0250 0x1f1c  DTSRVC - ok
22:27:30.0302 0x1f1c  [ 5C2C209CDEFBC51D83D66E8A53B2BE89, 7AE68672A6BEEF601017BE28AA0BF3673318EFE97AA08E70F58A9391C54DF71F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
22:27:30.0315 0x1f1c  DXGKrnl - ok
22:27:30.0340 0x1f1c  [ 908ED85B7806E8AF3AF5E9B74F7809D4, 9A763D247035578A946094D2C1CE8204E6EDFFD7237C7BF2058B5F4ECC0306E0 ] e1express       C:\Windows\system32\DRIVERS\e1e6032.sys
22:27:30.0343 0x1f1c  e1express - ok
22:27:30.0359 0x1f1c  [ 5425F74AC0C1DBD96A1E04F17D63F94C, AD133CEDCDEA75420C75A91BB4CF7152475D46ED7B7703E3BAE5F9946D610292 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
22:27:30.0361 0x1f1c  E1G60 - ok
22:27:30.0377 0x1f1c  [ C0B95E40D85CD807D614E264248A45B9, 30421DAF1722A225222268CB8BA4FE60CB76C6FD0C9157B0F53FC1368F806A4E ] EapHost         C:\Windows\System32\eapsvc.dll
22:27:30.0380 0x1f1c  EapHost - ok
22:27:30.0421 0x1f1c  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371, F3E9CF5D8E9124CB06F08454C5F0E510DE19A92780151FB2F8A58A0905D59B8F ] Ecache          C:\Windows\system32\drivers\ecache.sys
22:27:30.0424 0x1f1c  Ecache - ok
22:27:30.0464 0x1f1c  [ 9BE3744D295A7701EB425332014F0797, 1A139EE9232581E466591C5EBEF41E4BF1F82D99C1959F1C68C879B240E9F46D ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
22:27:30.0471 0x1f1c  ehRecvr - ok
22:27:30.0486 0x1f1c  [ AD1870C8E5D6DD340C829E6074BF3C3F, 064D07106A1BBE80294F1913354832F2B67D22274BB4D36C81D2D83C96FE0B88 ] ehSched         C:\Windows\ehome\ehsched.exe
22:27:30.0491 0x1f1c  ehSched - ok
22:27:30.0505 0x1f1c  [ C27C4EE8926E74AA72EFCAB24C5242C3, F1EBF78CCE9BA76AFD0478BC66B67CA44DEAF3C380369BFCE91BD8F678C8608A ] ehstart         C:\Windows\ehome\ehstart.dll
22:27:30.0507 0x1f1c  ehstart - ok
22:27:30.0524 0x1f1c  [ 23B62471681A124889978F6295B3F4C6, A90C521F06125B86A26EA625B0E7F811AF7D328E1313165E7AD4A83596A23819 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
22:27:30.0530 0x1f1c  elxstor - ok
22:27:30.0585 0x1f1c  [ 4E6B23DFC917EA39306B529B773950F4, C4BA77632B4BD46C4C1797F7F57399DB506D3EB6E5A0A36C269A793DAA3445C2 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
22:27:30.0598 0x1f1c  EMDMgmt - ok
22:27:30.0697 0x1f1c  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
22:27:30.0699 0x1f1c  EpsonBidirectionalService - ok
22:27:30.0714 0x1f1c  [ 3DB974F3935483555D7148663F726C61, C288CFC04213B0340ABEC752C0A7B308B29122B5F51E68387BA1D9E9D7166FDD ] ErrDev          C:\Windows\system32\drivers\errdev.sys
22:27:30.0714 0x1f1c  ErrDev - ok
22:27:30.0775 0x1f1c  [ 67058C46504BC12D821F38CF99B7B28F, E8D19F305F78BCA1DA8425315F2C77A377CD51E3CC54323DC2FF355120EA097D ] EventSystem     C:\Windows\system32\es.dll
22:27:30.0785 0x1f1c  EventSystem - ok
22:27:30.0823 0x1f1c  [ 22B408651F9123527BCEE54B4F6C5CAE, 31AF9649333A9496A9224001266D1B68CE2A31B9FB182A755D127FC5492AA6B2 ] exfat           C:\Windows\system32\drivers\exfat.sys
22:27:30.0826 0x1f1c  exfat - ok
22:27:30.0855 0x1f1c  [ 4E404505B3F62ECFBDBCBBCF0A72DBC5, 9F446ED06A31BFE52C4F1E8ACC400B8E3F47A3CC02FFC950DB861B2B3BA4C5B9 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
22:27:30.0858 0x1f1c  fastfat - ok
22:27:30.0873 0x1f1c  [ AFE1E8B9782A0DD7FB46BBD88E43F89A, B4CBE1DC3430F2F3485F49007C71293D5B86E9C405741EA00A67B00A38BE1F8D ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
22:27:30.0874 0x1f1c  fdc - ok
22:27:30.0893 0x1f1c  [ 6629B5F0E98151F4AFDD87567EA32BA3, 8CC02D5E0639CDF74B2F85DB56D6199E1858F1A58465ED1D8B25C968E986132C ] fdPHost         C:\Windows\system32\fdPHost.dll
22:27:30.0896 0x1f1c  fdPHost - ok
22:27:30.0904 0x1f1c  [ 89ED56DCE8E47AF40892778A5BD31FD2, 924360875796C3DDDDA8097FDF53F6846B227F7413766F00AEDD981EFD691BF9 ] FDResPub        C:\Windows\system32\fdrespub.dll
22:27:30.0907 0x1f1c  FDResPub - ok
22:27:30.0917 0x1f1c  [ A8C0139A884861E3AAE9CFE73B208A9F, 3B021D148A2989AAA46AE58E5FED8A2DCA25E9212C2FA7F922880EF5A077E49B ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
22:27:30.0921 0x1f1c  FileInfo - ok
22:27:30.0935 0x1f1c  [ 0AE429A696AECBC5970E3CF2C62635AE, 1ECC315C099D17835788B68F0DE00EC98DC5AEE8F329D739E0DB90A898F22244 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
22:27:30.0938 0x1f1c  Filetrace - ok
22:27:30.0948 0x1f1c  [ 85B7CF99D532820495D68D747FDA9EBD, 682D35D219D1AFBE51CF0AB03F2D3E15C940F5AF291C1A611A19F4D279143F3C ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
22:27:30.0949 0x1f1c  flpydisk - ok
22:27:30.0998 0x1f1c  [ 01334F9EA68E6877C4EF05D3EA8ABB05, 82F8AA6AD2B5077898773D4A5814819EAF0E872FFD95894E06FEDAB6EE92CF99 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
22:27:31.0002 0x1f1c  FltMgr - ok
22:27:31.0088 0x1f1c  [ 2AFA3A46986AE935DAECEBC7E66314CF, 747FAF9B7F8291B83EE44B91E5708395E749DC87BD42CC3BF2CD41209C298F4D ] FontCache       C:\Windows\system32\FntCache.dll
22:27:31.0107 0x1f1c  FontCache - ok
22:27:31.0129 0x1f1c  [ C7FBDD1ED42F82BFA35167A5C9803EA3, 372FF71070D5ECE17342466A690737A0622E93C98DBED8172C49B0854F0012B7 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:27:31.0131 0x1f1c  FontCache3.0.0.0 - ok
22:27:31.0167 0x1f1c  [ B972A66758577E0BFD1DE0F91AAA27B5, E934034F3F740A83D4E7ABCD2C581845AC2945B0BCCAACF65CC3F99A1DBDE455 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
22:27:31.0169 0x1f1c  Fs_Rec - ok
22:27:31.0186 0x1f1c  [ 34582A6E6573D54A07ECE5FE24A126B5, 5F45DC38F8015AD90616EAD3B57820CCD284938A96B2C4E1FF5FC7BDEE8A848D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
22:27:31.0188 0x1f1c  gagp30kx - ok
22:27:31.0223 0x1f1c  [ 483924F92E55A5F9423201EC635E2CED, FEDAC3616709F081A0FA48E2BF521CBCC35E11E523EBADDEACA7308AD14338B3 ] gfibto          C:\Windows\system32\drivers\gfibto.sys
22:27:31.0224 0x1f1c  gfibto - ok
22:27:31.0274 0x1f1c  [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist      C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
22:27:31.0275 0x1f1c  GoToAssist - ok
22:27:31.0394 0x1f1c  [ CD5D0AEEE35DFD4E986A5AA1500A6E66, DCED5126837292593F1C1B35DF18E3B631D6C0C6D0742B77C7B7742C55A7825F ] gpsvc           C:\Windows\System32\gpsvc.dll
22:27:31.0429 0x1f1c  gpsvc - ok
22:27:31.0551 0x1f1c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
22:27:31.0553 0x1f1c  gupdate - ok
22:27:31.0559 0x1f1c  [ E1B44A75947137F4143308D566889837, EC7E883E7AF38BF3AC0AC513CFDE0186038443E9ACC7AD616EE6BD0EC09AACB9 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
22:27:31.0561 0x1f1c  gupdatem - ok
22:27:31.0671 0x1f1c  [ 335F1796AB4AE621D34A7229D6EEFA95, C46C7A7656E6EB94B27ED7737DD3928C2EDE67E77B5FC6E9E119A56ACF1C53DA ] HauppaugeTVServer C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
22:27:31.0680 0x1f1c  HauppaugeTVServer - ok
22:27:31.0837 0x1f1c  [ 206A4EF7C882C3F9676139065D57245C, D12553D6DD94A51BDBECC7FA1375EB8949CFF68ABCB8ECE2B559D4B10C1933B9 ] HCW85BDA        C:\Windows\system32\drivers\HCW85BDA.sys
22:27:31.0864 0x1f1c  HCW85BDA - ok
22:27:31.0905 0x1f1c  [ DB6818C138411F1E0D56FB1F82DD0D04, BDD841016C8E62EB0B45DE83601B6AF506B77BA6167A8410DAB417E86A921738 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir3.sys
22:27:31.0906 0x1f1c  hcw85cir - ok
22:27:31.0973 0x1f1c  [ 3F90E001369A07243763BD5A523D8722, 25907F85787D879E75C3FE74C93567382AFB2D528BEEC61D71E3A6BE2D71DFBE ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:27:31.0978 0x1f1c  HdAudAddService - ok
22:27:32.0117 0x1f1c  [ 062452B7FFD68C8C042A6261FE8DFF4A, DD9873502456D3C058C6177AC223B28C71370E624FA0814C17EA3D93201F2B56 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
22:27:32.0127 0x1f1c  HDAudBus - ok
22:27:32.0184 0x1f1c  [ 1338520E78D90154ED6BE8F84DE5FCEB, 8531F1C5856983EBDA4C2B70162645ECE72FFFBA9FE7A28BCEDDF2169B7ECF9D ] HidBth          C:\Windows\system32\drivers\hidbth.sys
22:27:32.0185 0x1f1c  HidBth - ok
22:27:32.0263 0x1f1c  [ D8DF3722D5E961BAA1292AA2F12827E2, 799E194B36BA08D59500A2C45ADD2FB69C7698F3F7F837CC7CFB266D57830BD6 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
22:27:32.0289 0x1f1c  HidIr - ok
22:27:32.0334 0x1f1c  [ 84067081F3318162797385E11A8F0582, 11E32E3800CFCA37354388243F88D0239D622891BAC5483518A2BE5D1CA19015 ] hidserv         C:\Windows\System32\hidserv.dll
22:27:32.0337 0x1f1c  hidserv - ok
22:27:32.0378 0x1f1c  [ CCA4B519B17E23A00B826C55716809CC, 91AD0758A6185B0FBBE383BDB1B457FFB850477AFF8DE040DE9527A97D28EF62 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
22:27:32.0391 0x1f1c  HidUsb - ok
22:27:32.0418 0x1f1c  [ D8AD255B37DA92434C26E4876DB7D418, C901EADDD93FC90C8F29F4B6DE808F8E4F486C877FC0AA27DA4ACDE17E28899D ] hkmsvc          C:\Windows\system32\kmsvc.dll
22:27:32.0424 0x1f1c  hkmsvc - ok
22:27:32.0449 0x1f1c  [ 16EE7B23A009E00D835CDB79574A91A6, 964AFE7D2F7E48C7DE7FDAB48F57ADC4AD44A0B2A9A03071E0E8D334007E5572 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
22:27:32.0450 0x1f1c  HpCISSs - ok
22:27:32.0557 0x1f1c  [ F870AA3E254628EBEAFE754108D664DE, B0444E7D246AA1982094030ACB991690F6A7DD3FB07B1BB6A1BC0F3AA9718A70 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
22:27:32.0567 0x1f1c  HTTP - ok
22:27:32.0597 0x1f1c  [ C6B032D69650985468160FC9937CF5B4, 4D5A944C70037F35A9DBA4F49F174455FA80ED7EAEDAA143F0A2C0E05AE585D8 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
22:27:32.0599 0x1f1c  i2omp - ok
22:27:32.0627 0x1f1c  [ 22D56C8184586B7A1F6FA60BE5F5A2BD, D96A2962848C1F59B143BFEC22EC48BD1C5A75D0EBCFD7FB965E66B85FF7D8CA ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
22:27:32.0637 0x1f1c  i8042prt - ok
22:27:32.0671 0x1f1c  [ DB0CC620B27A928D968C1A1E9CD9CB87, 62F2FAF027C217A3A035759AF47D848AEFFA7A94C54B4C424B67459D464B8AA8 ] iaStor          C:\Windows\system32\drivers\iastor.sys
22:27:32.0679 0x1f1c  iaStor - ok
22:27:32.0711 0x1f1c  [ 54155EA1B0DF185878E0FC9EC3AC3A14, 344A0793499261D2E4FF2FCCC70501329485F8E299EBC68953D07BA86F0D4729 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
22:27:32.0717 0x1f1c  iaStorV - ok
22:27:32.0849 0x1f1c  [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:27:32.0856 0x1f1c  IDriverT - ok
22:27:33.0079 0x1f1c  [ DD386C45D2B5863740166783448A2E7A, 10B912BA70306644BE73A53AF4DCDFF63880C4C5860FF6DBA92B0914EB566718 ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:27:33.0157 0x1f1c  idsvc - ok
22:27:33.0210 0x1f1c  [ 2D077BF86E843F901D8DB709C95B49A5, 78FF558A881F307858F5C7C74A748B8B2562AF3CAC7EA8639945609001D790CE ] iirsp           C:\Windows\system32\drivers\iirsp.sys
22:27:33.0211 0x1f1c  iirsp - ok
22:27:33.0281 0x1f1c  [ 4687EE0C0DD2CE5F7AAA9C2E33C1DC78, FA8EBED2778D9F7560ADC1B563954EEF98AAE651C0553F2803372B37B122AEB3 ] IKEEXT          C:\Windows\System32\ikeext.dll
22:27:33.0297 0x1f1c  IKEEXT - ok
22:27:33.0376 0x1f1c  [ 32ABC54D0DDE1A8885C9439537DD3BAD, D3E35E189F1A5F70FC2F72F2AC00E2D925C54AD599B34743C945A99B16E632E8 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:27:33.0410 0x1f1c  IntcAzAudAddService - ok
22:27:33.0428 0x1f1c  [ 83AA759F3189E6370C30DE5DC5590718, 7406FE41EA8FB80052517318CB72E2641E92E579FAFAF5E8DDDFF0BF8DAE773A ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
22:27:33.0431 0x1f1c  intelide - ok
22:27:33.0441 0x1f1c  [ 224191001E78C89DFA78924C3EA595FF, E4EC9CAAEEEAEB30E13F4A8023AF687F29514667380DDFD638BBFFF1D5FC2563 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
22:27:33.0443 0x1f1c  intelppm - ok
22:27:33.0501 0x1f1c  [ 0895CDD7F1542FFCC5BBB560EC78BC16, 383D9FFE7FB313EA201DE877F3D48B5116FFA261EDEF5D0D0FE79F14E9682D25 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
22:27:33.0502 0x1f1c  IntuitUpdateServiceV4 - ok
22:27:33.0554 0x1f1c  [ 9AC218C6E6105477484C6FDBE7D409A4, FF30D09CD2A0F5BBEC309E953370F194B6F26BF4227E627B594AAA48B0F5D3C2 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
22:27:33.0559 0x1f1c  IPBusEnum - ok
22:27:33.0571 0x1f1c  [ 62C265C38769B864CB25B4BCF62DF6C3, CAF6BCE967104233E216464E4729B0275C3BD426D812F404AB0EE83A7F2063D8 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:27:33.0574 0x1f1c  IpFilterDriver - ok
22:27:33.0615 0x1f1c  [ 1998BD97F950680BB55F55A7244679C2, A4E8BB4C6B2AF4800BD5E0BA8725FD0927F8FB6751AEBF6DD16B59C414CCB9D8 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
22:27:33.0621 0x1f1c  iphlpsvc - ok
22:27:33.0636 0x1f1c  [ B25AAF203552B7B3491139D582B39AD1, EA9C38F512F40FF12975A6719E6FE4D7EA93A4B2497103E0FDA5A4CD6033C0A6 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
22:27:33.0637 0x1f1c  IPMIDRV - ok
22:27:33.0654 0x1f1c  [ 8793643A67B42CEC66490B2A0CF92D68, 8B1ED1314E4C6623824DD6B9C15A0F7F996F4D243BF0B305421251BE40850907 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
22:27:33.0658 0x1f1c  IPNAT - ok
22:27:33.0670 0x1f1c  [ 109C0DFB82C3632FBD11949B73AEEAC9, 73B01426100256B7110DF0B74483AF1B62FC209612EEC29A7BF6DC31A7FBEFB6 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
22:27:33.0672 0x1f1c  IRENUM - ok
22:27:33.0681 0x1f1c  [ 6C70698A3E5C4376C6AB5C7C17FB0614, 10FBCBA5A74AF5D136B152FD4D3DFA2A1F2CEBC3F979D5BA6DB98B3DCB2F7A07 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
22:27:33.0682 0x1f1c  isapnp - ok
22:27:33.0723 0x1f1c  [ 232FA340531D940AAC623B121A595034, 90C93F04D8A0094EEBD118F10223605B8169DA5F24C466F503CED5C014BD17B1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
22:27:33.0727 0x1f1c  iScsiPrt - ok
22:27:33.0743 0x1f1c  [ BCED60D16156E428F8DF8CF27B0DF150, 4934E9AB8A8A548548F0C63517F2BF4DE84B05E5C9C7C2AA6C1517B8F9C340D4 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
22:27:33.0745 0x1f1c  iteatapi - ok
22:27:33.0759 0x1f1c  [ 06FA654504A498C30ADCA8BEC4E87E7E, 651BC35A0A3D504573BBAB40DE81929BB18C9FC0CD7944FEAE0E99CD7658EA88 ] iteraid         C:\Windows\system32\drivers\iteraid.sys
22:27:33.0760 0x1f1c  iteraid - ok
22:27:33.0778 0x1f1c  [ 37605E0A8CF00CBBA538E753E4344C6E, B9A9FFDCE45B0830E277CF322C28ACB49372C16144B0F676B283BE5DAE9A7F30 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
22:27:33.0782 0x1f1c  kbdclass - ok
22:27:33.0845 0x1f1c  [ EDE59EC70E25C24581ADD1FBEC7325F7, 41B37778E9A12675FC0DF74606AAF18C652EB88513B3C4889C5C512E14587CEE ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
22:27:33.0858 0x1f1c  kbdhid - ok
22:27:33.0924 0x1f1c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] KeyIso          C:\Windows\system32\lsass.exe
22:27:33.0926 0x1f1c  KeyIso - ok
22:27:34.0026 0x1f1c  [ 5035EDF1F2E72F78BB1EC5BD9B97463F, 8AFAD580A96F002FFB22761B65D4B414917895C45B11B53089BB3E0331995EF7 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
22:27:34.0033 0x1f1c  KSecDD - ok
22:27:34.0102 0x1f1c  [ 8078F8F8F7A79E2E6B494523A828C585, BB399993166853F0C01B7508649ECD7E7473238267BA8333D0441128FE656347 ] KtmRm           C:\Windows\system32\msdtckrm.dll
22:27:34.0125 0x1f1c  KtmRm - ok
22:27:34.0173 0x1f1c  [ 1BF5EEBFD518DD7298434D8C862F825D, F41C79410345C40B346EB5EDEA397ECD29ECB9B921AC3E19F9453E52A7B9288A ] LanmanServer    C:\Windows\System32\srvsvc.dll
22:27:34.0188 0x1f1c  LanmanServer - ok
22:27:34.0233 0x1f1c  [ 1DB69705B695B987082C8BAEC0C6B34F, D395B272F6B69D4A9FC3CDEFD812EF0DBFECF3C1B1C787C7CC1E1A1B091B8DB3 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:27:34.0240 0x1f1c  LanmanWorkstation - ok
22:27:34.0317 0x1f1c  [ 83D8BE94E1CBCBE2EA8372DB1A95A159, 28D18C7B93EFB6C83023D39A54489DDE98DE578AFCC06DD0712D00DE7CD48968 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
22:27:34.0318 0x1f1c  LightScribeService - ok
22:27:34.0347 0x1f1c  [ D1C5883087A0C3F1344D9D55A44901F6, 608D67357AFDDD538D2C12C93EB0793ECA4EB3AF2BAB779E881C41F50E4AB911 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
22:27:34.0707 0x1f1c  lltdio - ok
22:27:34.0748 0x1f1c  [ 2D5A428872F1442631D0959A34ABFF63, E532C6ECFFB936EFF744CA57BDC6394C89E797B6B0822D04F1F3F35D9BDDD4F0 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
22:27:34.0754 0x1f1c  lltdsvc - ok
22:27:34.0768 0x1f1c  [ 35D40113E4A5B961B6CE5C5857702518, 453097AEF46ED48107395D9A1696AAC259FD6CEA8A655D38C5E246FDDAB81664 ] lmhosts         C:\Windows\System32\lmhsvc.dll
22:27:34.0771 0x1f1c  lmhosts - ok
22:27:34.0788 0x1f1c  [ C7E15E82879BF3235B559563D4185365, 98C9268ADF6BAEB0522BB84BE6C98D0D6D5EB4BD27BB61412D208232164C8435 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
22:27:34.0790 0x1f1c  LSI_FC - ok
22:27:34.0804 0x1f1c  [ EE01EBAE8C9BF0FA072E0FF68718920A, 655924440E611278998226299645BC72B3627A8A057286DC8D65A162CFBBE484 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
22:27:34.0807 0x1f1c  LSI_SAS - ok
22:27:34.0822 0x1f1c  [ 912A04696E9CA30146A62AFA1463DD5C, 1D336D47B9D1C8449F29CDB776C092235E3D70CE53D9440970533E376EB004D3 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
22:27:34.0824 0x1f1c  LSI_SCSI - ok
22:27:34.0839 0x1f1c  [ 8F5C7426567798E62A3B3614965D62CC, 659810257D942C5F4168E1247868CDA990F2324AC9ACAA9A6211F64B7AC9EC6E ] luafv           C:\Windows\system32\drivers\luafv.sys
22:27:34.0845 0x1f1c  luafv - ok
22:27:34.0860 0x1f1c  [ AEF9BABB8A506BC4CE0451A64AADED46, D5608A703EA7E97F11ED4D029B4B820440B0C9317DB7D7DC0152253CD723DC07 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
22:27:34.0864 0x1f1c  Mcx2Svc - ok
22:27:34.0873 0x1f1c  [ 0001CE609D66632FA17B84705F658879, D5F9758BDC2B733307B565A74B33F5581FB425A5A9F32CCFA307DA1569EBD6CD ] megasas         C:\Windows\system32\drivers\megasas.sys
22:27:34.0875 0x1f1c  megasas - ok
22:27:34.0908 0x1f1c  [ C252F32CD9A49DBFC25ECF26EBD51A99, 47EC8F475AB62A00FAF989CD2C3ABDF2922588F75CC15C83CD99A62EF6400FB0 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
22:27:34.0916 0x1f1c  MegaSR - ok
22:27:34.0932 0x1f1c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] MMCSS           C:\Windows\system32\mmcss.dll
22:27:34.0936 0x1f1c  MMCSS - ok
22:27:34.0943 0x1f1c  [ E13B5EA0F51BA5B1512EC671393D09BA, 5B380D1B435D809CA201FD5ED075D42F3C6BA1A4EEDBC4040F7E3329F05A334A ] Modem           C:\Windows\system32\drivers\modem.sys
22:27:34.0945 0x1f1c  Modem - ok
22:27:34.0973 0x1f1c  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8, 1E8031D51E074FDFB53E98E26DABF313B901C028D01196BFD402EED5D0A89595 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
22:27:34.0975 0x1f1c  monitor - ok
22:27:35.0016 0x1f1c  [ 5BF6A1326A335C5298477754A506D263, CC7F58E5955A448F6CE28D6D8EB98C7479E11F931B5C733CFE71A29B2E95923D ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
22:27:35.0031 0x1f1c  mouclass - ok
22:27:35.0045 0x1f1c  [ 93B8D4869E12CFBE663915502900876F, 7464DE60FAAD8793D855F1F86C3C865B3A3EE41C19A3E926D1BE4426E67F5EC2 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
22:27:35.0047 0x1f1c  mouhid - ok
22:27:35.0059 0x1f1c  [ BDAFC88AA6B92F7842416EA6A48E1600, 2CA8A7BB260016D6B7953980A94C45A3C5D41F7DC7E73EEFB1C18EA144749503 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
22:27:35.0063 0x1f1c  MountMgr - ok
22:27:35.0116 0x1f1c  [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:27:35.0118 0x1f1c  MozillaMaintenance - ok
22:27:35.0137 0x1f1c  [ 511D011289755DD9F9A7579FB0B064E6, 1FD0D0D5B6E08FE06F7A5D0821BCD859B0F98A6DEA58AAB7FB6C95B64212FFC8 ] mpio            C:\Windows\system32\drivers\mpio.sys
22:27:35.0139 0x1f1c  mpio - ok
22:27:35.0180 0x1f1c  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E, 62055C0DCEB69873B8961AB17DBD002F44319A44CB05EC3A61421A0C6D4736CD ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
22:27:35.0196 0x1f1c  mpsdrv - ok
22:27:35.0246 0x1f1c  [ 5DE62C6E9108F14F6794060A9BDECAEC, 655E6645CC4A1EDBE5F51F5F80C7B504DD956851E788A6E4E4E08CDCDCE160D9 ] MpsSvc          C:\Windows\system32\mpssvc.dll
22:27:35.0268 0x1f1c  MpsSvc - ok
22:27:35.0286 0x1f1c  [ 4FBBB70D30FD20EC51F80061703B001E, 72907A0CA5CFF82F40C02A65CD8EFD51D7CFC33BE67DE572D1ACF4FD3B248F0A ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
22:27:35.0287 0x1f1c  Mraid35x - ok
22:27:35.0460 0x1f1c  [ 9BD4DCB5412921864A7AACDEDFBD1923, 46DEE9B9414D26203B62F0D6CAEBF37A3CEFD118556129547B2C5FC7B6FDBA05 ] MREMP50         C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:27:35.0461 0x1f1c  MREMP50 - ok
22:27:35.0473 0x1f1c  [ 07C02C892E8E1A72D6BF35004F0E9C5E, 09ECD59AADF08E2AA0C1BAF5D3D7CBB0948153E531E1F82ECACD43F14F88106B ] MRESP50         C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:27:35.0475 0x1f1c  MRESP50 - ok
22:27:35.0546 0x1f1c  [ B0584CA7DEF55929FDB5169BD28B2484, AF6A7E404FEB29F7F3428D0AF6682195E5E8ED106996A04E6947DBD575696546 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
22:27:35.0552 0x1f1c  MRxDAV - ok
22:27:35.0597 0x1f1c  [ 1E94971C4B446AB2290DEB71D01CF0C2, 4701AA1B419AEF735CB2DA34532B0F1844433272C36D79F4EB55807E39B923D1 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
22:27:35.0601 0x1f1c  mrxsmb - ok
22:27:35.0649 0x1f1c  [ 4FCCB34D793B116423209C0F8B7A3B03, 7A483AEB691ADBE82779F12F0BB1CCCBFFD7E92902EC1ADC99AB7D129F887143 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:27:35.0653 0x1f1c  mrxsmb10 - ok
22:27:35.0665 0x1f1c  [ C3CB1B40AD4A0124D617A1199B0B9D7C, B975A39DE6D324C6274B6E3B883F36082A958F028335CEB3A37F44481EB284B3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:27:35.0669 0x1f1c  mrxsmb20 - ok
22:27:35.0694 0x1f1c  [ F70590424EEFBF5C27A40C67AFDB8383, 1F2AC1DA12F7E6F09D8F6622EF1366ABD4B86EBE51DD1915E803D56A568A3412 ] msahci          C:\Windows\system32\drivers\msahci.sys
22:27:35.0695 0x1f1c  msahci - ok
22:27:35.0706 0x1f1c  [ 4468B0F385A86ECDDAF8D3CA662EC0E7, EAEDC9CDD2EEC5000AF8190A4BE7729282576C3F88E64FDF57F455F5CECC81C9 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
22:27:35.0708 0x1f1c  msdsm - ok
22:27:35.0724 0x1f1c  [ FD7520CC3A80C5FC8C48852BB24C6DED, C3F3D7A07FAB9AF38A2A00BF0DF6EEE18CA8FE26277BEC9D8ADB793F2CD5EC1F ] MSDTC           C:\Windows\System32\msdtc.exe
22:27:35.0729 0x1f1c  MSDTC - ok
22:27:35.0746 0x1f1c  [ A9927F4A46B816C92F461ACB90CF8515, 753284F726F9B4D3E7322C75532244CA43714F00717C2019391FB36DEE0738C0 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
22:27:35.0749 0x1f1c  Msfs - ok
22:27:35.0754 0x1f1c  [ 0F400E306F385C56317357D6DEA56F62, C48FA8193787359902D20D869F5F602CD66D3C5D061A58DDB72F51EED433C4BC ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
22:27:35.0755 0x1f1c  msisadrv - ok
22:27:35.0780 0x1f1c  [ 85466C0757A23D9A9AECDC0755203CB2, 79141B8DF9D7470466872AF03A85C3D3976512BFDBDB8B92A22225DC8EFD70A6 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
22:27:35.0785 0x1f1c  MSiSCSI - ok
22:27:35.0789 0x1f1c  msiserver - ok
22:27:35.0801 0x1f1c  [ D8C63D34D9C9E56C059E24EC7185CC07, D0CBFB8D57E6D908679DC0488ED659CA35B92626DEA890873E165F051A1AD2AE ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
22:27:35.0803 0x1f1c  MSKSSRV - ok
22:27:35.0807 0x1f1c  [ 1D373C90D62DDB641D50E55B9E78D65E, 1D4897A96EA54D6FAC7916D69B4E88CAE1397C38CC8FAE08554772808476357B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
22:27:35.0809 0x1f1c  MSPCLOCK - ok
22:27:35.0823 0x1f1c  [ B572DA05BF4E098D4BBA3A4734FB505B, B7923F204CEADD0F62C2FE4B7CF8C56DAB70F88093B15C5692D0E61490CF4BAA ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
22:27:35.0825 0x1f1c  MSPQM - ok
22:27:35.0870 0x1f1c  [ B49456D70555DE905C311BCDA6EC6ADB, 8E40586B3A1FAE9996459E0261726C9DD6A8D5F575604868C45604613385C92F ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
22:27:35.0873 0x1f1c  MsRPC - ok
22:27:35.0891 0x1f1c  [ E384487CB84BE41D09711C30CA79646C, 520391DEE14D4D6C1EA99C7D31DD95D56B44D54CA3CD8E5C9855E9C0A04F026C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
22:27:35.0892 0x1f1c  mssmbios - ok
22:27:35.0909 0x1f1c  [ 7199C1EEC1E4993CAF96B8C0A26BD58A, DD02DF8ED7AF5BB88BD2A91F38CE4C52432CB8044BDCBC41C320CD22B10B8A3B ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
22:27:35.0911 0x1f1c  MSTEE - ok
22:27:35.0917 0x1f1c  [ 6A57B5733D4CB702C8EA4542E836B96C, 080FB0B01E949D24CDD6876125B3A72DA9F88845D8B9A1A425BCA99E7ACF6821 ] Mup             C:\Windows\system32\Drivers\mup.sys
22:27:35.0919 0x1f1c  Mup - ok
22:27:35.0963 0x1f1c  [ E4EAF0C5C1B41B5C83386CF212CA9584, 5946C3DCE65A0DB164169A1775DFCA544AF4E1895ADF6916BB1653F373F8D9AF ] napagent        C:\Windows\system32\qagentRT.dll
22:27:35.0973 0x1f1c  napagent - ok
22:27:36.0015 0x1f1c  [ 85C44FDFF9CF7E72A40DCB7EC06A4416, DC37C99C458CA69B33BFD3894187089E947F4F9C01EC2ED024FA8614989E0956 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
22:27:36.0019 0x1f1c  NativeWifiP - ok
22:27:36.0110 0x1f1c  [ 1357274D1883F68300AEADD15D7BBB42, EE6352CBF0D9D633816F338159CDA27F1A805C3DDC3402D8605B50D8F3CD3300 ] NDIS            C:\Windows\system32\drivers\ndis.sys
22:27:36.0136 0x1f1c  NDIS - ok
22:27:36.0150 0x1f1c  [ 0E186E90404980569FB449BA7519AE61, DE41791D9D3074007D6DD1D3933E7A2A13E3789D0AD4F029105B58279622FC1B ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
22:27:36.0154 0x1f1c  NdisTapi - ok
22:27:36.0166 0x1f1c  [ D6973AA34C4D5D76C0430B181C3CD389, 7C303F3D6BFF8B82E39998135B444837091AB1F9EB8F28D013E5EF45DB237EFC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
22:27:36.0168 0x1f1c  Ndisuio - ok
22:27:36.0184 0x1f1c  [ 818F648618AE34F729FDB47EC68345C3, 5FC8F9237BD7FCE3C62D5BDDD49DC104BE2BECDC2FA8CDC1DB8F1891CBAA9140 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
22:27:36.0190 0x1f1c  NdisWan - ok
22:27:36.0203 0x1f1c  [ 71DAB552B41936358F3B541AE5997FB3, 30A8B3E33CBF04FC047254E404C0321F9028F2640036AA8AC1EA0A5E64551684 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
22:27:36.0206 0x1f1c  NDProxy - ok
22:27:36.0250 0x1f1c  [ 2969D26EEE289BE7422AA46FC55F4E38, 0128C6C764C9BE01E9C5B272385524361C46C051D9D371D8E06B8493A49250AF ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:27:36.0254 0x1f1c  Net Driver HPZ12 - ok
22:27:36.0270 0x1f1c  [ BCD093A5A6777CF626434568DC7DBA78, 2A283DD93230361204EA0897864EAF0224CB8C02E025AE2E4237B07A598B3EBD ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
22:27:36.0273 0x1f1c  NetBIOS - ok
22:27:36.0294 0x1f1c  [ ECD64230A59CBD93C85F1CD1CAB9F3F6, 83650D756C1F2768A2AAAFC7924F2A4316ABAEB1708F4B05803CDDD699B5AB6F ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
22:27:36.0299 0x1f1c  netbt - ok
22:27:36.0315 0x1f1c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] Netlogon        C:\Windows\system32\lsass.exe
22:27:36.0317 0x1f1c  Netlogon - ok
22:27:36.0395 0x1f1c  [ C8052711DAECC48B982434C5116CA401, 417DEB86D157DD3F0B4678410FE27FDD3E8FA04AB03AF398F6C02BF207070B35 ] Netman          C:\Windows\System32\netman.dll
22:27:36.0404 0x1f1c  Netman - ok
22:27:36.0441 0x1f1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:27:36.0446 0x1f1c  NetMsmqActivator - ok
22:27:36.0452 0x1f1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:27:36.0456 0x1f1c  NetPipeActivator - ok
22:27:36.0473 0x1f1c  [ 2EF3BBE22E5A5ACD1428EE387A0D0172, 55DB91EDD0339D2434C06445F8A716A48EA90925B0FF7EBF45BB79D4B54B80BF ] netprofm        C:\Windows\System32\netprofm.dll
22:27:36.0481 0x1f1c  netprofm - ok
22:27:36.0553 0x1f1c  [ 884CC5F9E55760A966FF49E4755FE0AF, 5C4DB75C429884BCD25EB0A8C6C05EEB03B0F23BADFB801C01BFBB2751158194 ] netr28u         C:\Windows\system32\DRIVERS\netr28u.sys
22:27:36.0577 0x1f1c  netr28u - ok
22:27:36.0593 0x1f1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:27:36.0597 0x1f1c  NetTcpActivator - ok
22:27:36.0604 0x1f1c  [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
22:27:36.0607 0x1f1c  NetTcpPortSharing - ok
22:27:36.0624 0x1f1c  [ 2E7FB731D4790A1BC6270ACCEFACB36E, EE9A00B694E8A3A5842CDC56C7BA1364317AC8134E046A0059661D057094B1A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
22:27:36.0625 0x1f1c  nfrd960 - ok
22:27:36.0672 0x1f1c  [ C96411DD46AABC0D6F3CF06D0E0E7E14, 0D36F322AF1B923D96735BFFCAC3FDB0B282E59220BADAB8B49AC178A6765380 ] NlaSvc          C:\Windows\System32\nlasvc.dll
22:27:36.0678 0x1f1c  NlaSvc - ok
22:27:36.0719 0x1f1c  [ D36F239D7CCE1931598E8FB90A0DBC26, DF9397411D0CE5A87E3346D4E6E25BEC537A21BCE196CC55FD999CD08FC4A637 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
22:27:36.0721 0x1f1c  Npfs - ok
22:27:36.0732 0x1f1c  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD, 15CA178518EB3D457AA4C109D97A8490821590842AE4E9841703B5A55870C8F6 ] nsi             C:\Windows\system32\nsisvc.dll
22:27:36.0735 0x1f1c  nsi - ok
22:27:36.0746 0x1f1c  [ 609773E344A97410CE4EBF74A8914FCF, 90B9CBD2B62854DD503DE4A910CB987D402368EB99882FE20FFB6DEACD70F2BD ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
22:27:36.0749 0x1f1c  nsiproxy - ok
22:27:36.0829 0x1f1c  [ 2C1121F2B87E9A6B12485DF53CD848C7, E580428F3BA7B201C6C7CFADF1F44A6ECA4F589EDB034DA14260136236195936 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
22:27:36.0862 0x1f1c  Ntfs - ok
22:27:36.0902 0x1f1c  [ E875C093AEC0C978A90F30C9E0DFBB72, D3A480CD7EF374EFBC1BB831B33B81534774DDDBB0FB338BEE1D444949FD8DE7 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
22:27:36.0903 0x1f1c  ntrigdigi - ok
22:27:36.0937 0x1f1c  [ C5DBBCDA07D780BDA9B685DF333BB41E, 3652893DFF05469A273C3073D8D0A9D6D6BBDEC7855FEA8EAB768F95BA674108 ] Null            C:\Windows\system32\drivers\Null.sys
22:27:36.0953 0x1f1c  Null - ok
22:27:36.0982 0x1f1c  [ 2EDF9E7751554B42CBB60116DE727101, 37A0AA78E83DBB5A788F7F067EB71DDF6CCC72A66BB41B209E1A5E2F68F8AF9B ] nvraid          C:\Windows\system32\drivers\nvraid.sys
22:27:36.0985 0x1f1c  nvraid - ok
22:27:37.0004 0x1f1c  [ ABED0C09758D1D97DB0042DBB2688177, 84B9BF886EF9181915E8AB6D971446BC681E6DE4485DBECD62838EAFA10E7F46 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
22:27:37.0006 0x1f1c  nvstor - ok
22:27:37.0020 0x1f1c  [ 18BBDF913916B71BD54575BDB6EEAC0B, 5FBA165149AB09E869DCE35622E91CFC964BDD22B31A5E76CF12F1565402B207 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
22:27:37.0025 0x1f1c  nv_agp - ok
22:27:37.0086 0x1f1c  [ 6F310E890D46E246E0E261A63D9B36B4, 7050B0C43CC0DF2DDAD3EB8D2FF9EEE425A627C68654CBB154D55A4B1A47AA08 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
22:27:37.0088 0x1f1c  ohci1394 - ok
22:27:37.0148 0x1f1c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
22:27:37.0166 0x1f1c  p2pimsvc - ok
22:27:37.0186 0x1f1c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] p2psvc          C:\Windows\system32\p2psvc.dll
22:27:37.0200 0x1f1c  p2psvc - ok
22:27:37.0247 0x1f1c  [ DC450992EBA6F914080C1F7FBEEED72C, A7B9CB59E10EB7C973E53BB70A8FE2CDD25FCC3CC499A0D311449F861223A447 ] PalmUSBD        C:\Windows\system32\drivers\PalmUSBD.sys
22:27:37.0248 0x1f1c  PalmUSBD - ok
22:27:37.0259 0x1f1c  [ 0FA9B5055484649D63C303FE404E5F4D, ABF357001A5E7B21621560E74FA538E2D899C5111A6AAC784B5B12D9D819C6CD ] Parport         C:\Windows\system32\drivers\parport.sys
22:27:37.0261 0x1f1c  Parport - ok
22:27:37.0305 0x1f1c  [ B9C2B89F08670E159F7181891E449CD9, BD48CE95CF4B75D1FD5FD379B2A8727BC000F2B6748B77636C6BDB0B37B0344A ] partmgr         C:\Windows\system32\drivers\partmgr.sys
22:27:37.0308 0x1f1c  partmgr - ok
22:27:37.0313 0x1f1c  [ 4F9A6A8A31413180D0FCB279AD5D8112, DCE48BC6E3447403521BB9FBF727E629DEE45B69B8AE8CFEE1A67FECAE3CB9D3 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
22:27:37.0314 0x1f1c  Parvdm - ok
22:27:37.0353 0x1f1c  [ C6276AD11F4BB49B58AA1ED88537F14A, 409E956AF994640DF8D062E5E41F87A6EE7EEE0335C191B582722A49322357CE ] PcaSvc          C:\Windows\System32\pcasvc.dll
22:27:37.0358 0x1f1c  PcaSvc - ok
22:27:37.0438 0x1f1c  [ 92FDDBED716BF5C3CB766101563CFCE5, BD77BEB532483FBDBE2D69A7D5193F1EB43514CA7A65934F17AE71DCF397CCD4 ] PCDSRVC{E9D79540-57D5953E-06020101}_0 c:\program files\dell support center\pcdsrvc.pkms
22:27:37.0441 0x1f1c  PCDSRVC{E9D79540-57D5953E-06020101}_0 - ok
22:27:37.0486 0x1f1c  [ 941DC1D19E7E8620F40BBC206981EFDB, 156142A8B587131D2D47074CBFD0A31F69B3C27A8C74C8C4F29DFE7B53BBA802 ] pci             C:\Windows\system32\drivers\pci.sys
22:27:37.0489 0x1f1c  pci - ok
22:27:37.0529 0x1f1c  [ 1636D43F10416AEB483BC6001097B26C, 36E61A993693A46538FE0F726D67BB28886F61D53384AD600D1282296A27662E ] pciide          C:\Windows\system32\drivers\pciide.sys
22:27:37.0531 0x1f1c  pciide - ok
22:27:37.0547 0x1f1c  [ E6F3FB1B86AA519E7698AD05E58B04E5, 2C4B45DDD3B980C9DAA6F039CAEFCD6E84A4D5BB43AFBA73C0C42B5556C1303C ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
22:27:37.0552 0x1f1c  pcmcia - ok
22:27:37.0563 0x1f1c  [ 18ED1D71FEF6F71D38C24263500BBD01, DD01D9350C1C4BF9F403F6001126F8DB36961846CC76A76BBF1AFF6331A4DCCF ] PdiPorts        C:\Windows\system32\Drivers\PdiPorts.sys
22:27:37.0564 0x1f1c  PdiPorts - ok
22:27:37.0607 0x1f1c  [ FED28C565DE5F73B7C5B32841229E496, 7D6930004EDA3916BBCB225018F74BD492B49463A0B15484AFE70448A3B2C4C0 ] PdiService      C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
22:27:37.0610 0x1f1c  PdiService - ok
22:27:37.0654 0x1f1c  [ 6349F6ED9C623B44B52EA3C63C831A92, 9EAA3ABD396870123107D6E1B758F56FDA378BD28B28DB8415AA470D24294F92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
22:27:37.0680 0x1f1c  PEAUTH - ok
22:27:37.0768 0x1f1c  [ B1689DF169143F57053F795390C99DB3, 887B8C76B34CABC68067C0F27CC4EEF02457A53634C96FE5B0FE9B99453BDBEF ] pla             C:\Windows\system32\pla.dll
22:27:37.0878 0x1f1c  pla - ok
22:27:37.0962 0x1f1c  [ C5E7F8A996EC0A82D508FD9064A5569E, 416A93816CDF12DD42DEA796D37E6E2000D3172AAAB20D3EAD3B715DACD4B61F ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
22:27:37.0985 0x1f1c  PlugPlay - ok
22:27:38.0038 0x1f1c  [ BAFC9706BDF425A02B66468AB2605C59, 6F8F7982AD452F0E68D91CCAF05DF152F00FA3D885DCBBBC470199E74F17B1E0 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:27:38.0043 0x1f1c  Pml Driver HPZ12 - ok
22:27:38.0118 0x1f1c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
22:27:38.0132 0x1f1c  PNRPAutoReg - ok
22:27:38.0156 0x1f1c  [ 0C8E8E61AD1EB0B250B846712C917506, 8F23657B90BFFCD7273B93EDA2D3768F35C1C5A313F22AE33452BE3B2A550649 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
22:27:38.0169 0x1f1c  PNRPsvc - ok
22:27:38.0199 0x1f1c  [ D0494460421A03CD5225CCA0059AA146, FC30E90522C63F2A66D89381705712D2CDF07B2E029DF40C2DEBB2353E763E90 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
22:27:38.0209 0x1f1c  PolicyAgent - ok
22:27:38.0243 0x1f1c  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1, 6E4B188A4BFDBBCA51347BCCE2873F2D0F858398851B9B5129CB9F36A02E4354 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
22:27:38.0248 0x1f1c  PptpMiniport - ok
22:27:38.0267 0x1f1c  [ 2027293619DD0F047C584CF2E7DF4FFD, B7C172CCD08D8A30483D27536355ED1E5009B33629355B426470AFBA8542B394 ] Processor       C:\Windows\system32\drivers\processr.sys
22:27:38.0269 0x1f1c  Processor - ok
22:27:38.0325 0x1f1c  [ 0D5DAD610D7EA1627581ED06FB2BAA9A, 6E27CF3A1624AE10EECB8B5F38E03D76A6AABE4E75DD66DEDD67E0773935A396 ] ProfSvc         C:\Windows\system32\profsvc.dll
22:27:38.0331 0x1f1c  ProfSvc - ok
22:27:38.0347 0x1f1c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] ProtectedStorage C:\Windows\system32\lsass.exe
22:27:38.0348 0x1f1c  ProtectedStorage - ok
22:27:38.0384 0x1f1c  [ 99514FAA8DF93D34B5589187DB3AA0BA, 4DDE5EC0C721B22E1D7D55ED3514B60EA07435C232A3A931BB49C7F486B52C18 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
22:27:38.0388 0x1f1c  PSched - ok
22:27:38.0452 0x1f1c  [ E42E3433DBB4CFFE8FDD91EAB29AEA8E, 20ABD8372B242FD356AC143E7EB56F93CFEA4988ED1B0C4434CB64C387D7F66C ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys
22:27:38.0453 0x1f1c  PxHelp20 - ok
22:27:38.0522 0x1f1c  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6, 8B7D44A7698B95FE34CBBE4FAB2F01EC1F5BA86C2B19672F99767E650E99BF1C ] ql2300          C:\Windows\system32\drivers\ql2300.sys
22:27:38.0556 0x1f1c  ql2300 - ok
22:27:38.0574 0x1f1c  [ 81A7E5C076E59995D54BC1ED3A16E60B, A2988F065F93C41B3B389BFF3BB3FD69F768C2AF249C2356F315CC92E5C9E128 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
22:27:38.0576 0x1f1c  ql40xx - ok
22:27:38.0623 0x1f1c  [ E9ECAE663F47E6CB43962D18AB18890F, F1A05320CAED9E745AA36A6DA9B64C48AAEDE888B42B249840CEB31448F7F432 ] QWAVE           C:\Windows\system32\qwave.dll
22:27:38.0646 0x1f1c  QWAVE - ok
22:27:38.0656 0x1f1c  [ 9F5E0E1926014D17486901C88ECA2DB7, 67CDFB99AB546DCEEF20507EAC07DD52FFB51BFDFE9416ABEDDC1201B60D720E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
22:27:38.0659 0x1f1c  QWAVEdrv - ok
22:27:38.0945 0x1f1c  [ AE375717A1AC652C24939D5D67150F89, 23EC7D9F5E89D969364C486DA18B90B0D058A0E59A6143F7FFC19B2201E56CBF ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
22:27:39.0016 0x1f1c  R300 - ok
22:27:39.0215 0x1f1c  [ F502A4B72524D21C5CA7183E61FB522E, 819B5DF8916776E7ACBFB0FDFBD0CDCFD173E750DF3A16D8462EDA13BB013DE0 ] RalinkRegistryWriter C:\Program Files\Tenda\Common\RaRegistry.exe
22:27:39.0221 0x1f1c  RalinkRegistryWriter - ok
22:27:39.0318 0x1f1c  [ CBC738221E5B80C4566E4AC0DC16CC8C, 13A2AFCE5D88E49EE509244A780ED30D85CE8F2CB8DA40C7E12B00C33D9743C0 ] RaMediaServer   C:\Program Files\Tenda\Common\RaMediaServer.exe
22:27:39.0417 0x1f1c  RaMediaServer - ok
22:27:39.0468 0x1f1c  [ 147D7F9C556D259924351FEB0DE606C3, E41EBA5F3098C6CF2BE4C0060A5F4BF161C3677D983B7A0D70ACC12FC3CFEFD7 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
22:27:39.0489 0x1f1c  RasAcd - ok
22:27:39.0515 0x1f1c  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F, 6A410ABCCD2211EFF511CDBF22E4152B57D2996336EBE711DFF71904AF232DB2 ] RasAuto         C:\Windows\System32\rasauto.dll
22:27:39.0527 0x1f1c  RasAuto - ok
22:27:39.0547 0x1f1c  [ A214ADBAF4CB47DD2728859EF31F26B0, A24F37F55E2C018B1B4FA2C568A01AAAAEA1220833ED24A93378386174A70A32 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
22:27:39.0553 0x1f1c  Rasl2tp - ok
22:27:39.0609 0x1f1c  [ 75D47445D70CA6F9F894B032FBC64FCF, 9112EA5D25F867136858524C7965ACCEDC02675D1E2985B950598D89CCF25E14 ] RasMan          C:\Windows\System32\rasmans.dll
22:27:39.0627 0x1f1c  RasMan - ok
22:27:39.0665 0x1f1c  [ 509A98DD18AF4375E1FC40BC175F1DEF, CC7C278CA298CE102D871E34C176E73F903D6687D1E8B5AFAB8772C7DE1A60B1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
22:27:39.0668 0x1f1c  RasPppoe - ok
22:27:39.0703 0x1f1c  [ 2005F4A1E05FA09389AC85840F0A9E4D, D8A664073FDE82F9AB324347024CDB7043635C84EB11C24C59AB384C52F0FD94 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
22:27:39.0717 0x1f1c  RasSstp - ok
22:27:40.0009 0x1f1c  [ B14C9D5B9ADD2F84F70570BBBFAA7935, 3D533767A50554B86C769DF4D8841B3EA680B3807E85EA3533BDA9B649548269 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
22:27:40.0070 0x1f1c  rdbss - ok
22:27:40.0114 0x1f1c  [ 89E59BE9A564262A3FB6C4F4F1CD9899, 6F948FB0E73495CA60B7B19E758268495EC8A084C475EC59AD7940AA619570BB ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
22:27:40.0116 0x1f1c  RDPCDD - ok
22:27:40.0169 0x1f1c  [ FBC0BACD9C3D7F6956853F64A66E252D, 7672B10C7039295B152C02C96903E869FF2C0A88A2C3FA89BAE9F1D593B43569 ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
22:27:40.0212 0x1f1c  rdpdr - ok
22:27:40.0221 0x1f1c  [ 9D91FE5286F748862ECFFA05F8A0710C, 33F37F1B207151A5564BF051BBF16F35D8C5A0F426CCA078A51F125BF09E487B ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
22:27:40.0223 0x1f1c  RDPENCDD - ok
22:27:40.0285 0x1f1c  [ C127EBD5AFAB31524662C48DFCEB773A, 40A6B88FEAFF02D1B5C0CA32F290CF3D9B48B85D248C7532F30CC5C09BAA4D89 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
22:27:40.0294 0x1f1c  RDPWD - ok
22:27:40.0343 0x1f1c  [ BCDD6B4804D06B1F7EBF29E53A57ECE9, 8A961CCD0A0265E03D9952C733B593B02B5CF64E308D6B420276D2D6B20F86FC ] RemoteAccess    C:\Windows\System32\mprdim.dll
22:27:40.0350 0x1f1c  RemoteAccess - ok
22:27:40.0407 0x1f1c  [ 9E6894EA18DAFF37B63E1005F83AE4AB, 5D6DF994D297C875D547C7B111A571AA90D582DAECADE18A53F65AD988819E67 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
22:27:40.0415 0x1f1c  RemoteRegistry - ok
22:27:40.0439 0x1f1c  [ 5123F83CBC4349D065534EEB6BBDC42B, 92A3F38EA924D83D601BB93E3750F9DBC2DD963FB7ACF2A0E776297E21815225 ] RpcLocator      C:\Windows\system32\locator.exe
22:27:40.0441 0x1f1c  RpcLocator - ok
22:27:40.0488 0x1f1c  [ 3B5B4D53FEC14F7476CA29A20CC31AC9, EC02A412DA5FDE2C759A4A2C5904579E1CE7C4999CE87145812F354FC8F5E183 ] RpcSs           C:\Windows\system32\rpcss.dll
22:27:40.0500 0x1f1c  RpcSs - ok
22:27:40.0533 0x1f1c  [ 9C508F4074A39E8B4B31D27198146FAD, 84913471E5A6C297B1EDABE45EF3FE7D2C4410EF04370F615109FD9E2690FFDB ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
22:27:40.0547 0x1f1c  rspndr - ok
22:27:40.0575 0x1f1c  [ 2D19A7469EA19993D0C12E627F4530BC, B59F0D4ACAA60ED95093FA561D4C5D87F26C9F6C646858772743038D97B2D6AB ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
22:27:40.0582 0x1f1c  RTL8169 - ok
22:27:40.0629 0x1f1c  [ 0D60B8C10A2C5E8DD620B3FDEB1CDA64, CC7BBB3B177559190E425F33E00CDA153C87B47AFAA8330361BC6ADA26B2C97B ] RtlProt         C:\Windows\system32\DRIVERS\rtlprot.sys
22:27:40.0645 0x1f1c  RtlProt - ok
22:27:40.0662 0x1f1c  [ A3E186B4B935905B829219502557314E, 7F58EAC6C12208D792C77014AC9D37AD1A7B2E73863C914F5DA831A72E1D52BB ] SamSs           C:\Windows\system32\lsass.exe
22:27:40.0664 0x1f1c  SamSs - ok
22:27:40.0699 0x1f1c  [ 3CE8F073A557E172B330109436984E30, CEC281C6076FAA1E34372CF419C6308E73811316606B8D0D9055B7D8952BDC88 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
22:27:40.0701 0x1f1c  sbp2port - ok
22:27:40.0738 0x1f1c  [ 77B7A11A0C3D78D3386398FBBEA1B632, A3D290AB793BDC2F84C7B963300DFCE81CFE082A0FFF7489E8E5B14714892C00 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
22:27:40.0748 0x1f1c  SCardSvr - ok
22:27:40.0805 0x1f1c  [ 1A58069DB21D05EB2AB58EE5753EBE8D, EED8111EB613F4C93D1638C74FDB0A6DC6694E1B108DCD0D794B5B5F9B8C6EE4 ] Schedule        C:\Windows\system32\schedsvc.dll
22:27:40.0846 0x1f1c  Schedule - ok
22:27:40.0917 0x1f1c  [ 312EC3E37A0A1F2006534913E37B4423, 81B8F462336791D162DAFA8092C1F437638DA3022CA24A2458B9FE183FC18C5D ] SCPolicySvc     C:\Windows\System32\certprop.dll
22:27:40.0919 0x1f1c  SCPolicySvc - ok
22:27:40.0961 0x1f1c  [ 716313D9F6B0529D03F726D5AAF6F191, 44FE994A11631C1D99C73026340BACE39973C65A1281D87A61B481C9B5FAB251 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
22:27:40.0970 0x1f1c  SDRSVC - ok
22:27:41.0055 0x1f1c  [ 58DC20EB15F071804C56FCCC796417A2, F0FBA311879B4167723B4ABF18E13D8A95EB798FD94ABCAE0733C2F974348930 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
22:27:41.0061 0x1f1c  SeaPort - ok
22:27:41.0084 0x1f1c  [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
22:27:41.0087 0x1f1c  secdrv - ok
22:27:41.0120 0x1f1c  [ FD5199D4D8A521005E4B5EE7FE00FA9B, 0FB7A1D300C72B1ADC423CC57343C17853E5F8ACFE3EA2C42FAC2FF72E502FBE ] seclogon        C:\Windows\system32\seclogon.dll
22:27:41.0125 0x1f1c  seclogon - ok
22:27:41.0167 0x1f1c  [ A9BBAB5759771E523F55563D6CBE140F, 415BF6F6A1E4C5F98DABF9C2EEAF8CA49730693046E5F94C7655683717EDAD75 ] SENS            C:\Windows\system32\sens.dll
22:27:41.0180 0x1f1c  SENS - ok
22:27:41.0197 0x1f1c  [ 68E44E331D46F0FB38F0863A84CD1A31, 0778D85B6869CE2610820DC9724360538BFE832426E898AEBC34E53D2AB4322B ] Serenum         C:\Windows\system32\drivers\serenum.sys
22:27:41.0198 0x1f1c  Serenum - ok
22:27:41.0233 0x1f1c  [ C70D69A918B178D3C3B06339B40C2E1B, 40BEEECA4C797A3355F4B01C57C2763C33028F27826315062320789A496D0810 ] Serial          C:\Windows\system32\drivers\serial.sys
22:27:41.0240 0x1f1c  Serial - ok
22:27:41.0293 0x1f1c  [ 8AF3D28A879BF75DB53A0EE7A4289624, C870BEBB969DCD9170E64584D1CD329A193D9FC812A45EF3574891110CA68B45 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
22:27:41.0297 0x1f1c  sermouse - ok
22:27:41.0385 0x1f1c  [ D2193326F729B163125610DBF3E17D57, 82C894E24E2C139C884246A693AD37BBF0A4E9375B7F7A288EF1DB22F89434B9 ] SessionEnv      C:\Windows\system32\sessenv.dll
22:27:41.0392 0x1f1c  SessionEnv - ok
22:27:41.0414 0x1f1c  [ 3EFA810BDCA87F6ECC24F9832243FE86, E50FEA94DB9851A46A8A71A8C061AC953A9D5B14585382B3F0FFC84931A0A68F ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
22:27:41.0415 0x1f1c  sffdisk - ok
22:27:41.0507 0x1f1c  [ E95D451F7EA3E583AEC75F3B3EE42DC5, B014BE4F9B0C79ECCE2537D1CF4AAD48ACB4C5AD3DACAC4444F0F465B9689921 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
22:27:41.0508 0x1f1c  sffp_mmc - ok
22:27:41.0557 0x1f1c  [ 3D0EA348784B7AC9EA9BD9F317980979, 2500CE188C9B71C50E966FA575303AEFE50934E376C530AECEC7C7533C15EF08 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
22:27:41.0559 0x1f1c  sffp_sd - ok
22:27:41.0658 0x1f1c  [ C33BFBD6E9E41FCD9FFEF9729E9FAED6, 490C29DC9E9FE8D5010E6DB18DE7DA808BCE84F014CFDEE0530735CBED788073 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
22:27:41.0673 0x1f1c  sfloppy - ok
22:27:41.0743 0x1f1c  [ E1499BD0FF76B1B2FBBF1AF339D91165, 9A8F0403467E75880D3070C4D862489A75134383BAF8E7C45F8C5E7DFB0605A5 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
22:27:41.0755 0x1f1c  SharedAccess - ok
22:27:41.0828 0x1f1c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:27:41.0890 0x1f1c  ShellHWDetection - ok
22:27:41.0942 0x1f1c  [ 1D76624A09A054F682D746B924E2DBC3, DC903DD466AB8899883253F09477B02E4E93A31C8B279F9F02BD555F1AA083B7 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
22:27:41.0953 0x1f1c  sisagp - ok
22:27:41.0992 0x1f1c  [ 43CB7AA756C7DB280D01DA9B676CFDE2, 08484CAEA0518C0A4CCCD292D8C803B27FEC453537EE1E4CEE74A7208356A474 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
22:27:41.0994 0x1f1c  SiSRaid2 - ok
22:27:42.0053 0x1f1c  [ A99C6C8B0BAA970D8AA59DDC50B57F94, 97AC9DD6DC4F58AC60E819B999BB157663EE7C1739521D16768AA9AC00DAD012 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
22:27:42.0056 0x1f1c  SiSRaid4 - ok
22:27:42.0409 0x1f1c  [ 862BB4CBC05D80C5B45BE430E5EF872F, F4961B22C93E472C8C862421AA231CDDA9E40D3958741A1D666357F22CC3143D ] slsvc           C:\Windows\system32\SLsvc.exe
22:27:42.0553 0x1f1c  slsvc - ok
22:27:42.0610 0x1f1c  [ 6EDC422215CD78AA8A9CDE6B30ABBD35, D8342BC3152859F4F7512E85ABEC61147DBCAB515458644728874E42F639D6CA ] SLUINotify      C:\Windows\system32\SLUINotify.dll
22:27:42.0623 0x1f1c  SLUINotify - ok
22:27:42.0666 0x1f1c  [ 7B75299A4D201D6A6533603D6914AB04, 172BE3951F06B1991EF70B71EB91786D1EFC4E381C22BCA3A5F622CD59F3227E ] Smb             C:\Windows\system32\DRIVERS\smb.sys
22:27:42.0670 0x1f1c  Smb - ok
22:27:42.0714 0x1f1c  [ 2A146A055B4401C16EE62D18B8E2A032, D0930FFA53951C92F56E1ECB41374F4C0AA01ECBF99F474513A21EAD579CFE47 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
22:27:42.0718 0x1f1c  SNMPTRAP - ok
22:27:42.0731 0x1f1c  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF, E03BEE733F4C2A5F39946D4955679A290E22758DFCE4222EE69ABF64FC54EDF7 ] spldr           C:\Windows\system32\drivers\spldr.sys
22:27:42.0733 0x1f1c  spldr - ok
22:27:42.0772 0x1f1c  [ 8554097E5136C3BF9F69FE578A1B35F4, 2578545CFD647FB18F217B33C8CB4F0184A35F548659494056E455020CC15FB0 ] Spooler         C:\Windows\System32\spoolsv.exe
22:27:42.0778 0x1f1c  Spooler - ok
22:27:42.0846 0x1f1c  [ 41987F9FC0E61ADF54F581E15029AD91, A46E718648C2DD3B43FC3798932C966315893A59442A0686CE46C605B9E4641E ] srv             C:\Windows\system32\DRIVERS\srv.sys
22:27:42.0857 0x1f1c  srv - ok
22:27:42.0904 0x1f1c  [ FF33AFF99564B1AA534F58868CBE41EF, EFBB005DA19E5B320009CBF93E686D8BFA6A50A23B5A5001C7C84C7D85EF7D49 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
22:27:42.0914 0x1f1c  srv2 - ok
22:27:42.0920 0x1f1c  [ 7605C0E1D01A08F3ECD743F38B834A44, 83A77E31004BCF83443F30EFC290E04BB1A2F332E8DFD614AB6E25B527C92299 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
22:27:42.0935 0x1f1c  srvnet - ok
22:27:43.0039 0x1f1c  [ 03D50B37234967433A5EA5BA72BC0B62, 7B61D6A4BF5D446A9473D058BC207FB6DA7C2FEFB8083F3B66CAC8907DBD8327 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
22:27:43.0065 0x1f1c  SSDPSRV - ok
22:27:43.0095 0x1f1c  [ 6F1A32E7B7B30F004D9A20AFADB14944, AA9D874A14CA4779E76701D2B02F4CCA92CD5917435FB4CACA149FCB2D1D4C4C ] SstpSvc         C:\Windows\system32\sstpsvc.dll
22:27:43.0114 0x1f1c  SstpSvc - ok
22:27:43.0212 0x1f1c  [ 5DE7D67E49B88F5F07F3E53C4B92A352, 6930A598C35646646ED0E91633797EFE139AE6CDD0012335BD1340754A22F997 ] stisvc          C:\Windows\System32\wiaservc.dll
22:27:43.0263 0x1f1c  stisvc - ok
22:27:43.0308 0x1f1c  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56, 23CC47FA2D6E183D69DB0D3D3F3081A830D94A58FBC0A9A295B3A56C51E9486A ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
22:27:43.0309 0x1f1c  swenum - ok
22:27:43.0375 0x1f1c  [ F21FD248040681CCA1FB6C9A03AAA93D, 32FE765841A183A1F2C1ACACBBF8CDB11E7D4D4396F9C9F6CFF1B51C9B620ED3 ] swprv           C:\Windows\System32\swprv.dll
22:27:43.0407 0x1f1c  swprv - ok
22:27:43.0455 0x1f1c  [ 192AA3AC01DF071B541094F251DEED10, 5C6EB56D1C39F3717EB754A1B37C8A618BA4F2107F64048E985D71FA04D1AD05 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
22:27:43.0460 0x1f1c  Symc8xx - ok
22:27:43.0502 0x1f1c  [ 8C8EB8C76736EBAF3B13B633B2E64125, A6C4845DDED81CCF4947612A4D6E42035136025BCD80812D2FF396927CAADEC5 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
22:27:43.0507 0x1f1c  Sym_hi - ok
22:27:43.0552 0x1f1c  [ 8072AF52B5FD103BBBA387A1E49F62CB, D336A7D008D145619E79043EBF5D0D455086BA1FEF89612BC2EA11CC363D82B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
22:27:43.0558 0x1f1c  Sym_u3 - ok
22:27:43.0764 0x1f1c  [ 9A51B04E9886AA4EE90093586B0BA88D, 1666C29FBFA34174B506678C920636519051D03456A6DDCCD6FF708CAE5D9962 ] SysMain         C:\Windows\system32\sysmain.dll
22:27:43.0973 0x1f1c  SysMain - ok
22:27:44.0062 0x1f1c  [ 2DCA225EAE15F42C0933E998EE0231C3, 67C7913E41854DFA3043426B7D59AA1FBBB9DE01A6E6904E40A696A7C61A5F98 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:27:44.0077 0x1f1c  TabletInputService - ok
22:27:44.0252 0x1f1c  [ D7673E4B38CE21EE54C59EEEB65E2483, 330D0AD13F5008D8569CE8E5EA0BBD69F54F59FEB54FD903FA18D2849CEC6AF0 ] TapiSrv         C:\Windows\System32\tapisrv.dll
22:27:44.0267 0x1f1c  TapiSrv - ok
22:27:44.0328 0x1f1c  [ CB05822CD9CC6C688168E113C603DBE7, 9DB8945BDC702BB13E9DE477F2D3CCA4CE0E9E8CE9B54CE1A25375F2A2C93F0E ] TBS             C:\Windows\System32\tbssvc.dll
22:27:44.0331 0x1f1c  TBS - ok
22:27:44.0515 0x1f1c  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
22:27:44.0548 0x1f1c  Tcpip - ok
22:27:44.0574 0x1f1c  [ C7B0746FCD576D7EEBA6A2530B0B2966, F8ADAED40AA12BF8427482A00CCF8374458FEA95C3C381AEF59EC057A2791550 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
22:27:44.0589 0x1f1c  Tcpip6 - ok
22:27:44.0635 0x1f1c  [ 608C345A255D82A6289C2D468EB41FD7, 74ECFDD45DC3EB3AFAEF9C42B546241AA1D6ACB2F6591A76DDB8BB1768545889 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
22:27:44.0638 0x1f1c  tcpipreg - ok
22:27:44.0660 0x1f1c  [ 5DCF5E267BE67A1AE926F2DF77FBCC56, E00C0A03AEE579B51B39930A72F39F4EFFE7CDA37187B0AE90F4E001AD15473B ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
22:27:44.0662 0x1f1c  TDPIPE - ok
22:27:44.0670 0x1f1c  [ 389C63E32B3CEFED425B61ED92D3F021, E4718E290678F00995E754AE66F1027D227BFAB9E1A1D2AC8E4EAD27DC50CB17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
22:27:44.0672 0x1f1c  TDTCP - ok
22:27:44.0711 0x1f1c  [ 76B06EB8A01FC8624D699E7045303E54, EC30F244B48A35622ED3EE91792F6A1517C5A50770FAB3945E7A945EB7AF28A8 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
22:27:44.0716 0x1f1c  tdx - ok
22:27:44.0767 0x1f1c  [ 3CAD38910468EAB9A6479E2F01DB43C7, 9D18C71EDF39743A0A592BC0873909D2B75B5B177B2672A865D1EEC0BFD2F61C ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
22:27:44.0772 0x1f1c  TermDD - ok
22:27:44.0867 0x1f1c  [ DBD84E59D631569EC3E756EF144E8431, 9E58629EC762584A2D294A619593620626F7CBE467045AD0F920B6CF1D4B4724 ] TermService     C:\Windows\System32\termsrv.dll
22:27:44.0901 0x1f1c  TermService - ok
22:27:44.0991 0x1f1c  [ C7230FBEE14437716701C15BE02C27B8, 8221DE73D77CF71C2857D78829E807D015D9CB8BDEE4BAFD6950BF0C718CC774 ] Themes          C:\Windows\system32\shsvcs.dll
22:27:44.0998 0x1f1c  Themes - ok
22:27:45.0043 0x1f1c  [ 1076FFCFFAAE8385FD62DFCB25AC4708, 8C5C106FCB018E019DEBA8E1A6AA170CD7A93293F27994F724EBC486238DA0AA ] THREADORDER     C:\Windows\system32\mmcss.dll
22:27:45.0046 0x1f1c  THREADORDER - ok
22:27:45.0113 0x1f1c  [ EC74E77D0EB004BD3A809B5F8FB8C2CE, 1E4BBC58D0E35D79C764CF1BA73602C5E29A5A2393D40332801D533E445C6667 ] TrkWks          C:\Windows\System32\trkwks.dll
22:27:45.0120 0x1f1c  TrkWks - ok
22:27:45.0262 0x1f1c  [ 97D9D6A04E3AD9B6C626B9931DB78DBA, 8E42133ED5EE5EEC414A8B11C1035385C6141E445EA9677F947D20768F25A877 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:27:45.0263 0x1f1c  TrustedInstaller - ok
22:27:45.0649 0x1f1c  [ F4EAA7ECBCB25DE901C9B7F2CDCDA0B3, 1CBB5106A32362ABDEE73BF170E205FE64DDBF826C5F6DFFCCD229F220B9C85E ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
22:27:45.0651 0x1f1c  tssecsrv - ok
22:27:45.0681 0x1f1c  [ CAECC0120AC49E3D2F758B9169872D38, 80DB15ADF5F4FF78D0C7D5081B6C0E8F1E5125872B60D23C19DA8E62C9DAC9A8 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
22:27:45.0683 0x1f1c  tunmp - ok
22:27:45.0724 0x1f1c  [ 300DB877AC094FEAB0BE7688C3454A9C, 3B36AA191FBE25B1A61150EAA2BDF8BA286DC4C052F6E98B0ED8202135553D8C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
22:27:45.0727 0x1f1c  tunnel - ok
22:27:45.0737 0x1f1c  [ 7D33C4DB2CE363C8518D2DFCF533941F, C6A539AD31B0BD9F895E0A537783AA75D5760C8590D83BA832D59A9B090CA0E9 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
22:27:45.0739 0x1f1c  uagp35 - ok
22:27:45.0781 0x1f1c  [ D9728AF68C4C7693CB100B8441CBDEC6, A2CEE1EE4EF17106349F4E6967F504354801934179FBB3F10B9A4E3C30BC28CE ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
22:27:45.0840 0x1f1c  udfs - ok
22:27:45.0880 0x1f1c  [ ECEF404F62863755951E09C802C94AD5, 5D92062B3E371F196774EBFE840C78501E55A244DB2A49703C7AC0141C7DABF1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
22:27:46.0032 0x1f1c  UI0Detect - ok
22:27:46.0070 0x1f1c  [ B0ACFDC9E4AF279E9116C03E014B2B27, 455D30859E381361FF6EE8B01EDC22A2E66CD5EC22CA9F314E88009DB77A8BAF ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
22:27:46.0088 0x1f1c  uliagpkx - ok
22:27:46.0127 0x1f1c  [ 9224BB254F591DE4CA8D572A5F0D635C, C5E7B24587AC5A28ECA63300307AD95B8A846833340126AE378840A40E53C056 ] uliahci         C:\Windows\system32\drivers\uliahci.sys
22:27:46.0141 0x1f1c  uliahci - ok
22:27:46.0166 0x1f1c  [ 8514D0E5CD0534467C5FC61BE94A569F, A6EFB967044F88335469DB3351587E31CEC659BB6A7D8ED45C68329232C31BB9 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
22:27:46.0171 0x1f1c  UlSata - ok
22:27:46.0186 0x1f1c  [ 38C3C6E62B157A6BC46594FADA45C62B, 44F87DC955CB4E35E0EB4C8B4E931472B33D97FE000C22370A06AD5EDCEFD0BA ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
22:27:46.0191 0x1f1c  ulsata2 - ok
22:27:46.0204 0x1f1c  [ 32CFF9F809AE9AED85464492BF3E32D2, 91AAA47AEF17F373276B01AC8FA823592A0C854541A7A9A3B78F2350DB964EBC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
22:27:46.0213 0x1f1c  umbus - ok
22:27:46.0256 0x1f1c  [ 88BD96A1BAEED33EE8BDF9499C07A841, 1C4DA1B34FE52B8022AB23CBF18D6B16635283625BB2D08E6524292E6009773A ] UMPass          C:\Windows\system32\DRIVERS\umpass.sys
22:27:46.0258 0x1f1c  UMPass - ok
22:27:46.0281 0x1f1c  [ 68308183F4AE0BE7BF8ECD07CB297999, 4444233CA3C42BEE50ED47553D4AE5A7C12D8F288D2FA4B2DAE1D9B9FEC1A72D ] upnphost        C:\Windows\System32\upnphost.dll
22:27:46.0291 0x1f1c  upnphost - ok
22:27:46.0298 0x1f1c  USBAAPL - ok
22:27:46.0316 0x1f1c  [ 1114579556DB85E9FAF9590DBC64CD62, 10479A3C12BBBB9B5759082358FE11AC20BAEFA6B4977C8AE6E60AA17BE6C7FA ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
22:27:46.0321 0x1f1c  usbaudio - ok
22:27:46.0374 0x1f1c  [ AAB0B5F72D2D726FBFDC895A2902DE1D, 7824AF6E2ADEA23F208526F3A62AD1BACDBBDB23E58EB5806890B0761529C50F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
22:27:46.0388 0x1f1c  usbccgp - ok
22:27:46.0411 0x1f1c  [ E9476E6C486E76BC4898074768FB7131, D14B8F69A511DC1F990A9C123C18689AFE59659BA8130D248D8D03E9BD2143B6 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
22:27:46.0415 0x1f1c  usbcir - ok
22:27:46.0452 0x1f1c  [ 153E8515CB86F8BB5D1A8B478EBF4BB2, 0F1F79BA7C32ACAAE69184A56E67D6E18E2E2F07E0BE23F266401431169DAE14 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
22:27:46.0455 0x1f1c  usbehci - ok
22:27:46.0476 0x1f1c  [ 2AE6BCEBD85D31317E433733DAF25888, 7B2C0E8703D0275A620160E479166EB7AA31B0F146507603535CEBF0BA4684A4 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
22:27:46.0482 0x1f1c  usbhub - ok
22:27:46.0506 0x1f1c  [ 38DBC7DD6CC5A72011F187425384388B, 456CFCD190035C3033709C8DC0F6DC4352BBF751D57C0C52DD04F8C301FEBACD ] usbohci         C:\Windows\system32\drivers\usbohci.sys
22:27:46.0508 0x1f1c  usbohci - ok
22:27:46.0534 0x1f1c  [ E75C4B5269091D15A2E7DC0B6D35F2F5, B0A4141B69B66276890836DE98EB8BC790D35CE59FA503060593E8CC12AA106B ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
22:27:46.0547 0x1f1c  usbprint - ok
22:27:46.0594 0x1f1c  [ 1D714B8497CD68307806D5D3F60A5169, 1914D92ECE39995168E3C8F5A7694B7A94954DB299410A2781D1321C8E60C3D9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
22:27:46.0595 0x1f1c  usbscan - ok
22:27:46.0673 0x1f1c  [ BE3DA31C191BC222D9AD503C5224F2AD, 201FB0FDBF423342202686DC0D8A3221B7798AE04C04A649D3441C257C733CE8 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:27:46.0703 0x1f1c  USBSTOR - ok
22:27:46.0723 0x1f1c  [ 44056325428A8E4C755830426E29878F, 95F182047746D352B7DC2B22298D5E58738E1B787C110D1DE841C026FB8A67EB ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
22:27:46.0725 0x1f1c  usbuhci - ok
22:27:46.0786 0x1f1c  [ 73FF24E21B690625A58109637DDA0DF7, 62B1F9CD82678E2110D4BB5CC86EE8A7AB0757681443916620B6AAA1EF0DECEB ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
22:27:46.0792 0x1f1c  usbvideo - ok
22:27:46.0848 0x1f1c  [ 1509E705F3AC1D474C92454A5C2DD81F, 7F525921A3513224F8B093A16E19B4235B300349A14B0B86EE11B7473BA53337 ] UxSms           C:\Windows\System32\uxsms.dll
22:27:46.0853 0x1f1c  UxSms - ok
22:27:46.0952 0x1f1c  [ CD88D1B7776DC17A119049742EC07EB4, 6B68B9EDB8C6BCB2644F1F004D5743E928509D12107D996F390A24A72E0AA528 ] vds             C:\Windows\System32\vds.exe
22:27:47.0013 0x1f1c  vds - ok
22:27:47.0048 0x1f1c  [ 87B06E1F30B749A114F74622D013F8D4, 06C06EF87F7DC668D23B50AA5F419F62474ACF90E325E167491BF290286D6594 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
22:27:47.0049 0x1f1c  vga - ok
22:27:47.0107 0x1f1c  [ 2E93AC0A1D8C79D019DB6C51F036636C, 8B6F3B4EE90691A22788915AD0F99D8EE617750430A34E7CEB9AB4FB4E581755 ] VgaSave         C:\Windows\System32\drivers\vga.sys
22:27:47.0111 0x1f1c  VgaSave - ok
22:27:47.0148 0x1f1c  [ 5D7159DEF58A800D5781BA3A879627BC, 499A8E51FDE61AE0D7C1812D1E5B331211A36BD095A4992C629B93DE6D80F4E6 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
22:27:47.0161 0x1f1c  viaagp - ok
22:27:47.0188 0x1f1c  [ C4F3A691B5BAD343E6249BD8C2D45DEE, 19DE07AD6CD51036FA8A6B8EE82F34D7F5264FF3A12CBE6E52BD036D0303E319 ] ViaC7           C:\Windows\system32\drivers\viac7.sys
22:27:47.0193 0x1f1c  ViaC7 - ok
22:27:47.0221 0x1f1c  [ AADF5587A4063F52C2C3FED7887426FC, 0A74791A236FDAFCD045CFB79A159245B94F7C2033E0CD830C1B76F0F994E06D ] viaide          C:\Windows\system32\drivers\viaide.sys
22:27:47.0228 0x1f1c  viaide - ok
22:27:47.0264 0x1f1c  [ 69503668AC66C77C6CD7AF86FBDF8C43, 2CE407674A58313737073F02B9A617460BBA84B36C3A16D98AE5ED45279F5006 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
22:27:47.0271 0x1f1c  volmgr - ok
22:27:47.0391 0x1f1c  [ 23E41B834759917BFD6B9A0D625D0C28, 9F60992805262F936E8DA33610FDF60A191ECAFC08BBF657C8F9A21833C8EFC5 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
22:27:47.0458 0x1f1c  volmgrx - ok
22:27:47.0561 0x1f1c  [ 786DB5771F05EF300390399F626BF30A, 4A07BE5AEDBA4C15C2F9A91250F0488A0B0305C67BB7A037508D5CBF86D4E1B7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
22:27:47.0607 0x1f1c  volsnap - ok
22:27:47.0633 0x1f1c  [ 587253E09325E6BF226B299774B728A9, C9F46197819C2A095456393C518A9B00B59ECDC54F464D038AA7F8DCCDB93CCF ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
22:27:47.0660 0x1f1c  vsmraid - ok
22:27:47.0845 0x1f1c  [ DB3D19F850C6EB32BDCB9BC0836ACDDB, D81FF1CDA87A2FE83EFD5B3FE01EFF940952F8BAEE70BEA3B2F6EF30E2121704 ] VSS             C:\Windows\system32\vssvc.exe
22:27:48.0030 0x1f1c  VSS - ok
22:27:48.0098 0x1f1c  [ 96EA68B9EB310A69C25EBB0282B2B9DE, C76D3427F8A2953CB4D96BBA1523679CBE1BBF7FA821A35D2FBEB3E67AC6A10B ] W32Time         C:\Windows\system32\w32time.dll
22:27:48.0180 0x1f1c  W32Time - ok
22:27:48.0214 0x1f1c  [ 48DFEE8F1AF7C8235D4E626F0C4FE031, A41D05BC0DA3C476C32E0A4DAF015DF7BADF28A03CE236D5596885FF1772F148 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
22:27:48.0219 0x1f1c  WacomPen - ok
22:27:48.0259 0x1f1c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
22:27:48.0266 0x1f1c  Wanarp - ok
22:27:48.0274 0x1f1c  [ 55201897378CCA7AF8B5EFD874374A26, 350ADDCEFAA33E301027CFEA8DDE703F6FBD6E53624598CB2E7B671B9E48F7CC ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
22:27:48.0277 0x1f1c  Wanarpv6 - ok
22:27:48.0369 0x1f1c  [ A3CD60FD826381B49F03832590E069AF, 213C5DB5E5D828264286FD7548527566D6160CCA780BC6853B7B28CECF329674 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
22:27:48.0447 0x1f1c  wcncsvc - ok
22:27:48.0494 0x1f1c  [ 11BCB7AFCDD7AADACB5746F544D3A9C7, 0370E20FD12ED713F94E5CD76F068F7A7A5E7F42416DD2A8A41249020DA7DA31 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:27:48.0499 0x1f1c  WcsPlugInService - ok
22:27:48.0525 0x1f1c  [ 78FE9542363F297B18C027B2D7E7C07F, 6BC3ED2A48EF41E1EE597FD58271DB12256EC013518663331CD0FBCB3FC415EE ] Wd              C:\Windows\system32\drivers\wd.sys
22:27:48.0534 0x1f1c  Wd - ok
22:27:48.0629 0x1f1c  [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
22:27:48.0651 0x1f1c  Wdf01000 - ok
22:27:48.0686 0x1f1c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiServiceHost  C:\Windows\system32\wdi.dll
22:27:48.0694 0x1f1c  WdiServiceHost - ok
22:27:48.0712 0x1f1c  [ ABFC76B48BB6C96E3338D8943C5D93B5, B5B22D445724D58641A53276063A4AA2A98F07B93865C86E94661EB31BD63511 ] WdiSystemHost   C:\Windows\system32\wdi.dll
22:27:48.0718 0x1f1c  WdiSystemHost - ok
22:27:48.0765 0x1f1c  [ 04C37D8107320312FBAE09926103D5E2, 1C6726A9871CBACB240AFA93E57781515F01758D43693DDA395EA683D97234F0 ] WebClient       C:\Windows\System32\webclnt.dll
22:27:48.0773 0x1f1c  WebClient - ok
22:27:48.0815 0x1f1c  [ AE3736E7E8892241C23E4EBBB7453B60, 0F998116CC07CD719CB237EAE53BB16B2EDD6973828B9C1055EB981AEA0453D1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
22:27:48.0836 0x1f1c  Wecsvc - ok
22:27:48.0866 0x1f1c  [ 670FF720071ED741206D69BD995EA453, 4B96F5E3545F69AE9EBC75DC4AB27B87306D656EE526AE39E7EC7E2B6F83F7FD ] wercplsupport   C:\Windows\System32\wercplsupport.dll
22:27:48.0878 0x1f1c  wercplsupport - ok
22:27:48.0916 0x1f1c  [ 32B88481D3B326DA6DEB07B1D03481E7, 821FBAF147E525ED15EB9391B16A96C6D5464841258B11F277EFB57A3BD50E37 ] WerSvc          C:\Windows\System32\WerSvc.dll
22:27:48.0934 0x1f1c  WerSvc - ok
22:27:49.0058 0x1f1c  [ 4575AA12561C5648483403541D0D7F2B, 2DBB7904285F16E879E1662C4CC4DFAA420D5EB24DDFC4BAC0B7616F5F44649A ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
22:27:49.0082 0x1f1c  WinDefend - ok
22:27:49.0103 0x1f1c  WinHttpAutoProxySvc - ok
22:27:49.0240 0x1f1c  [ 6B2A1D0E80110E3D04E6863C6E62FD8A, EE8BC7C378993EFE90273764C83119EBF331768CD7B24DE949233C74A51306C2 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
22:27:49.0256 0x1f1c  Winmgmt - ok
22:27:49.0449 0x1f1c  [ 7CFE68BDC065E55AA5E8421607037511, C2CE76D52AD4E31FC4216E94457DC16ABF65A5F3E883F0BD97AD387FB7574533 ] WinRM           C:\Windows\system32\WsmSvc.dll
22:27:49.0575 0x1f1c  WinRM - ok
22:27:49.0690 0x1f1c  [ C008405E4FEEB069E30DA1D823910234, C392A7B5FEACB7D11A3A231C1AD65D533984E6E7429ECD3BFBF90A27E8DEB157 ] Wlansvc         C:\Windows\System32\wlansvc.dll
22:27:49.0705 0x1f1c  Wlansvc - ok
22:27:49.0734 0x1f1c  [ 2E7255D172DF0B8283CDFB7B433B864E, 60C786CF0EA4A29B309B9457F0496D5A0AF1F093FC2C5D88078865814B7DBBA3 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
22:27:49.0736 0x1f1c  WmiAcpi - ok
22:27:49.0779 0x1f1c  [ 43BE3875207DCB62A85C8C49970B66CC, 27169F2E8A30807794407DA8F80611E4287F940AAE2A1F00F547901872FB9703 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
22:27:49.0783 0x1f1c  wmiApSrv - ok
22:27:49.0930 0x1f1c  [ 3978704576A121A9204F8CC49A301A9B, 936CC13B90A183613BDA4081556C96D48CA415B5F65D61E18CB5F2E51EEBE59F ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
22:27:49.0945 0x1f1c  WMPNetworkSvc - ok
22:27:49.0976 0x1f1c  [ CFC5A04558F5070CEE3E3A7809F3FF52, 45899E04000E21C4E009BE8B6149F199A5B2E0512C657A525770BF9DBFED7D2B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
22:27:50.0003 0x1f1c  WPCSvc - ok
22:27:50.0067 0x1f1c  [ 801FBDB89D472B3C467EB112A0FC9246, C24053FA12732089384D3AF06C676FF201D282FC5AD56A42B6EE8BAED4379CB2 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
22:27:50.0080 0x1f1c  WPDBusEnum - ok
22:27:50.0136 0x1f1c  [ DE9D36F91A4DF3D911626643DEBF11EA, 8029ECE76E29276BFB6ED3387AC560A9A779AAF683A4416E96334FAF7BDBADA0 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
22:27:50.0145 0x1f1c  WpdUsb - ok
22:27:50.0358 0x1f1c  [ C108DC20ACE05072350DBB6934E277FB, 548E6ABE4C4ADE48260FFDC7BADFD1697972EA3AE94D6576498C8A183D8CE0C8 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:27:50.0373 0x1f1c  WPFFontCache_v0400 - ok
22:27:50.0434 0x1f1c  [ E3A3CB253C0EC2494D4A61F5E43A389C, 10BA8B102E31B961819E524FCA5FA817B588EC77FB26B4E176D0A5CFF11EDF79 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
22:27:50.0439 0x1f1c  ws2ifsl - ok
22:27:50.0501 0x1f1c  [ 1CA6C40261DDC0425987980D0CD2AAAB, 727C1E3A170316641F832A8D197EDA6D6EE1206E4ED7B741E5A4017B7F2F7B88 ] wscsvc          C:\Windows\system32\wscsvc.dll
22:27:50.0508 0x1f1c  wscsvc - ok
22:27:50.0512 0x1f1c  WSearch - ok
22:27:50.0929 0x1f1c  [ FC3EC24FCE372C89423E015A2AC1A31E, 8D028182CF83667D3E4D148979972D208FA6D9B8540EE47A0A7831B770ECD257 ] wuauserv        C:\Windows\system32\wuaueng.dll
22:27:51.0136 0x1f1c  wuauserv - ok
22:27:51.0194 0x1f1c  [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
22:27:51.0197 0x1f1c  WudfPf - ok
22:27:51.0214 0x1f1c  [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
22:27:51.0219 0x1f1c  WUDFRd - ok
22:27:51.0230 0x1f1c  [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
22:27:51.0234 0x1f1c  wudfsvc - ok
22:27:51.0243 0x1f1c  ================ Scan global ===============================
22:27:51.0304 0x1f1c  [ F31EEBC1A1C81FD04005489CC3DCDFE7, 098C35ACFCCE1686C5A6DB6057001CBF8B06A863A0802CB2E9D793F4795F8CEE ] C:\Windows\system32\basesrv.dll
22:27:51.0399 0x1f1c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
22:27:51.0424 0x1f1c  [ A508314231C49AEE86987CEA3EAECAD1, D29BCFA967C23C7264592576D62D95FA8C687E8662D19DCCC73653A9EFB6340D ] C:\Windows\system32\winsrv.dll
22:27:51.0537 0x1f1c  [ D4E6D91C1349B7BFB3599A6ADA56851B, 8748091BF27F05D28D45688E04DD9229A4B2E159209A64F457703F66A8CECE4D ] C:\Windows\system32\services.exe
22:27:51.0588 0x1f1c  [ Global ] - ok
22:27:51.0589 0x1f1c  ================ Scan MBR ==================================
22:27:51.0603 0x1f1c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
22:27:52.0586 0x1f1c  \Device\Harddisk0\DR0 - ok
22:27:52.0614 0x1f1c  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
22:27:52.0622 0x1f1c  \Device\Harddisk1\DR1 - ok
22:27:53.0038 0x1f1c  [ 8FF255184F078C9C04E6A2CE66117C5C ] \Device\Harddisk2\DR2
22:27:53.0045 0x1f1c  \Device\Harddisk2\DR2 - ok
22:27:53.0045 0x1f1c  ================ Scan VBR ==================================
22:27:53.0053 0x1f1c  [ 335BF55838ADFE86917369BC6211C17D ] \Device\Harddisk0\DR0\Partition1
22:27:53.0073 0x1f1c  \Device\Harddisk0\DR0\Partition1 - ok
22:27:53.0089 0x1f1c  [ CA25CE7BC32507E2CE42D99830B23D2C ] \Device\Harddisk0\DR0\Partition2
22:27:53.0111 0x1f1c  \Device\Harddisk0\DR0\Partition2 - ok
22:27:53.0114 0x1f1c  [ A3A26A7B07DB9AED2C2A337AD963985F ] \Device\Harddisk1\DR1\Partition1
22:27:53.0169 0x1f1c  \Device\Harddisk1\DR1\Partition1 - ok
22:27:53.0172 0x1f1c  [ E4247C46B4E571DDF605D7A7D0EEDFAD ] \Device\Harddisk2\DR2\Partition1
22:27:53.0187 0x1f1c  \Device\Harddisk2\DR2\Partition1 - ok
22:27:53.0188 0x1f1c  ================ Scan generic autorun ======================
22:27:53.0357 0x1f1c  [ 30D591EA7DC36C5657B86785DA2AFE9A, 5E04A8B05BD693BC71E563D7CB269F4C8C7D0D6C6E2017784FF59507929B9705 ] C:\Program Files\AVG\AVG2015\avgui.exe
22:27:53.0426 0x1f1c  AVG_UI - ok
22:27:53.0515 0x1f1c  [ 9E35FF7F943AE0FB89192BFE058B7FD4, 54712A4FA296AE28CF834F90B77B2EEB69020E3D5B5CF24674BD8DACA25195B9 ] C:\Program Files\Windows Sidebar\Sidebar.exe
22:27:53.0547 0x1f1c  Sidebar - ok
22:27:53.0588 0x1f1c  [ BF08674925F151BD4537B89A493E3E0C, 6A97562E998A2B90649FF7986313AD33823053FF98BBE163AD39AAA5E01FC545 ] C:\Windows\ehome\ehTray.exe
22:27:53.0592 0x1f1c  ehTray.exe - ok
22:27:53.0593 0x1f1c  Waiting for KSN requests completion. In queue: 315
22:27:54.0593 0x1f1c  Waiting for KSN requests completion. In queue: 315
22:27:55.0593 0x1f1c  Waiting for KSN requests completion. In queue: 315
22:27:56.0611 0x1f1c  AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files\AVG\AVG2015\avgwsc.exe ( 15.0.0.5751 ), 0x42000 ( disabled : updated )
22:27:56.0617 0x1f1c  Win FW state via NFP2: enabled
22:27:59.0122 0x1f1c  ============================================================
22:27:59.0122 0x1f1c  Scan finished
22:27:59.0122 0x1f1c  ============================================================
22:27:59.0130 0x276c  Detected object count: 0
22:27:59.0130 0x276c  Actual detected object count: 0
22:28:38.0743 0x2638  Deinitialize success
 
 
===========================
aswMBR report
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2015-03-09 22:30:28
-----------------------------
22:30:28.044    OS Version: Windows 6.0.6002 Service Pack 2
22:30:28.045    Number of processors: 2 586 0x170A
22:30:28.045    ComputerName: GRAYGHOST  UserName: Matt
22:30:29.571    Initialize success
22:30:29.604    VM: initialized successfully
22:30:29.606    VM: Intel CPU virtualization not supported 
22:32:22.623    AVAST engine defs: 15030901
22:32:52.054    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-1
22:32:52.057    Disk 0 Vendor: ST3500620AS DE13 Size: 476940MB BusType: 3
22:32:52.061    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2
22:32:52.064    Disk 1 Vendor: WDC_WD10EZEX-00BN5A0 01.01A01 Size: 953869MB BusType: 3
22:32:52.305    Disk 0 MBR read successfully
22:32:52.310    Disk 0 MBR scan
22:32:52.326    Disk 0 Windows VISTA default MBR code
22:32:52.331    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       62 MB offset 63
22:32:52.346    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15360 MB offset 129024
22:32:52.365    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       461516 MB offset 31586304
22:32:52.374    Disk 0 scanning sectors +976771072
22:32:52.709    Disk 0 scanning C:\Windows\system32\drivers
22:33:10.625    Service scanning
22:33:33.101    Modules scanning
22:33:33.107    Disk 0 trace - called modules:
22:33:33.172    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys 
22:33:33.178    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87580730]
22:33:33.183    3 CLASSPNP.SYS[8c1a48b3] -> nt!IofCallDriver -> [0x868f7318]
22:33:33.189    5 acpi.sys[83a9f6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-1[0x85b5eb98]
22:33:35.834    AVAST engine scan C:\Windows
22:33:40.488    AVAST engine scan C:\Windows\system32
22:37:40.950    AVAST engine scan C:\Windows\system32\drivers
22:38:04.020    AVAST engine scan C:\Users\Matt
01:46:28.806    AVAST engine scan C:\ProgramData
02:02:06.789    Disk 0 statistics 4637598/0/0 @ 0.20 MB/s
02:02:06.800    Scan finished successfully
07:25:01.007    Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
07:25:01.013    The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"
 
 


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 PM

Posted 10 March 2015 - 09:14 AM

That all looks fine. Please do this.

===================================================

HijackThis

--------------------
  • Download HijackThis and save it to your desktop
  • Double click the HijackThis icon, then select Run
  • If prompted select I Accept
  • Click on Do a system scan and save a logfile
  • Note: Ignore any warning regarding the Hosts file
  • A report will be generated and will appear on your desktop as an open Notepad document
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • HJT log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 10 March 2015 - 07:37 PM

Here you go.

 

==========================

Hijackthis log

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:04 PM, on 3/10/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16609)
 
FIREFOX: 35.0.1 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG2015\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\MDM.EXE
C:\Windows\Explorer.exe
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
C:\Users\Matt\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - Global Startup: AutoStart IR.lnk.disabled
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\TVServer\HAUPPA~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: RalinkRegistryWriter - Ralink Technology, Corp. - C:\Program Files\Tenda\Common\RaRegistry.exe
O23 - Service: RaMediaServer - Unknown owner - C:\Program Files\Tenda\Common\RaMediaServer.exe
 
--
End of file - 5615 bytes


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,044 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:29 PM

Posted 10 March 2015 - 07:54 PM

Thank you. Can you provide an update about your computer behavior?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 neonkiwi05

neonkiwi05
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:29 AM

Posted 12 March 2015 - 09:37 PM

Gary,

 

Thank you for the all the help, the machine is running better. However, I'm still having issues with IE and fonts when I'm online - regardless of browsers. So I'm going to go ahead and load a new OEM Win7 and add a new SSD to this machine and start new. I've moved over all my files to a new HD and a secondary HD for redundancy. Now I have plans for the weekend. :smash:

 

Again, Thank you.

 

Matt






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users